Martina Palmucci | Università degli Studi di Perugia
Supported by GARR
Martina works as a research fellow at Consortium GARR. She received a bachelor's degree in Mathematics from the University of Camerino, Italy, and a master's degree in Computer Engineering from the University of Perugia, Italy. Martina participated in the Erasmus+ programme at the University of Salamanca, Spain and the Vrije Universiteit Brussel, Belgium.
Her interests involve applied cryptography, a combination of her two majors - Mathematics and Computer Engineering. Martina also enjoys explaining her work to both small and large audiences, using concrete examples that are relevant to the listener's experience.
CRYPTOGRAPHY FOR CLOUD SECURITY
Nowadays, the amount of data stored on digital devices is huge and this trend is rising. Because of data protection regulation, and to deter attacks, sensitive data must be protected proactively.
Furthermore, recent legislation, among which the General Data Protection Regulation (EU GDPR) and the Consumer Data Right (CDR), has started to mandate technical measures for data protection. In particular, the principle of “data minimisation” states that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. The principle of minimisation can be implemented by limiting access to certain categories of data according to the experts that have to use the data.
This research project identified a technological gap related to the data minimisation principle. Although the GDPR legislation provides guidelines, it does not explicitly specify the required techno- logical tools to implement them. The project aims to fill that gap by developing a cryptographic scheme as a service integrated within a cloud system.
An encrypted database offers intrinsic data security. Data is transformed into ciphertext (unreadable text) using a cryptographic procedure. Even when an attack on the database would be successful, the encryption techniques prevent hackers to analyze or decrypt your data to use it to their ad- vantage. Specifically, the cryptographic technique that is chosen is Attribute-Based Encryption (ABE). ABE encrypts a resource against attributes instead of concrete users. Only users that possess a correct combination of attributes will be able to decrypt the resource. ABE eases the implementation of access control rules to comply with the GDPR principles.
Finally, the last part of the project consists of implementing the cryptographic scheme as a cloud service. Because the cloud is one of the most popular methods for storing data among large communities, we want to integrate the ABE system with cloud storage and other potential cloud services. The envisioned system will integrate the existing Role-Based Access Control (RBAC) system of a cloud system with ABE, allowing data to be encrypted using pre-existing privileges.
