Secure and usable information systems even with highly confidential data
Encrypted System with Keyword Search (ESKS) Project
Secure Data Utilization Team
This team is working on the theme of “secure data utilization.” This interview focused on the development of ESKS (Encrypted System with Keyword Search), which is one of the projects of this team.
Project Overview
Meeting the need for both data security and usability
Generally speaking, organizations and individuals cannot easily disclose their data for privacy protection and security reasons. Meanwhile, there could be opportunities unable to provide desired services without disclosing confidential data. An easy example would be services such as video conferencing or chat tools. If such services employ end-to-end encryption, which allows only the end users to encrypt/decrypt data, they can achieve a high level of security. However, even if high security is ensured, the server side cannot provide services such as searching meeting minutes or chat history because the data contents are unknown to the server side. In our laboratory, we work as a team on the theme of “secure data utilization” to meet the need to ensure both data security and usability.
Technology
Developing storage and chat systems using ESKS, Encrypted System with Keyword Search
Although this “secure data utilization” initiative officially began in 2020, research and related projects on the means (technologies) to achieve the goal of secure data utilization have been conducted for nearly 10 years. In this respect, one of the most representative technologies is searchable encryption. The theory of searchable encryption itself was first published overseas in 2001, but it is a relatively new technology in terms of the implementation of functions. In this context, we propose a new cryptosystem called the Encrypted System with Keyword Search (ESKS) that adds the functional aspect of searchable encryption to highly secure end-to-end encryption. We are also developing systems such as storage and chat tools using ESKS. The main challenge in this system is how to store the key, which is the most sensitive information in any cryptographic system. With the increasing use of multiple devices, there are increasingly more opportunities to access the same system from multiple devices. However, the question is whether storing the same key on all devices is secure. For instance, the increased use of telecommuting during the COVID pandemic required accessing a system from one’s home laptop. However, the concern is whether it is secure to store the same key in such a device as that on a computer at work as storing the same key in a secure device, such as a tamper-resistant device (HSM), is costly.
In our proposed tools using the ESKS, users can access the tools from anywhere with a browser while still having highly secure encryption. Another feature of this system is that it technically overcomes a seemingly contradictory and challenging issue.
Storage system using ESKS: Encrypted System with Keyword Search
Project Management
What is important in project management? Building a system with a view of social implementation.
What is important in the management of each project of the Secure Data Utilization Team, including the ESKS project, is to simultaneously meet social needs and work on seed-like fundamental technologies. By achieving both, we will be able to prepare for future needs. For example, while responding to the social need to ensure flight safety by preventing spacecraft hijacking, we are also working on fundamental technologies such as zero-knowledge proof and anonymous authentication. This fiscal year, we are also working on establishing a system that will enable general companies to use our technology. For example, in the case of the ESKS, we have a library of technologies that can be transferred to other companies; in this case, we can support them as a consultant. For this reason, we hope that more people will understand ESKS and that it will make information systems in the world even more secure and usable.
Future Prospects
Contributing to the creation of new services from a security perspective
Ten to twenty years from now, or even beyond, the world shall be a place where previously impossible services are possible or new services are created because of the technology we have developed: this is the ideal. More specifically, we want to see a world where services would not be possible without our technology. In terms of data utilization, DeepProtect, another project of the Security Fundamentals Laboratory, is a step ahead of us, and we expect that our developed ESKS will follow it. We hope to drive more projects and make further contributions to society.
