The New Privacy Emerging Standards for Cloud-Based Security A COLLABORATION BETWEEN WESTERN SYDNEY UNIVERSITY 1 AND DIMENSION DATA AUSTRALIA 2 (original) (raw)
Related papers
The New Privacy: Emerging Standards for Cloud-Based Security
2019
From consumer hard drives and enterprise servers, data is migrating to the cloud. Driven by lower costs of ownership, elastic on-demand services, improved interoperability and the insights produced through machine learning, cloud-based computing synthesises the best of previous mainframe and personal computing paradigms. However the cloud—and the valuable data it houses—is also vulnerable. Breaches, data leaks and linkage attacks are widespread, often bypassing existing security safeguards. In this contested environment, privacy attains a new primacy—a critical issue for customers and a currency of trust for business. New technologies are emerging to address privacy in the cloud. This whitepaper surveys four approaches: blockchains, differential privacy, multiparty computation (MPC) and fully homomorphic encryption (FHE). While blockchains and differential privacy are relatively mature and well understood, MPC and FHE have been, until recently, obscure topics of academic research.
Clouded data: Privacy and the promise of encryption
Big Data & Society, 2019
Personal data is highly vulnerable to security exploits, spurring moves to lock it down through encryption, to cryptographically 'cloud' it. But personal data is also highly valuable to corporations and states, triggering moves to unlock its insights by relocating it in the cloud. We characterise this twinned condition as 'clouded data'. Clouded data constructs a political and technological notion of privacy that operates through the intersection of corporate power, computational resources and the ability to obfuscate, gain insights from and valorise a dependency between public and private. First, we survey prominent clouded data approaches (blockchain, multiparty computation, differential privacy, and homomorphic encryption), suggesting their particular affordances produce distinctive versions of privacy. Next, we perform two notional code-based experiments using synthetic datasets. In the field of health, we submit a patient's blood pressure to a notional cloud-based diagnostics service; in education, we construct a student survey that enables aggregate reporting without individual identification. We argue that these technical affordances legitimate new political claims to capture and commodify personal data. The final section broadens the discussion to consider the political force of clouded data and its reconstitution of traditional notions such as the public and the private.
Medical Data Analytics in the Cloud Using Homomorphic Encryption
means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark.
Polymorphic Encryption and Pseudonymisation for Personalised Healthcare: A Whitepaper
2016
Polymorphic encryption and Pseudonymisation, abbreviated as PEP, form a novel approach for the management of sensitive personal data, especially in health care. Traditional encryption is rather rigid: once encrypted, only one key can be used to decrypt the data. This rigidity is becoming an every greater problem in the context of big data analytics, where different parties who wish to investigate part of an encrypted data set all need the one key for decryption. Polymorphic encryption is a new cryptographic technique that solves these problems. Together with the associated technique of polymorphic pseudonymisation new security and privacy guarantees can be given which are essential in areas such as (personalised) healthcare, medical data collection via self-measurement apps, and more generally in privacy-friendly identity management and data analytics. The key ideas of polymorphic encryption are: 1. Directly after generation, data can be encrypted in a 'polymorphic' manner and stored at a (cloud) storage facility in such a way that the storage provider cannot get access. Crucially, there is no need to a priori fix who gets to see the data, so that the data can immediately be protected. For instance a PEP-enabled self-measurement device will store all its measurement data in polymorphically encrypted form in a back-end data base. 2. Later on it can be decided who can decrypt the data. This decision will be made on the basis of a policy, in which the data subject should play a key role. The user of the PEP-enabled device can, for instance, decide that doctors X, Y, Z may at some stage decrypt to use the data in their diagnosis, or medical researcher groups A, B, C may use it for their investigations, or third parties U, V, W may use it for additional services, etc. 1.1. The rigidity of traditional encryption 4 1.1. The rigidity of traditional encryption 4 1.1. The rigidity of traditional encryption 4
2015
Abstract: Mobile health (mHealth) monitoring using Cloud as SAAS, which applies the common mobile communications and cloud computing technologies to provide feedback decision support, which has been considered as a revolutionary approach to improve the quality of healthcare service while lowering the healthcare cost. Well, unfortunately it also poses a serious risk on clients / mobile users privacy and intellectual property of monitoring service providers, which could prevent the wide adoption of mHealth technology. This project is to address privacy as an important problem and design Mobile Health Monitoring with Privacy Preserving using Cloud to protect the privacy of the involved parties and their data. Moreover, the outsourcing decryption technique and a newly- proposed key private proxy re-encryption are adapted to shift the computational complexity of the involved parties to the cloud without compromising clients privacy and service providers intellectual property. Finally, ou...
