Keeping health data under lock and key
Researchers from the Collaborative Research Center CROSSING at Technische Universität Darmstadt (Germany) have developed a solution that will ensure decades of safe storage for sensitive health data in a joint project with Japanese and Canadian partners. An initial prototype was presented during a recent conference in Beijing, China. The system will go into trial operation in Japan in the coming weeks.
The introduction of an electronic patient record system has been discussed in Germany and internationally for quite some time. However, development is often thwarted by concerns regarding data security. Health data in particular – which due to the progress of modern medicine contains genome information more frequently than ever before – must be securely stored for a lifetime and or even multiple generations.
A major challenge are the technological developments that will occur over this extended time period, as these have an enormous impact on the security of existing cryptographic schemes. "All encryption methods used today will become insecure over the course of the next few years and decades," explains Professor Johannes Buchmann, spokesperson for the Collaborative Research Center CROSSING. "The attackers' computing power will increase and their attacks will improve. Therefore we can assume that all encrypted data will be compromised in 20 years if not sooner."
Long-term confidentiality through "secret sharing"
Buchmann and his team have been working to prevent this since 2015, in cooperation with Japanese research institute NICT (National Institute of Information and Communications Technology). Together they collaborate on the project "LINCOS – Long-Term Integrity and Confidentiality Protection System." In 2017, the Japanese hospital operator Kochi Health Science Center and the Canadian company ISARA joined the project. The LINCOS system is the first to combine information theoretic confidentiality protection with renewable integrity protection. This means that no matter what computing capacity and algorithms are available in the future, noone shall be able to access or modify the protected data.
The guarantee of long-term confidentiality is achieved through a technology called "secret sharing." The original data set is distributed among several servers in such a way that the individual parts are meaningless. Only when a sufficient number of parts – known as "shares" – are combined, the original data set of the patient file can be reconstructed. If one of the servers is compromised, the captured share is of no use to the attacker. In addition, the distribution is renewed regularly. The integrity, i.e. ensuring that data have not been changed, is achieved by quantum computer-resistant signatures. But even if the scheme utilised is classified as uncertain in the longterm, the researchers have taken precautions: The signature schemes are exchanged regularly. Integrity protection is thereby seamlessly ensured.
Sustainable protection is needed
The Canadian company ISARA, the industrial partner of the project, protects the data during transfer between the hospital and the server operators with quantum computer-resistant encryption. This is the third component of the LINCOS system. In the future, the researchers want to add yet another level of security that they have already realised in prototype with the Japanese team: quantum key exchange. This procedure guarantees sustainable secure keys, since it is impossible for an attacker to intercept the key exchange. The scientists at Collaborative Research Center CROSSING are even working on this research topic in their own quantum laboratory at TU Darmstadt.
"The sustainable protection of electronic health records is only one example of areas where sustainable security is urgently needed. In our digitised world, we produce an unimaginable amount of sensitive data every day, which must remain confidential and unchanged over a long period of time, for instance in the implementation of Industry 4.0 which is crucial to Germany as an industrial nation. Policymakers are called upon to ensure the guaranteed long-term protection of our data," appeals Buchmann.