The Homomorphic Encryption Engine Embedded in SPHINX Toolkit
Homomorphisms are maps between algebraic structures that allow the development of cryptographic techniques that, in turn, permit computations to be performed on encrypted data. This as a result helps maintain data confidentiality while it is being processed, thus enabling tasks to be performed when data is residing in untrusted environments. In the current age of heterogeneous networking, this is a highly valuable capability.
The Homomorphic Encryption (HE) developed for the SPHINX toolkit is based on a partial homomorphic encryption scheme. The RSA-based partial homomorphic encryption scheme allows one to create a searchable cipher, thus eliminating the need for any index generation. The component is built using this scheme and provides a multitude of features for the SPHINX solution. These include searching in the encrypted domain, allowing a double-sided blinded search capability and providing data anonymity.
The search in the encrypted domain capability allows one to search in the database that they have encrypted themselves. The encryption process makes use of two schemes, which include an AES encryption and an HE based searchable cipher creation. This duo helps reduce computational complexity and increases performance efficiency. The process of search in the encrypted domain is shown below:
The double-sided blinded process of the HE solution is a feature that offers entities the ability to encrypt their own datasets and then allows different entities to perform search operations on their data.
The data anonymisation module of the HE tool provides the SPHINX toolkit with the desired level of data anonymization. Data anonymization is key for ensuring data privacy. This is necessary to ensure compliance with the EU General Data Protection Regulation (GDPR). The procedure of data anonymisation is depicted in the following image:
HE consists of three interfaces, the dashboard, the client-side module and the healthcare database module. The healthcare database is also referred to as the cloud module. All these components are interlinked and have their own defined characteristics.
Dashboard – The dashboard acts as the control panel for the HE tool. SPHINX users interact with this dashboard for the purpose of performing encryption, decryption, search and data anonymization tasks. The dashboard is running off the client-side module and is a web-based tool. The web-based nature of the dashboard makes it operating system and device independent, so that anyone having access to a web browser can use the tool. The dashboard is accessible via the web.
Client – The Client module is the key component of the HE tool. This is where all the tasks are executed. The client module itself has two major components: the searchable encryption module and the data anonymization module.
Healthcare database – The healthcare database provides the right facility for the users to store information. Once data is encrypted all data is stored on this database. This is later used for search execution. When a user searches for some content, the trapdoor is sent to the database, where it is executed, and the response of the search is then returned to the client interface. This is later shared with the user through the dashboard. This database also executes the searches for the double-sided blinded process.
Homomorphic Encryption provides both security and privacy to the SPHINX solution. The tool makes use of partial homomorphic encryption techniques to allow user to search in the encrypted domain. This eliminates the need for downloading and decrypting all stored data and thus ensures security of the data.
With the help of this tool, healthcare professionals can store data in central repositories with increased security. The tool also provides the feature for searching in each other’s database, given that prior permission is already granted. Alongside this, the tool provides network traffic anonymization capability, which adds privacy to the network traffic data. A pseudo-anonymized version of the network traffic is returned to the user, with added capability of deanonymizing the data for later use.
In the following video, a presentation and a demo of the first version of the component is available:
More information about the Homomorphic Encryption engine can be found at Deliverable 4.6 that is publicly available here.