The Effectiveness of Homomorphic Encryption in Protecting Data Privacy.
International Journal of Research Publication and Reviews, Vol 5, no 11, pp 3235-3256 , 2024
As the use of digital services grows, protecting the privacy and integrity of sensitive data, especially in fields like healthcare, finance, and secure surveying, has become a critical concern. Homomorphic encryption (HE) offers a solution by allowing computations to be performed on encrypted data without revealing the original information. This paper examines the principles of homomorphic encryption and its applications in privacy-preserving tasks, focusing on its use in cloud computing, healthcare, and cybersecurity. Various types of HE schemes, including Fully Homomorphic Encryption (FHE), Partially Homomorphic Encryption (PHE), and Somewhat Homomorphic Encryption (SHE), are reviewed to assess their performance, efficiency, and real-world use. The paper also discusses the challenges of implementing HE, such as computational overhead and key management. It suggests directions for future research to improve the scalability and usability of HE in real-time applications. Addressing these challenges will make homomorphic encryption an essential tool for secure, privacy-preserving data processing and sharing in modern digital systems
Assessment of Cloud-based Health Monitoring using Homomorphic Encryption
Current financial and regulatory pressure has provided strong incentives to institute better disease prevention, improved patient monitoring, and push U.S. healthcare into the digital era. This transition requires that data privacy be ensured for digital health data in three distinct phases: I. acquisition, II. storage, and III. computation. Each phase comes with unique challenges in terms of proper implementation and privacy.
Survey Paper on Applying Privacy to Healthcare Data Using Cloud
2015
Mobile health (mHealth) monitoring using Cloud as SAAS, which applies the common mobile communications and cloud computing technologies to provide feedback decision support, which has been considered as a revolutionary approach to improve the quality of healthcare service while lowering the healthcare cost. Well, unfortunately it also poses a serious risk on clients/ mobile users privacy and intellectual property of monitoring service providers, which could prevent the wide adoption of mHealth technology. This project is to address privacy as an important problem and design Mobile Health Monitoring with Privacy Preserving using Cloud to protect the privacy of the involved parties and their data. Moreover, the outsourcing decryption technique and a newlyproposed key private proxy re-encryption are adapted to shift the computational complexity of the involved parties to the cloud without compromising clients privacy and service providers intellectual property. Finally, our security an...
Utilizing Homomorphic Encryption to Implement Secure and Private Medical Cloud Computing
With a large number of commercially-available noninvasive health monitoring sensors today, remote health monitoring of patients in their homes is becoming widespread. In remote health monitoring, acquired sensory data is transferred into a private or public cloud for storage and processing. While simple encryption techniques can assure data privacy in the case of private clouds, ensuring data privacy becomes a lot more challenging when a public cloud (e.g., Amazon EC2) is used to store and process data. We present an approach that eliminates data privacy concerns in the public cloud scenario, by utilizing an emerging encryption technique called Fully Homomorphic Encryption (FHE). The ability of FHE to allow computations without actually observing the data itself makes it an attractive option for certain medical applications. In this paper, we use cardiac health monitoring for our feasibility assessment and demonstrate the advantages and challenges of our approach by utilizing a well-established FHE library called HElib.
On Protecting Privacy in the Cloud
2015
Cloud computing has now emerged as popular computing paradigm for data storage and computation for enterprises and individuals. Its major characteristics include the pay-per-use pricing model, where users pay only for the resources they consume with no upfront cost for hardware/software infrastructures, and the capability of providing scalable and unlimited storage and computation resources to meet changing business needs of enterprises with minimal management overhead [1]. The cloud, however, presents a major limitation to enterprises and individuals who move to public clouds: they lose control over the systems that manage their data and applications, leading to increased security and privacy concerns [2,3,4].