Security and Privacy Assurance Research program

Overview
The Security and Privacy Assurance Research program (SPAR) is a follow-on effort to the Automatic Privacy Protection (APP) program. Neither the SPAR nor APP programs involve data mining, but the research results from both programs may enhance security and protect privacy in data mining activities.

The SPAR program was launched in 2011 to build on the successes of APP and explore additional applications of PIR to realistic IC scenarios. The program will complete its first phase of research in March 2013. SPAR includes research projects in three technical areas. The first technical area protects security and privacy for database access. Unlike the simple queries and static databases of APP, SPAR will investigate protocols that handle multiple types of complex queries and databases whose records are frequently created, deleted, or updated. In addition, the protocols must integrate policy compliance checking with the security and privacy assurances so that the Server can verify that a query is compliant with a policy even though the query is never learned. The second technical area will build on advances in fully homomorphic encryption (FHE) schemes to implement PIR without relying on any third parties. FHE is a recent breakthrough result of thirty years of cryptographic research, but current schemes are impractical due to high costs in time and memory.

SPAR will attempt to explore gains in performance by modified FHE schemes that support only the computations necessary for information retrieval. The third technical area will investigate applications of PIR to the specialized information sharing architectures of publish/subscribe systems. If successful, the SPAR program will benefit the IC by securing and protecting the privacy interests of both the custodians and the consumers of data. The technology may enhance cooperative information sharing within the IC, and among government and the private sector, by expanding policy options for satisfying security and privacy concerns when information is shared.