SPED: Secure Signal Processing in untrusted environments

Signal Processing in the Encrypted Domain is a novel discipline focused on the development of technologies that allow for the enhancement of privacy in signal processing applications, through the execution of operations directly on encrypted signals, with no access to their clear-text versions. Examples of application of these technologies are secure biometric recognition systems based on encrypted patterns, or secure systems for detecting genetic diseases on the patient’s encrypted DNA

https://www.gradiant.org/images/stories/20100312_pequeo.jpg

Thanks to the evolution of telecommunications, nowadays the information can flow through Internet instantaneously across the globe. This unquestionable technological leap has some drawbacks; in the last years, the coincidence of several key factors, such as the popularization of social networks and the creation of multiple web services that store and process personal data in environments out of the control of the data owner, has raised the issue of personal data privacy, and it has questioned the legality and morality of the use of such data by untrusted parties.

Although the legislation about personal data treatment differs from one state to another, the European directives that state the grounds in this area are relatively strict, requiring a high level of privacy protection for personal and sensitive data in virtually any context.

Within this social and legal framework, signal processing dealing with sensitive data, mainly biomedical and biometric signals, has been pushed towards an increase in its privacy requirements in order to deal with the posed new challenges; this represents the birth of Signal Processing in the Encrypted Domain (SPED) technologies.

The classical approach to protecting a sensitive or valuable signal is based solely on its encryption as soon as it is generated. Nevertheless, when that signal has to be processed, in the classical scenario it has to be decrypted first. Whenever this processing is performed within an untrusted environment (i.e., through a web service, a public Cloud…), signal privacy is violated.

SPED technologies, as a result of the joint efforts of the cryptographic community and signal processing community, establish encryption schemes and protocols for accessing the data that allow for the execution of operations directly on the encrypted signals, with no access to them in the clear. Hence, the application of SPED preserves users’ privacy even when their data are stored and processed in an untrusted environment.

Research in SPED has started recently; its theoretical grounds have been developed during the past few years, building upon cryptographic concepts like Secure Multiparty Computation or Secure Function Evaluation. However, SPED researchers have not left aside the practical approach given by the numerous applications of this technology, some of them being

  • Protection of biometric data in access control systems.
  • Privacy protection in videosurveillance systems.
  • Data mining on private databases.
  • Secure applications for telediagnosis/telemedicine.
  • Traceability of copyright infringements through private insertion of watermarks.
  • Cheat prevention in online gaming and voting.

There is still work to do in R&D tasks for SPED to be extensively applied in all these fields, but the already obtained results are very promising: currently, there are facial recognition systems based on SPED that employ encrypted versions of users’ faces for the verification process; on the other hand, SPED application has also made possible the design of a secure system for the detection, resilient to sequencing errors, of genetic diseases within a patient’s encrypted DNA; Gradiant’s personnel have coworked in its design. Gradiant has proven expertise in the analysis and development of SPED techniques, captured in numerous articles and communications to international scientific journals and conferences, and in the participation in projects about secure signal processing in untrusted environments (e.g. Cloud). Gradiant has also filed several international patents in the area of secure signal processing.