Anonymity and Authentication in Large Databases
EIT Digital - Industrial PhD position proposal
Big data has become a research hotspot in both academic and industrial areas. It is a revolution of transforming people’s ways of thinking, habits of working even the structure of society. However, big data is facing with many risks in the processes of collection, storage and use. Among of all these risks, it is obvious that the privacy and information leakage is one of the most serious issues.
The basic research directions will be anonymous data technology, identification authentication based on big data and data authenticity analysis. The main cryptographic tools to apply will be secret sharing and attribute-based cryptography.
Due to the informatization of society, data shows an explosive growth. According to statistics, there is an average of 2 million users use google search every second, more than 2 billion posts are shared by Facebook, and more than 350 million Twitters are processed every day. At the same time, IoT (the Internet of Things) makes a variety of deception and induction equipment generate data constantly. At present, after could computing, big data has become another growth point in the field of information technology. Data is becoming increasingly big but not only vertically but horizontally as well i.e. variety. Because data is big – the importance of proper data governance is sky rocketing.
Security and privacy is regarded as one of the most serious issues. All of our behaviours are controlled by network service providers. For example, Amazon knows our spending habits, google knows our search habits while Facebook knows everything about our contact information with our friends. On the other health care data is even more critical by its true nature e.g. OMICS (e.g. genomics data, proteomics data etc.) data is determining for multiple generations of an individual how past and future is or will be interpreted related to anything. Genomics combined with other healthcare data reveals hidden wisdom about our individual future, risks and potential health-opportunities. All of these practical cases show that after large quantities of harmless data are collected, it will reveal personal privacy, and the future is a complex balancing act between usability-flexibility-practicality and privacy, short term gain vs long term loss, adverse effects of lousy data governance/losing control or ability re-gain control.
Big data also faces security risks in the process of storage, processing and transmission. Service providers are both producers of data and management of data. Therefore, it is extremely difficult to restrict by technical means.
In order to improve the security of big data, the following cryptographic tools will be used for the future work as two main building blocks in secure distributed system:
1. Secret sharing: it is a cryptographic method for distributing a secret to multi-parties, each of whom only takes a part of the secret. With this technique, we can build a secure, privacy-preserving system during data sharing and computation. It can solve the problem of ensuring the data is secured in sharing and computation. An interesting special case is the k-threshold case, which can be useful in k-anonymity. During the research all the GDPR-aspects must be taken into account (see Regulation (EU) 2016/679).
2. Attribute-based cryptography: it is an encryption method in which the private key is used to decrypt data dependent on users’ attributes. There are mainly two types of encryption: key-policy attribute-based and ciphertext-policy attribute-based. It avoids the disadvantage of traditional public key encryption of bonding the identity with public key. This cryptographic technology provides a much more flexible way to encrypt and decrypt. This novel tool is a possible solution for sophisticated authentication models, like behaviour or environment based authentication. Both attribute-based encryption (for selective attribute queries) and attribute-based signature may be interesting. For the latter one it is recommended to analyse operation and cryptographic techniques of IRMA-card (see I Reveal My Attributes), which uses attribute-based signatures).
E-Group expects a strong day-to-day collaboration which is enabling E-Group to access the latest research trends and applicable results to new, cutting edge software components that can fit into our main business lines, both in digital identity/attribute and digital transactions and Datalake related data sharing and digital consenting (to access personal data) problematics, especially in highly sensitive healthcare data, financial or e-government related use cases. E-Group hopes that the theoretical PhD work with practical edge to it, collaborating with E-Group experts and building into the PhD industry end-user influence from our customers’ demands will enable the candidate and E-Group to implement and utilise “low hanging fruits” from the theoretical work, ideally bringing new products or services to the market. Equally important that our Industry PhD candidate has a secondary role too: namely to catalyse our experts and specialist with new knowledge and latest scientific results that are not only new but realistically applicable to unsolved yet very important problems.
As an industrial doctoral student, you will reside in the EIT Digital Doctoral Training Centre in Budapest and share your time with the premises of E-Group ICT Budapest and the Eötvös Loránd University, Faculty of Informatics. A 3-6-month mobility to another European university or research institution will be also part of the programme.
Industrial partner: E-Group ICT, Budapest
Academic/research partner: Eötvös Loránd University, Faculty of Informatics
Number of available PhD positions: 1
Duration: 4 years
This PhD will be funded by EIT Digital, Eötvös Loránd University, Faculty of Informatics, and E-Group ICT Budapest
Applications, consisting of a CV, a motivation letter, and documents showing your academic track records, should be submitted to EIT Digital Doctoral School Office at firstname.lastname@example.org.
Please apply before 20 October 2019.
Interviews will be scheduled during the week of 21-25 October 2019.