Keeping data such as health records secure for decades is a major challenge.
Researchers from the Collaborative Research Centre at the Technical University in Darmstadt (Germany) have developed a system that will ensure decades of safe storage for sensitive health data in a joint project with Japanese and Canadian partners. The system will go into trial operation in Japan in the coming weeks.
A major challenge are the technological developments that will occur over this extended time period, as these have an enormous impact on the security of existing cryptographic schemes. “All encryption methods used today will become insecure over the course of the next few years and decades”, explains Professor Johannes Buchmann at the Collaborative Research Centre. “The attackers’ computing power will increase and their attacks will improve. Therefore we can assume that all encrypted data will be compromised in 20 years if not sooner”.
Buchmann and his team have been working to prevent this since 2015, in cooperation with Japanese research institute NICT (National Institute of Information and Communications Technology). Together they collaborate on the project “LINCOS – Long-Term Integrity and Confidentiality Protection System”. In 2017, the Japanese hospital operator Kochi Health Science Center and the Canadian company ISARA joined the project. The LINCOS system is the first to combine information theoretic confidentiality protection with renewable integrity protection. This means that no matter what computing capacity and algorithms are available in the future, noone shall be able to access or modify the protected data.
The guarantee of long-term confidentiality is achieved through a technology called “secret sharing”. The original data set is distributed among several servers in such a way that the individual parts are meaningless. Only when a sufficient number of parts – known as “shares” – are combined, the original data set of the patient file can be reconstructed. If one of the servers is compromised, the captured share is of no use to the attacker. In addition, the distribution is renewed regularly. The integrity, i.e. ensuring that data have not been changed, is achieved by quantum computer-resistant signatures. But even if the scheme utilised is classified as uncertain in the longterm, the researchers have taken precautions: The signature schemes are exchanged regularly. Integrity protection is thereby seamlessly ensured.
Canadian company ISARA, the industrial partner of the project, protects the data during transfer between the hospital and the server operators with quantum computer-resistant encryption. This is the third component of the LINCOS system. In the future, the researchers want to add yet another level of security that they have already realised in prototype with the Japanese team: quantum key exchange. This procedure guarantees sustainable secure keys, since it is impossible for an attacker to intercept the key exchange. More than 65 scientists from cryptography, quantum physics, system security and software engineering work at the Centre, as well as a team in the quantum laboratory at TU Darmstadt.
“The sustainable protection of electronic health records is only one example of areas where sustainable security is urgently needed. In our digitised world, we produce an unimaginable amount of sensitive data every day, which must remain confidential and unchanged over a long period of time, for instance in the implementation of Industry 4.0 which is crucial to Germany as an industrial nation. Policymakers are called upon to ensure the guaranteed long-term protection of our data,” said Buchmann.