Groundbreaking Tech Offers Secure Sharing of Sensitive Data

This post is also available in: עברית (Hebrew)

A new technology aims to help the US Department of Homeland Security (DHS) allow sensitive data to be shared and analyzed while it remains fully encrypted. Galois has been awarded a two-year, $800K contract by the DHS Science and Technology Directorate (S&T) to develop the Framework for Information Disclosure with Ethical Security (FIDES).

It is a tool suite for organizations to share sensitive data that is needed to develop, test and evaluate cybersecurity solutions – while safeguarding against the exposure of private and confidential information that may compromise user and organization expectations.

The DHS Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) program supports the global cyber risk research community by enabling information sharing among academic, industry and government researchers. However, sources of valuable cybersecurity data are most often reluctant to share such data due to privacy and confidentiality concerns, as reported by benzinga.com.

Dr. David Archer, principal researcher in privacy and cryptography, Galois, said: “We are in effect providing a ‘glovebox’ where sensitive data can be analyzed in depth without researchers seeing that data ‘in the clear’. This approach offers data providers assurance that the data remains private, and offers researchers the ability to conduct research with a much lower risk of accidentally exposing that data.”

The technology uniquely reduces risk for data providers by keeping non-anonymized data cryptographically secure for its entire lifetime: neither end users, insider threats, nor external adversaries can access such data “in the clear” at any time.

For example, a government agency sustaining a DDoS attack might seek to tap the expertise of cybersecurity firms to analyze data from attack patterns on a network, while protecting the privacy of users on that network.