Raising the visibility of protected data: A pilot data catalog project

Sharing research data that is protected for legal, regulatory, or contractual reasons can be challenging and current mechanisms for doing so may act as barriers to researchers and discourage data sharing. Additionally, the infrastructure commonly used for open data repositories does not easily support responsible sharing of protected data. This chapter presents a case study of an academic university library’s work to configure the existing institutional data repository to function as a data catalog. By engaging in this project, university librarians strive to enhance visibility and access to protected datasets produced at the institution and cultivate a data sharing culture

Compelled Production of Encrypted Data

There is a myth that shadowy and powerful government agencies can crack the encryption software that criminals use to protect computers filled with child pornography and stolen credit card numbers. The reality is that cheap or free encryption programs can place protected data beyond law enforcement\u27s reach. If courts seriously mean to protect the victims of Internet crime--all too often children--then Congress must adopt a legal mechanism to remedy the technological deficiency. To date, police and prosecutors have relied on subpoenas to either compel defendants to produce their password, or to decipher their protected data. This technique has been met with mixed success. A better solution would be to couple a subpoena for the deciphered data with a warrant that specifies what and how to search. If the defendant refuses to produce the deciphered data, he can be held in contempt. Where handing over protected data means the certainty of a lengthy prison sentence, some defendants will prefer contempt to compliance. Therefore, the court needs an additional legal mechanism to allow fact-finders to look into protected data. This Article proposes that when a defendant refuses to comply with a court order to produce deciphered data, the court should be able to issue a missing evidence instruction as a surrogate for actual inspection. If a warrant, a subpoena, and a contempt order cannot induce a defendant to decrypt his data, courts should issue an instruction that the fact-finder may presume that the missing data is incriminating

Building Confidential and Efficient Query Services in the Cloud with RASP Data Perturbation

With the wide deployment of public cloud computing infrastructures, using clouds to host data query services has become an appealing solution for the advantages on scalability and cost-saving. However, some data might be sensitive that the data owner does not want to move to the cloud unless the data confidentiality and query privacy are guaranteed. On the other hand, a secured query service should still provide efficient query processing and significantly reduce the in-house workload to fully realize the benefits of cloud computing. We propose the RASP data perturbation method to provide secure and efficient range query and kNN query services for protected data in the cloud. The RASP data perturbation method combines order preserving encryption, dimensionality expansion, random noise injection, and random projection, to provide strong resilience to attacks on the perturbed data and queries. It also preserves multidimensional ranges, which allows existing indexing techniques to be applied to speedup range query processing. The kNN-R algorithm is designed to work with the RASP range query algorithm to process the kNN queries. We have carefully analyzed the attacks on data and queries under a precisely defined threat model and realistic security assumptions. Extensive experiments have been conducted to show the advantages of this approach on efficiency and security.Comment: 18 pages, to appear in IEEE TKDE, accepted in December 201