Cybersecurity and Data Privacy in the Digital Age

The COVID-19 pandemic has brought to the fore a number of issues regarding digital technologies, including a heightened focus on cybersecurity and data privacy. This chapter examines two aspects of this phenomenon. First, as businesses explore creative approaches to operate in the “new normal,” the security implications of the deployment of new technologies are often not considered, especially in small businesses, which often possess limited IT knowledge and resources. Second, issues relating to security and data privacy in monitoring the pandemic are examined, and different privacy-preserving data-sharing techniques, including federated learning, secure multiparty computation, and blockchain-based techniques, are assessed. A new privacy-preserving data-sharing framework, which addresses current limitations of these techniques, is then put forward and discussed. The chapter concludes that although the worst of the pandemic may soon be over, issues regarding cybersecurity will be with us for far longer and require vigilant management and the development of creative solutions.

Minimum Round Card-Based Cryptographic Protocols Using Private Operations

This paper shows new card-based cryptographic protocols with the minimum number of rounds, using private operations under the semi-honest model. Physical cards are used in card-based cryptographic protocols instead of computers to achieve secure multiparty computation. Operations that a player executes in a place where the other players cannot see are called private operations. Using three private operations—private random bisection cuts, private reverse cuts, and private reveals—the calculations of two variable Boolean functions and copy operations were realized with the minimum number of cards. Though the number of cards has been discussed, the efficiency of these protocols has not been discussed. This paper defines the number of rounds to evaluate the efficiency of the protocols, using private operations. Most of the meaningful calculations using private operations need at least two rounds. This paper presents a new two-round committed-input, committed-output logical XOR protocol, using four cards. Then, we show new two-round committed-input, committed-output logical AND and copy protocols, using six cards. Even if private reveal operations are not used, logical XOR, logical AND, and copy operations can be executed with the minimum number of rounds. Protocols for general n-variable Boolean functions and protocols that preserve an input are also shown. Lastly, protocols with asymmetric cards are shown.

Assessment of Two Privacy Preserving Authentication Methods Using Secure Multiparty Computation Based on Secret Sharing

Secure authentication is an essential mechanism required by the vast majority of computer systems and various applications in order to establish user identity. Credentials such as passwords and biometric data should be protected against theft, as user impersonation can have serious consequences. Some practices widely used in order to make authentication more secure include storing password hashes in databases and processing biometric data under encryption. In this paper, we propose a system for both password-based and iris-based authentication that uses secure multiparty computation (SMPC) protocols and Shamir secret sharing. The system allows secure information storage in distributed databases and sensitive data is never revealed in plaintext during the authentication process. The communication between different components of the system is secured using both symmetric and asymmetric cryptographic primitives. The efficiency of the used protocols is evaluated along with two SMPC specific metrics: The number of communication rounds and the communication cost. According to our results, SMPC based on secret sharing can be successfully integrated in real-word authentication systems and the communication cost has an important impact on the performance of the SMPC protocols.

A Protocol for Checking Equality of Data Using Hash in Ideal Model of Secure Multiparty Computation

The ideal Secure Multiparty Computation (SMC) model deploys a Trusted Third Party (TTP) which assists in secure function evaluation. The participating joint parties give input to the TTP which provide the results to the participating parties. The equality check problem in multiple party cases can be solved by simple architecture and a simple algorithm. In our proposed protocol Equality Hash Checkin ideal model, we use a secure hash function. All the parties interested to check equality of their data supply hash of their data to the TTP which then compared all hash values for equality. It declares the result to the parties.

Revolutionizing Medical Data Sharing Using Advanced Privacy-Enhancing Technologies: Technical, Legal, and Ethical Synthesis

Multisite medical data sharing is critical in modern clinical practice and medical research. The challenge is to conduct data sharing that preserves individual privacy and data utility. The shortcomings of traditional privacy-enhancing technologies mean that institutions rely upon bespoke data sharing contracts. The lengthy process and administration induced by these contracts increases the inefficiency of data sharing and may disincentivize important clinical treatment and medical research. This paper provides a synthesis between 2 novel advanced privacy-enhancing technologies—homomorphic encryption and secure multiparty computation (defined together as multiparty homomorphic encryption). These privacy-enhancing technologies provide a mathematical guarantee of privacy, with multiparty homomorphic encryption providing a performance advantage over separately using homomorphic encryption or secure multiparty computation. We argue multiparty homomorphic encryption fulfills legal requirements for medical data sharing under the European Union’s General Data Protection Regulation which has set a global benchmark for data protection. Specifically, the data processed and shared using multiparty homomorphic encryption can be considered anonymized data. We explain how multiparty homomorphic encryption can reduce the reliance upon customized contractual measures between institutions. The proposed approach can accelerate the pace of medical research while offering additional incentives for health care and research institutes to employ common data interoperability standards.