A Systematic Review on the Status and Progress of Homomorphic Encryption Technologies

With the emergence of big data and the continued growth in cloud computing applications, serious security and privacy concerns emerged. Consequently, several researchers and cybersecurity experts have embarked on a quest to extend data encryption to big data systems and cloud computing applications. As most cloud users turn to using public cloud services, confidentiality becomes and even more complicated issue. Cloud clients storing their data on a public cloud always seek solutions to confidentiality problem. Homomorphic encryption emerged as a possible solution where client’s data is encrypted on the cloud in a way that allows some search and manipulation operations without proper decryption. In this paper, we present a systematic review of research paper published in the field of homomorphic encryption. This paper uses PRISMA checklist alongside some items of Cochrane’s Quality Assessment to review studies retrieved from various resources. It was highly noticeable in the reviewed papers that security in big data and cloud computing has received most attention. Most papers suggested the use of homomorphic encryption although the thematic analysis has identified other potential concerns. Regarding the quality of the articles, 38% of the articles failed to meet three checklist items, including explicit statement of research objectives, procedure recognition and sources of funding used in the study. The review also presented compendium textual analysis of different homomorphic encryption algorithms, application areas, and areas of future developments. Results of the evaluation through PRISMA and the Cochrane tool showed that a majority of research articles discussed the potential use and application of Homomorphic Encryption as a solution to the growing demands of big data and absence of security and privacy mechanisms therein. This was evident from 26 of the total 59 articles that met the inclusion criteria. The term Homomorphic Encryption appeared 1802 times in the word cloud derived from the selected articles, which speaks of its potential to ensure security and privacy, while also preserving the CIA triad in the context of big data and cloud computing

Privacy in the Genomic Era

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward

Privacy-enhancing distributed protocol for data aggregation based on blockchain and homomorphic encryption

The recent increase in reported incidents of security breaches compromising users' privacy call into question the current centralized model in which third-parties collect and control massive amounts of personal data. Blockchain has demonstrated that trusted and auditable computing is possible using a decentralized network of peers accompanied by a public ledger. Furthermore, Homomorphic Encryption (HE) guarantees confidentiality not only on the computation but also on the transmission, and storage processes. The synergy between Blockchain and HE is rapidly increasing in the computing environment. This research proposes a privacy-enhancing distributed and secure protocol for data aggregation backboned by Blockchain and HE technologies. Blockchain acts as a distributed ledger which facilitates efficient data aggregation through a Smart Contract. On the top, HE will be used for data encryption allowing private aggregation operations. The theoretical description, potential applications, a suggested implementation and a performance analysis are presented to validate the proposed solution.This work has been partially supported by the Basque Country Government under the ELKARTEK program, project TRUSTIND (KK- 2020/00054). It has also been partially supported by the H2020 TERMINET project (GA 957406)

Cryptographic protocol for privacy-preserving integration of HAZOPs in modular process plants

Information which is contained in Hazard & Operability (HAZOP) studies is highly sensitive since it can reveal the vulnerabilities of a system and potential ways in which to bypass safeguards. Through the design of systems involving collaboration along a value chain, at some point this information is shared between several parties. In this paper, we propose a methodology for the secure exchange of safety information whilst preserving sensitive information for the application of modular Hazard & Operability (HAZOP) studies. We use homomorphic encryption in a workflow for the sharing of information between plant owners and operators as well as module vendors. We apply encryption to the risks from different modular HAZOPs (mHAZOPs), and combine and compare them without disclosing the risk level. Our contribution is a privacy-preserving protocol for mHAZOP comparison during the integration of modular process and equipment. We provide an exemplary implementation of the protocol and demonstrate the protocol’s privacy and correctness

Sociotechnical Safeguards for Genomic Data Privacy

Recent developments in a variety of sectors, including health care, research and the direct-to-consumer industry, have led to a dramatic increase in the amount of genomic data that are collected, used and shared. This state of affairs raises new and challenging concerns for personal privacy, both legally and technically. This Review appraises existing and emerging threats to genomic data privacy and discusses how well current legal frameworks and technical safeguards mitigate these concerns. It concludes with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the sharing of genetic information

Developing an infrastructure for secure patient summary exchange in the EU context: Lessons learned from the KONFIDO project

Background: The increase of healthcare digitalization comes along with potential information security risks. Thus, the EU H2020 KONFIDO project aimed to provide a toolkit supporting secure cross-border health data exchange. Methods: KONFIDO focused on the so-called “User Goals”, while also identifying barriers and facilitators regarding eHealth acceptance. Key user scenarios were elaborated both in terms of threat analysis and legal challenges. Moreover, KONFIDO developed a toolkit aiming to enhance the security of OpenNCP, the reference implementation framework. Results: The main project outcomes are highlighted and the “Lessons Learned,” the technical challenges and the EU context are detailed. Conclusions: The main “Lessons Learned” are summarized and a set of recommendations is provided, presenting the position of the KONFIDO consortium toward a robust EU-wide health data exchange infrastructure. To this end, the lack of infrastructure and technical capacity is highlighted, legal and policy challenges are identified and the need to focus on usability and semantic interoperability is emphasized. Regarding technical issues, an emphasis on transparent and standards-based development processes is recommended, especially for landmark software projects. Finally, promoting mentality change and knowledge dissemination is also identified as key step toward the development of secure cross-border health data exchange services