SPHINX and Homomorphic Encryption

With the ever-increasing number of privacy breech incidences such as that of TalkTalk, Equifax and British Airways in 2015, 2017 and 2018 respectively, the impact awareness of personal information exploitation by malicious activist is at its peak. Keeping this into consideration and foreseeing the increasing impact of information privacy loss, authorities came up with a meticulous privacy policy across the European Union referred to as the General Data Protection Regulation (GDPR). The GDPR limits the ways in which information can be processed and clearly establishes six lawful ways of processing personal data. These are referred to as: Consent, Contract, Legal Obligation, Vital interests, Public task and Legitimate interests. Alongside these lawful ways, the GDPR dictates that every data processor should take extra care with information such as race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life and/or sexual orientation which is placed under a special data category due to its importance.
The GDPR has hugely benefitted everyone from streamlining the ways in which personal data is being processed but despite the efforts, personal information loss is still at large one of the biggest threats of the current time. This threat emerges from the fact that key organizations and institutions handling such personal data do not have the capability of ensuring complete GDPR compliance and even if they have such capabilities, the number of involved entities that have access to personal information is way too large. One such key institution is the hospitals that one visits every now and then. These hospitals hold data labelled under the special category in the GDPR and they hold this with proper consent of the data owner. This gives them lawful basis of handling personal data. At the same time, the outdated infrastructure and the wide variety of devices being handled by the hospital staff increases the eminent danger. In order to address this issue and to provide a thorough solution, the European Commission funded the SPHINX project which is a universal cyber security toolkit for health-care industry.

SPHINX and Homomorphic Encryption
The SPHINX project aims at providing a detailed solution for that would enhance cyber security for health care IT ecosystems and would ensure patient data privacy and confidentiality. The SPHINX project would provide a zero-touch device and service verification toolkit that could easily be incorporated into the existing systems. The toolkit would provide hospitals the flexibility of selecting the right set of security features needed for their system, thus acting as a pool of multiple security solutions for different part of the data management and handling stream. Among these streams, a key component is the Homomorphic Encryption (HE) based searchable encryption tool.
The HE tool acts as a backbone when it comes to providing data security/confidentiality. It encrypts the patient's data, stores it in the designated storage location and then allows the data owner to search in the encrypted domain. This storage location can either be an external cloud repository or a local storage facility inside the hospital's premises.

Conventional Approach
In the conventional approach, if one decides to use encrypted data storage they do so at the cost of heavy and time-consuming search operations. In case something needs to be searched for, the analyst downloads the whole dataset, decrypts it and then searches in the plain text. Once the search is done, he encrypts the whole dataset and pushes it back. This becomes computationally expensive as the size of the dataset increases and the time it takes to process all the files increases linearly with the size of the data, given that the search can be performed in linear time. Searchable encryption has been proposed in the past with the limitation of generating an index with the encrypted file. An index represents the keywords and the file that they are contained in. The limitation here is the again the generation of an index table and its repopulation every time a new keyword is added or a new file needs to be added to the dataset, thus making this solution infeasible.

The Homomorphic Encryption
The HE tool eliminates the need for downloading a complete dataset or the generation of an index for the purpose of search. It allows the data analyst to search in the encrypted domain and also provides the flexibility to relay search rights to different analysts. This tool eliminates a number of issues faced by the hospital. The data collector, upon obtaining the consent of the user, gathers personal information and then encrypts it. This encrypted data is then stored onto the storage location. After encryption has taken place (which is the first step after collection), only entities with the encryption key can actually decrypted and make use of the dataset, thus eliminating multiple security and privacy violation incidences. Once something needs to be searched, the data collector with the right encryption key can search on the database and then retrieve the files that contain the desired content. An added advantage of the HE tool is that, the entity managing the storage location processes all search queries but is unaware of the search query itself. Moreover, the entity requesting the search can only get a limited set of responses. A search response can only contain a 'True' or a 'False' response, meaning that if the keyword exists, the search initiator would get a true response with the file identifiers but if the search query does not exist, no information would be revealed about the stored dataset. This provides a double-sided blinded search capability, thus maintaining the integrity of the dataset.

Data Flow
The HE tool consists of two main components where one runs on the client and the other runs on the storage location.

With every new patient registering with the hospital, the authorities generate a random seed value which is sent to the Master Key Generator for the generation of a public and private key (Pk,Sk) pair. The data generator then encrypts the data with the help of his private key and sends the encrypted data to the healthcare database. When something needs to be searched for in the database, a trapdoor is generated which is sent to the database. The database executes the trapdoor (also known as search query) and sends a search response. This response contains the true/false response where in case of a true response it also contains the name of the file that contains the requested search query. Once the client/user has this response, the desired file can be downloaded and then decrypted at the client part.
The HE tool complements the rest of the SPHINX tool in maintaining the privacy and security of the highly sensitive healthcare data managed by the hospitals and thus provide a state-of-the-art solution for these institutions.

Date: 14/10/2019