securing inspiredgeodata cloud services with clarus · akka researchroadmap 5 clouds clarus private...

Securing INSPIREd geodatacloud services with CLARUS 

INSPIRE conference 2016 (Barcelona)

Why cloud computing ?

Increase flexibilityon‐demandelasticityubiquitous access

Reduce costsshared resourcespay as you usemetering

Reduce riskshigher availability

Securing INSPIREd geodata cloud services with CLARUS  2

The main barriersto cloud adoption

3

Geodata providers are often reluctant to move to the cloud

Data security Loss of control Data location

Securing INSPIREd geodata cloud services with CLARUS 

4

PrivateCloud

CloudAccessSecurity Broker

Solutions ?

on‐premises or cloud‐hosted 

software that acts as a control point to support threat protection and 

security for cloud services

a type of cloud computing that delivers similar 

advantages to public cloud but 

implemented within the corporate infrastructure

Securing INSPIREd geodata cloud services with CLARUS 

AKKA Research roadmap

5

CLOUDS CLARUS

privatecloud

cloud security

demonstrate the feasibility of employing a cloud‐based infrastructure to provide 

seamless access to geospatial public sector information

Securing INSPIREd geodata cloud services with CLARUS 

EuropeanCommission 

H2020programme

INSPIRE in the cloud security issues

some geospatial data are sensitive for public security matters for commercial reasons

their exploitation in the cloud raises security issuesthe mission of European geosurvey organisations 

includes the management of sensitive environmental data (e.g. drinking water collection points)

beside the legal obligations to share public data to a large audience

6Securing INSPIREd geodata cloud services with CLARUS 

The CLARUS solution

7

in the context of honest‐but‐curious cloud service providers (CSP)

Securing INSPIREd geodata cloud services with CLARUS 

The « honest‐but‐curious » threat model

8

Secure the transport

Secure the access

Trust the service provider

Secure communication

HTTPSSFTPSSH

Access controlAuthenticationAuthorization

?

Securing INSPIREd geodata cloud services with CLARUS 

The « honest‐but‐curious » threat model

9

Secure the transport

Secure the access

Trust the service provider

HONEST

butCURIOUS

Securing INSPIREd geodata cloud services with CLARUS 

10

data set

Cloud Service Provider

UNTRUSTEDZONE

TRUSTED ZONE

Securing INSPIREd geodata cloud services with CLARUS 

11

data set

search query

data set

transformedsearch

obfuscatedresults

clearresults

2

3

4 5

61

Cloud Service Provider

UNTRUSTEDZONE

TRUSTED ZONE

Proxy

Securing INSPIREd geodata cloud services with CLARUS 

Application cases considered

12Securing INSPIREd geodata cloud services with CLARUS 

Data operations

13

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

clear data protected dataProxy

Securing INSPIREd geodata cloud services with CLARUS 

Encryption techniques

14

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

Securing INSPIREd geodata cloud services with CLARUS 

Privacy‐preserving techniques

15

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

Securing INSPIREd geodata cloud services with CLARUS 

Data anonymisation

16

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

Sensitive data are made indistiguishable

in order to avoidreidentification

and confidential data disclosure

Securing INSPIREd geodata cloud services with CLARUS 

Data coarsening

17

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

Data are generalized in order to lower their level

of details and thus avoid disclosure

Securing INSPIREd geodata cloud services with CLARUS 

Data splitting

18

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

Data are fragmented into different cloud providers so that individual pieces do 

not cause disclosure

Securing INSPIREd geodata cloud services with CLARUS 

19

Data coarsening

20

Data anonymization

21

Data splitting

What about encryption ?

22Securing INSPIREd geodata cloud services with CLARUS 

The challenges of encryption

Full encryption is advised(Partial encryption reveals search patterns to the CSP that can be used to deriveinformation about the protected data)

…. but ….How to fully encrypt without breaking functionality ?

For vector datasets stored in a spatial DB, it is not possible

23Securing INSPIREd geodata cloud services with CLARUS 

Combining techniques

24

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

clear data protected dataProxy

USE CASEKriging computation

(geoprocessing)

Measurements (z) are encrypted and 

outsourced to one cloud

Outsourced coordinates (x,y) are split 

(latitude/longitude) in different clouds

Kriging computation on protected data is

possible

Securing INSPIREd geodata cloud services with CLARUS 

Searchable encryptionfor geo‐referenced data

25

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

RESEARCH PAPER

Securing INSPIREd geodata cloud services with CLARUS 

Homomorphic encryption for secure geoprocessing

26

data anonym. encryption

data splitting

searchableencryption

data coarsening

homo‐morphic

encryption

Proxy protected dataclear data

RESEARCH PAPER

Securing INSPIREd geodata cloud services with CLARUS 

Proxy

under the magnifying glass

27

clear data protected data

data protection

ANON.

COARS.

SPLIT.

ENCRYP

S.E.

H.E.

sensitive dataidentification

PGSQL

WFS WPSWFST

S3

+PLUGINS

protocol parsing request /responseprocessing

STREAMING

BUFFERING SECURITYPOLICY

Securing INSPIREd geodata cloud services with CLARUS 

28

Geospatial datasetsfor CLARUS

containgeographicalcoordinates

contain scientificattributes

(measurements)

require a certain level of security

(confidential)

relating to one of the INSPIRE thematic groups held by public

authorities or third-parties

conforming to standards (OGC, ISO)

Securing INSPIREd geodata cloud services with CLARUS 

INSPIRE use cases for CLARUS

29

groundwaterboreholes

energy supplynetworks

geology(kriging)

any

storage geo publication

geoprocessing

geocollaboration

Securing INSPIREd geodata cloud services with CLARUS 

INSPIRE use cases for CLARUS

30

storage geopublication

geoprocessing

geocollaboration

WFS WPS WFST

PGSQLS3

Securing INSPIREd geodata cloud services with CLARUS 

Other (possible) applications

Health geostatisticsprivacy‐preserving statistics and geography

Location privacyprivacy‐preserving location based services (LBS)for smart cities, smart phones, connected cars

Satellite imageryprotect high resolution products

31Securing INSPIREd geodata cloud services with CLARUS 

THANK YOUThierry Chevallier 

(AKKA Technologies)

www.clarussecure.eu | contact@clarussecure.eu | @Clarusecure  CLARUS has received funding from the European Union's Horizon 2020 programme ‐ DG CONNECT Software & Services, Cloud. Contract No. 644024