ASCLEPIOS 2020 Wrapped

As we are getting closer to the end of 2020, let’s take a look at the highlights of this year for the ASCLEPIOS Project!

ASCLEPIOS Encryption and Cyber Security Solutions

2020 has been a very fruitful year for the design and implementation of the ASCLEPIOS encryption services that will offer to healthcare providers a complete set of secure, encryption-based services for cloud-based operations, namely: 1. the ASCLEPIOS searchable encryption protocol enabling searching over encrypted medical data; 2. the combined Symmetric Searchable Encryption + Attribute-Based Encryption scheme to offer enhanced access control over encrypted medical data; 3. the ASCLEPIOS functional encryption analytics services that allow healthcare providers to perform statistical computations over encrypted data; 4. the Emnet tool for the execution of privacy-preserving statistics across multiple care service providers using Multi-Party Computations; 5. a set of log-based analytics that allow data owners and data controllers to assess the efficacy of the defined access control policies and learn potential improvements for protecting data stored on the cloud; and finally 6. The ASCLEPIOS CEAA  that helps healthcare providers detect abnormal behaviour in the way data access services are used and leverage extracted knowledge to build threat preventive mechanisms.

Check out some of our latest related research publications to find out more about the above:

Power Range: Forward Private Multi-Client Symmetric Searchable Encryption with Range Queries (25th IEEE International Conference on Communications (ISCC 2020))

Attribute-Based Symmetric Searchable Encryption (2nd Workshop on Cloud Security and Privacy (Cloud S&P) in conjunction with the 18th International Conference on Applied Cryptography and Network Security (ACNS’20))

(F)unctional Sifting: A Privacy-Preserving Reputation System Through Multi-Input Functional Encryption (25th Nordic Conference on Secure IT Systems (NordSec 2020))

Privacy-preserving architecture for providing feedback to clinicians on their clinical performance (in BMC Medical Informatics and Decision Making, June 2020)

A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud (in Journal of Annals of Telecommunications, Springer, March 2020)

ASCLEPIOS Attributed Based Access Control Services

Attribute Based Access Control (ABAC) lies at the core of the ASCLEPIOS access services. The attributes model for the healthcare sector, as well as the required mechanism for the contextualization of data, have been provided by the ASCLEPIOS Models Editor and Interpretation Mechanism. To complete the provided functionality, the ASCLEPIOS Context-Aware Authorization Engine has been delivered, using a combination of ABAC with Attribute-Based-Encryption to augment the authorization functionality in a distributed cloud environment. The two schemes are complemented by an identity management scheme that abstracts the extraction of authentication info. Hence the ASCLEPIOS Context-Aware Authorization Engine efficiently combines OpenIDConnect signaling for Identity Extraction (user authentication), ABAC Policy Enforcement for accessing allowing/disallowing access to an ABE Server that issues attribute-based encryption/decryption keys.

Check out some of our latest related research publications to find out more about the above:

Securing Access to Healthcare Data with Context-aware Policies (in 11th IEEE International Conference on Information, Intelligence, Systems and Applications (IISA 2020))

A context-aware security model for a combination of attribute-based access control and attribute-based encryption in the healthcare domain (in Multi-Clouds and Mobile Edge Computing (M2EC), In conjunction with the 34th International Conference on Advanced Information Networking and Applications (AINA 2020))

Figure 1: The ASCLEPIOS ABAC Policy Editor

ASCLEPIOS Attestation Mechanisms

Remote attestation during communications is an added safety layer that ensures the trustworthiness of the devices and of the data they exchange. Hardware-based attestation in ASCLEPIOS leverages the attestation features offered by Trusted Execution Environments (TEE) that can be found even in most mainstream home laptops and devices. In June 2020 ASCLEPIOS delivered an interoperability protocol for secure data transfer between ITEEs, featuring a specification and prototype implementation using a protocol verification tool.

We also monitor this standardization effort Trusted Execution Environment Provisioning (TEEP) Architecture. Check it out if you want to learn more about Trusted Execution Environment Provisioning (TEEP) Architecture.

ASCLEPIOS Demonstrator Cloud Testbed

After conducting the required research to specify and collect the technical requirements of the ASCLEPIOS demonstrator applications, the ASCLEPIOS cloud-based testbed was designed and setup, incorporating resources from the University of Westminster and NSE private clouds, and also from two leading international cloud providers, Amazon AWS and Microsoft Azure. In order to provide automated deployment and runtime management, deployment will be done in a cloud-native microservices-based infrastructure that is managed by the MiCADO (Microservices-based Cloud Application-level Dynamic Orchestrator) framework, ensuring appropriate support for the development, deployment and benchmarking of the ASCLEPIOS demonstrators.

Check out our latest related research publication on the subject:

Cloud apps to‐go: Cloud portability with TOSCA and MiCADO (in Concurrency and Computation: Practice and Experience published by John Wiley & Sons Ltd. )

As you can see 2020 was a very fruitful year for us in ASCLEPIOS! We expect 2021 to be even more productive and exciting, so stay tuned!

Merry Christmas & Happy New Year!

Christmas Vector by Vecteezy