Przejdź do treści

A secure way to share data 

 

“We have always have to remain critical and careful that we keep protecting our privacy” 
Niek Bouman - post-doctoral researcher ‘Secure Multiparty Computation’

 

At the European Big Data Value Forum 2019 in Helsinki, we interviewed Niek Bouman. He is a post-doctoral researcher focusing on secure multiparty computation at the Eindhoven University of Technology and involved in the "Scalable Oblivious Data Analytics" (SODA) project. This is an EU H2020-funded project that aims to enable privacy-preserving analytics of information from multiple data assets using multi-party computation techniques. These techniques allow multiple parties with private inputs to jointly compute data without revealing the input to each other.

Privacy concerns

Organisations generate a huge amount of data during their daily operations. Combining and analysing data from different sources is becoming increasingly important and offers great opportunities for value creation. Despite the promises of data sharing, many organisations are reluctant to share their data with others. One of the concerns around data sharing is the protection of personal and confidential data in general. In health care, for example, there is a huge potential in sharing the data that healthcare entities gather about their patients. At the same time, personal health information needs to be protected. Therefore, a technology is needed that allows for data sharing without compromising on privacy.

Particularly when the parties the data is shared between cannot be fully trusted, there are methods that enable computation over multiple datasets without the need to store the datasets on the same computer system or on the same network, where they would be more vulnerable to attack. One of these is multi party computation (MPC).

Secure multi party computation

MPC is a toolbox of cryptographic techniques that enable different parties to carry out joint computations on their input while no party can see the other parties’ data. This means that data from multiple providers can be analysed, without requiring them to share their data with anybody else. Computations are distributed across different data bases, which means that each server performs computations on its small part of the data, without disclosing the data. The distribution of data eliminates the need for a trusted third party to analyse the data. The participating parties determine who is allowed to view the outcome of the computations. 

Applying MPC in practice

Going back to the healthcare example. Analysing data that different healthcare entities gather about their patients can be of great value for medical research and can reveal patterns that cannot be found within the data owned by one single entity. With MPC, multiple parties can provide data, such as data about peoples’ age, lifestyles, health, diagnoses, and treatments. The data is split into separate pieces, encrypted, and computations are made on multiple servers. Participating healthcare entities only receive the output of computations, such as the average age of people diagnosed with a specific disease, while they cannot see each other’s data. Each party can contribute personal data to the analysis while being technically guaranteed that the data cannot be de-anonymised, decrypted, or used for any other purpose than the intended one.

Challenges of MPC

A challenge on the road to large scale application of MPC, is the current performance of the technology. Each computation needs to communicate with each participant in the network, which effects the speed of the computation. Applications build on MPC could therefore potentially have a lower speed than applications build on the cloud. A solution is to do pre-computations locally, e.g. run specific analyses on datasets on a single server, before running the multiple party computation. It is also expected that with better networks and computers, the performance of MPC will automatically increase.

The future of MPC

MPC is not new. It has evolved from a theoretical curiosity in the 1980's to a technique to build privacy-preserving applications today. According to Niek Bouman, it is now time to use the technology to transform how organisations handle sensitive data. The technology is ripe enough for commercialisation and can be used as a solution to real business problems. The SODA project uses the healthcare as a first use case and aims to apply MPC to protect people’s privacy while at the same time harvest the benefits of healthcare data. As a co-founder of Roseman Labs, Niek Bouman is also looking for business cases that can benefit from MPC to unlock the value of data. 

 

Name 

SODA project- Scalable Oblivious Data Analytics

Sector 

Any

Region 

European Union

Countries 

Any

Time 

2017 - ongoing

URL  

https://www.soda-project.eu/

Business model 

Any

Participants 

The SODA project is run by a consortium of: Philips Electronics Netherlands B.V., Eindhoven University of Technology, Aarhus University, The Alexandra Institute A/S, and Georg-August Universitaet Goettingen

Type of organisations 

Any

Data sharing model(s) 

Any

Core impact 

Building Big Data and Artificial Intelligence applications based on Secure Multiparty Computation (MPC)

Context 

SODA is an EU H2020-funded project that aims to tackle data protection and anonymisation issues. The project enables privacy-preserving analytics on Big Data with MPC.

SODA
Kredyt na zdjęcia:
(c) 2020 Support Centre for Data Sharing