At the 20th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2024), held in Dubai, UAE, from October 28-30, the HARPOCRATES project was featured through a presentation of the paper titled “SPADE: Digging into Selective and Partial Decryption using Functional Encryption.” Presented by Hossein Abdinasibfar from Tampere University, a project partner, this work highlighted a significant development in the field of Functional Encryption (FE).
Overview of SPADE
SPADE introduces a Functional Encryption framework aimed at addressing critical challenges in data security. Specifically, it enables users to access only the segments of encrypted data for which they have authorization, without revealing unnecessary or sensitive information. This capability for Selective and Partial Decryption is particularly important in sectors where privacy and confidentiality are paramount.
Key Features of SPADE
- Selective Decryption: SPADE employs policy-driven decryption keys that allow users to decrypt only authorized sections of encrypted data. For example, in a medical context, a researcher might access a patient’s general health data without exposure to detailed mental health records.
- Partial Decryption: Moving beyond traditional all-or-nothing encryption models, SPADE allows for the decryption of specific data portions. This approach minimizes data exposure and aligns with privacy regulations that emphasize data minimization.
- Efficient Computation: The system optimizes the decryption process to reduce computational overhead, making it scalable and practical for large datasets common in industries like healthcare and finance.
- Compatibility with Complex Data Types: SPADE is designed to handle structured and complex datasets, such as genomic information or detailed medical records, enhancing its applicability across various fields.
- Applications of SPADE
The flexibility and privacy-centric design of SPADE make it suitable for a range of applications:
- Healthcare: Facilitates the secure sharing of patient information by restricting data access to relevant records based on the user’s role.
- Finance: Allows auditors or analysts to access specific financial data without exposing other sensitive information.
- Research and Data Science: Enables focused data analysis while preserving the confidentiality of complete datasets.
Implications for Data Security
SPADE’s approach aligns with contemporary demands for data protection and privacy. By implementing principles such as data minimization and privacy by design, it supports compliance with regulations like the General Data Protection Regulation (GDPR).
The HARPOCRATES project continues to pursue innovations like SPADE to enhance data security without compromising usability. The insights shared at SecureComm 2024 contribute to the ongoing dialogue on how to effectively balance data accessibility with the need for stringent privacy controls.
By addressing key challenges in Functional Encryption, SPADE represents a meaningful advancement in secure and controlled data sharing within privacy-sensitive industries.
Access full paper here.