Witdom guarantees data privacy, security and integrity in the cloud


This is a European public-private research focused on the protection of sensitive data in the cloud

The project, financed with almost 4 million euros, finishes this year

In January 2015, with more than 4 million euros of funding Witdom project, empoWering prIvacy and securiTy in non-trusteD envirOnMents started, focused in the secure data processing in the cloud. European Commission contributed about 2.8M€ in the context of the H2020 program.

WITDOM was born in order to design the mechanisms to ensure that users’ data are always protected and not even the cloud provider knows them. The international consortium coordinated by the digital services company Atos España, with the participation of seven European partners, including the University of Vigo (with Gradiant as third party), faces the final stretch of the project, which will focus on demonstrating the progress and results achieved so far, producing a reference implementation that will be demonstrated with two pilots in the areas of private processing of genomic data and secure outsourcing of financial services.

Lilian Adkinson, senior researcher at Gradiant, explains that Witdom “enables deploying services that process sensitive data securely and privately in the cloud”. The project consortium has developed a series of mechanisms, both cryptographic and non-cryptographic, that allow to protect security and privacy of sensitive data, such as data anonymization. In addition, “all the legal considerations of European data protection regulations have been taken into account”, Adkinson says.

Ensure data privacy and anonymity

From May 2018, the General Protection Data Regulation (GPDR) will be mandatory for the member countries of the European Union. This new directive imposes a series of restrictions on the collection, storage and processing of personal data, so companies and entities responsible for these data must ensure that they are complying with all the requirements required by law. In this context, “a project like WITDOM is a great help for companies and entities that manage personal data, since it offers a framework that protects this data through different mechanisms, taking into account not only technical requirements but also the legal aspects imposed by the GPDR”, points out Adkinson.

WITDOM project was born with the aim of offering solutions that guarantee the privacy, security and integrity of your data in the cloud. With just over 4 million euros in budget, the research developed at WITDOM has allowed the design of a framework for end-to-end protection of information in non-trusted environments, such as the cloud storage services currently offered by some Internet providers; and focuses mainly on two key scenarios, such as healthcare and financial services.

WITDOM has seven European partners, from universities to end users (hospitals and banks), and industrial representatives. Gradiant participates in this European initiative as an entity associated to the University of Vigo, contributing with our experience in the design and development of anonymization technologies and a cloud broker.

At this time, the project has designed both the methodology to identify privacy and security requirements, and WITDOM platform architecture, developing different technologies to protect data, such as secure signal processing, data masking, data anonymisation sensitive, homomorphic encryption techniques and outsourced data integrity check.

In this final phase of the project, the actions focus on validating technologies for pilot experiences applied to eHealth and financial sector. Specifically, in the financial scenario, the experts of Gradiant apply the techniques of anonymization to three specific cases: risk scoring, fraud detection and cashflow prediction. “In the three proposed use cases sensitive data processed demand high computational demands, so many entities outsource these processes in a public cloud. Our work is focused on developing the anonymization algorithms that allow us to protect the data before being sent to that public environment, where these three processes will be executed on the already anonymised data, guaranteeing their privacy” highlights Adkinson, expert in anonymization and privacy technologies.

Research and industry, hand in hand

Gradiant hosts the last consortium meeting of Witdom from 17th to 19th October. At present, “there are no other similar platforms on the market that allow to offer in a comprehensive, flexible and configurable way security and privacy guarantees such as those offered by WITDOM”, says Adkinson.