Funding Amount: 
2015-01-01 to 2017-12-31
Atos Spain

The advent of outsourced and distributed processing environments like cloud prompts fundamental transformations in whole ICT ecosystems, while bringing new opportunities to stakeholders in the availability and rational use of physical resources with large-scale savings in IT investments. Conversely, it also poses new security challenges especially for ensuring robust protection of privacy and integrity of personal information, which are a fundamental part of the societal acceptance of new ICT schemes, services and solutions.

In this context, the WITDOM project focuses on developing innovative solutions for truly efficient and practical privacy enhancing techniques and efficient signal and data processing in the encrypted domain for the increasingly demanded outsourced environments. The project pursues to produce a framework for end-to-end protection of data in untrusted and fast evolving ICT-based environments, with focus in data-outsourcing scenarios, new threats, vulnerabilities and risks, which require end-to-end security solutions that will withstand progress for the lifetime of applications they support.

Value Proposition: 

WITDOM aims at producing a novel framework for a quantitative evaluation of end-to-end security and privacy, to guarantee an efficient and verifiable provision of privacy in the context of ICT services owned by third-party providers of distributed processing and storage, thereby maximizing independence from stated security and privacy commitments by respective providers, and minimizing the current need of blind trust from the clients, solely based on written consents.

This framework shall use security-and-privacy-by-design methodologies, and advance the state of the art in effective protection of personal & sensitive data in the following areas:

  • Privacy enhancing techniques, perturbation mechanisms and privacy metrics
  • Cryptographic privacy techniques supporting encrypted processing
  • Cryptographic techniques for integrity and verifiability of outsourced processes
  • European legal landscape

WITDOM delivers the following products according to three different levels:

  • General Level: The WITDOM framework, aligned with concurrent projects and advancing the SoTA, and the WITDOM E2E framework acknowledges the following aspects:
    • Driven by Privacy by Design principles, holistic, E2E privacy / security time-resistant, efficient solutions & guarantees.
    • Methods to quantify information leaked to achieve sufficient & adequate privacy levels.
    • New trustworthiness-enhanced business models for exploitation, leading to reduce the need for trust in third parties.
  • Practical Level: WITDOM platform based on a global SOA architecture.
  • Implementation Level: toolkit and prototypes for the project scenarios, aiming at achieving a technology readiness level (TRL) 4-5.
Business Impact: 

WITDOM’s innovations deals with the instantiation of the developed framework, platform and tools in two carefully chosen use-case scenarios, whose impact and sensitivity of the involved data make privacy a must, and where privacy and confidentiality constraints are a true barrier for profiting from the benefits of outsourced architectures and Cloud-based deployments.

The first use-case scenario is a health scenario based on outsourcing genetic data processes and workflows for large research analyses and individual clinical analyses. Genetic data is extremely sensitive, and genomic privacy has become a hot topic for research and innovation, to which WITDOM contributes by focusing on solutions for outsourced processing of genetic data dealing with secure sequence alignment and secure annotation, also providing end-users with secure outsourced backup functionalities with integrity and consistency guarantees.

The second scenario deals with outsourced financial analyses both customers’ data and finance data, to enable risk calculations, fraud detection and forecasting operations deployed.

A key aspect of WITDOM innovations is built upon a legal assessment and validation of the recently reformed (May 2016) European Data Protection Regulation, linking legal and ethical requirements with technological means to guarantee their enforcement.