by Andreas Abraham (Graz University of Technology), Juan Carlos Perez Braun (Atos Spain S.A.), and Sebastian Ramacher (AIT Austrian Institute of Technology)
The EU Horizon 2020 KRAKEN project is dedicated to building a trusted and secure personal data platform enabling exchange and analytics of personal data.
Data sharing platforms are facing several challenges in terms of security, privacy, trust, and regulatory compliance. To address these challenges, the KRAKEN (brokerage and market platform for personal data) project [L1,L3] aims to develop a trusted and secure personal data platform, with the state-of-the-art privacy aware analytics methods, which guarantees metadata privacy and query privacy, empowering citizens to control their personal data, including sensitive data, and motivate users to share this kind of data.
KRAKEN provides a highly trusted, secure, scalable and efficient personal data sharing and analysis platform that relies on self-sovereign identity services and cryptographic tools to cover the security, privacy and user control of data. As part of the project, we are also investigating data processing mechanisms within the encrypted domain with the aim of increasing security, privacy, functionality and scalability for boosting trust.
KRAKEN is based on three main pillars:
- The self-sovereign identity paradigm providing a decentralised user-centric approach to personal data sharing. KRAKEN is returning control of personal data back into the hands of data subjects and data providers. Its subsequent use is controlled by explicit user consent.
- KRAKEN will develop a set of analytics techniques based on advanced cryptographic tools that will permit privacy-preserving data analysis, end-to-end secure data sharing and confidentiality of privacy-sensitive data.
- A data marketplace will allow personal data to be shared in a preserving-privacy manner when artificial intelligence/machine learning analysis is performed. Additionally, to motivate the user to share their data, the developing of fair-trading protocols and incentive models is envisaged, establishing economic value and innovative business models for ‘personal data spaces’.
As personal and sensitive data are managed and shared, KRAKEN provides an ethical and legal framework to accomplish the General Data Protection Regulation [L2] and eIDAS compliance, following standards for compatibility and interoperability, and promoting best practices.
The health and education domains were selected to demonstrate how SSI and cryptographic technologies can improve the security and privacy of personal data, including sensitive data, when shared in a marketplace. The health scenario involves sensitive data such as biomedical and well-being data, which implies the use of powerful privacy-preserving techniques assuring the data are always protected. The education scenario involves personal data such as grades, courses or diplomas, which can be provided to a third party in a privacy-preserving way. In both cases, the use of SSI and cryptographic technologies ease the shared use of these data assuring the data are protected and the owner has the control over the use of the data. Finally, the aim is to generalise the KRAKEN experience to other economic domains (Figure 1).
Figure 1: The KRAKEN data marketplace provides opportunities for various data owners and stakeholders to exchange data and analytics for monetary compensation.
Computation platform
The core primitive leveraged by the platform is secure multi-party computation [1], which allows nodes to jointly perform a computation without each node learning the input data of the others. Data providers can decompose their data into fragments such that no single fragment contains any information about the original data. For each data item, each node is then granted access to one of the shares, and the nodes can jointly perform analytics, compute statistics, or answer queries from consumers, without learning the individual data provider's data, as long as a single node behaves honestly. In addition to secure multi-party computation, KRAKEN deploys further privacy-enhancing technologies, such as group signatures and zero-knowledge proofs to ensure that data consumers receive strong and undeniable cryptographic evidence about the correctness of the received results.
KRAKEN's design also allows data providers to apply fine-grained policies to their data that specify which computations may and may not be performed on their data. These policies are checked by the nodes before participating in any further computation, thereby avoiding potential misuse through unauthorised consumer requests. The result is a cryptographically secured and feature-rich market platform that achieves an unprecedented level of privacy for personal input data.
Self-sovereign identity
KRAKEN further utilises the recent self-sovereign identity technology to address the digital identity aspect of the project. Digital identities are required for users to identify and authenticate towards service providers. Digital identities are often based on central authorities where users do not have full control of their data. Self-sovereign identity systems tackle these issues by utilising technologies such as the distributed ledger technology to address the central authority.
KRAKEN will enhance the state-of-the-art of the self-sovereign identity technology for different aspects. One of these aspects is that KRAKEN will enable the privacy-preserving identity attribute showing [2]. This is especially relevant if a user wants to reveal only a subset of their identity attributes to service providers. Additionally, self-sovereign identity systems lack identity data with legal background, i.e., qualified identity data issued by trust service providers operating in traditional identity systems which do not support self-sovereign identity paradigms. Thus, KRAKEN will develop an efficient and privacy-preserving way to derive existing identity data into a self-sovereign identity-based system. Zero-knowledge proofs are utilised to achieve this and further elevate the level-of-assurance in the identity data used within the identity system.
The KRAKEN project has been running since December 2019 and is a 36-month project that receives funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No 871479. The project is coordinated by Atos and its consortium consists of ten partners from academia and industry from six different countries.
Links:
[L1] https://krakenh2020.eu/
[L2] https://eur-lex.europa.eu/eli/reg/2016/679/oj
[L3] https://cordis.europa.eu/project/id/871473
References:
[1] K. Karl, et al.: “Privacy-preserving Analytics for Data Markets using MPC2, in: Privacy and Identity Management 2020, Springer IFIP AICT 619 (to appear).
[2] A. Abraham, et al: “Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems”, ICICS 2019.
Please contact:
Sebastian Ramacher
AIT Austrian Institute of Technology, Vienna, Austria
