Author profile picture

With increasing digitalization, the question arises in the healthcare sector in particular: How and where can data be stored that should be available for as long as possible? Researchers at Darmstadt Technical University have developed a prototype together with international partners. It will store sensitive health data securely for decades.

The discussion about digital patient files is more topical than ever in Germany – as well as elsewhere. It is tempting to imagine that all of a patient’s health data can be bundled in one place. But the question of data security and decades of availability is slowing down the development of appropriate solutions. Patient data must be able to be stored securely for a lifetime – sometimes even longer.

The problem with decades of availability: Current encryption methods can become insecure in the coming years and decades. In addition, attackers who are targeting personal data are using ever larger computing capacities for their attacks. As a result, the attacks are getting better and better. In order to prevent unauthorized access, TU Professor Johannes Buchmann and spokesman for the Collaborative Research Center CROSSING of the German Research Foundation and his team have been working together with the Japanese research institute NICT (National Institute of Information and Communications Technology) since 2015. They are researching the project “LINCOS – Long-Term Integrity and Confidentiality Protection System”. Since 2017 they have been supported by the Japanese hospital operator Kochi Health Science Center and the Canadian company ISARA.

Confidentiality and integrity

The system for the protection of sensitive health data combines confidentiality protection with renewable integrity protection. In plain language: No one can access or modify the protected data. Future computing capacities and algorithms play no role here. The core of the solution is a technology called “Secret Sharing”. The procedure consists of a data sharing principle. The original data record of the patient file is distributed to different servers. Individual parts make no sense without the missing data pieces. Only when enough parts, also called “shares”, are put together, the original patient file is created.

Even if hackers attack one of the servers, they cannot do anything with the captured share. To make the system even more secure, the distribution of patient files is changed regularly. Quantum computer resistant data also ensures that the data cannot be changed – the integrity protection. The researchers have even developed a solution in the event that this should be classified as insecure over time. The signatures are exchanged at regular intervals.

A further security level in the LINCOS system protects the data that is sent back and forth between the hospital and the server operator. It is used by the Canadian company and industry partner ISARA. The researchers use quantum computer-resistant encryption for this purpose. A quantum key exchange should guarantee secure keys in the long term. The researchers in the CROSSING Collaborative Research Centre are working on this in their own quantum laboratory at Darmstadt Technical University.

“The sustainable protection of electronic patient files is just one example where sustainable security is urgently needed. In our digitized world, we produce an unimaginable amount of sensitive data every day that must remain confidential and unchanged over a long period of time, for example in industrial 4.0 applications at Germany’s industrial location. This is where politics is called upon to ensure the guaranteed long-term protection of our data”, Buchmann appeals.

More than 65 scientists from the fields of cryptography, quantum physics, system security and software work together in the CROSSING Collaborative Research Centre. They conduct basic and application-oriented research. Their aim is to develop security solutions that will also enable trustworthy IT systems in the future. Crossing has been supported by the German Research Foundation (DFG) since 2014.