11/02/2023
In order to achieve free and active data collaboration in the IOWN era, NTT’s IOWN PETs effort aims to create a world of secure data distribution. IOWN PETs ensures that data is always encrypted and used only within the scope of the data owner’s policy throughout its lifecycle, from its creation to its destruction.
*Privacy-Enhancing Technologies (PETs): A general term proposed by Gartner for technologies that process data while protecting privacy. NTT is taking on the challenge of developing PETs to achieve end-to-end data governance, not only during storage and transmission but also in computational spaces.
Data governance, also called data sovereignty, refers to data handling policies (such as a data’s permitted users, use purposes, and use locations) established by the data owner and followed throughout the data’s lifecycle, from its creation to its destruction.
Conventionally, data could be managed by setting access rights in the database managed by the data owner, but the handling of data at the destination was generally stipulated in a contract, so there was no technical guarantee that the data provided by the data owner would be used at the destination. The data owner was not technically guaranteed the use of the data provided by the data owner at the destination.
With the arrival of IOWN APN (All Photonics Network) and other high-capacity, low-latency networks, Disaggregated Computing*2 will become mainstream and bring about large-scale distributed computing environments. In Disaggregated Computing, computing resources such as CPUs, GPUs, and storage are physically distributed. This architecture will allow data owners to manage their own data in their desired locations and to dynamically integrate data virtually across countries/regions and data spaces as needed. In such a world, not only governance during data storage and transmission but also governance related to computational spaces, data locations, and processing infrastructure will become more important. New security models that satisfy the requirements of multiple organizations with their own interests will be needed.
* Disaggregated Computing, the Basis of IOWN|NTT R&D Website (rd.ntt)
To solve this problem, NTT seeks to realize a world where data is distributed with handling policy defined by the data owner as a set, guaranteeing the data owner’s policy throughout the data’s lifecycle. Our approach is to directly connect secure computational spaces realized by PETs with quantum-resistant encrypted communications and to form a closed space in a distributed computing environment where data cannot be accessed by unauthorized third parties. By completing the entire lifecycle of data collaboration within this closed space and appropriately controlling data based on its data policy, we believe we can realize a secure computing platform that allows only authorized persons, including platform operators, to retrieve only permitted computation results.
To realize IOWN PETs, we are engaged in studying PETs-incorporated IOWN computing architecture. This computing architecture consists of the following layers: the PETs layer, which performs computational processing while maintaining data security and confidentiality using cryptography and other technologies; the IOWN Data Hub (IDH) layer, which securely stores and links data; and the Data-Centric Infrastructure (DCI) layer, which provides an environment for applications to run. These layers are connected to one another by secure encrypted communication (Secure Transport). We introduce below the technologies NTT R&D is developing to realize IOWN PETs in this architecture.
Data sandbox technology enables companies and organizations to hide the knowledge they manage (such as data or algorithms that the organizations want to keep secret) from one another while leveraging the combined value. This technology can prevent duplication and abuse of shared knowledge by carrying out processing within a special trusted execution environment (TEE) provided by modern central processing units (CPUs).
Secure computation is a technology that allows data to be computed while remaining encrypted consistently even within the CPU. In addition to encryption during data communication and storage, secure computation can also be executed during data computation without ever decrypting the data, ensuring a high level of security.
NTT’s secure computation uses a secret sharing scheme that conforms to the ISO (International Organization for Standardization) standards as its encryption mechanism and uses multiparty computation techniques based on the secret sharing scheme.
Secure computation AI is a technology in which secure computation based on secret sharing, which NTT has been researching for many years, is applied to AI machine learning and prediction algorithms. As well as training data, predictive models can also be encrypted, enabling a variety of AI processing to be performed without disclosing the data to third parties such as data analysts and system operators.
Secure Computation AI | NTT R&D Website (rd.ntt)
Secure matching technology enables an organization to perform secure cross-analysis of anonymous data by matching personal information held by two parties without revealing the content of the information to the other party and maintains the anonymity of the data. This technology solves the issue of data confidentiality, which has made cross-analysis difficult due to organizations’ reluctance to bring their own data to another organization. It promotes the further utilization of data.
Secure federated learning enables training of AI and deep learning models using data that are difficult to aggregate due to data confidentiality and size. Collaboration across identical domains makes it possible to obtain models with greater accuracy. Furthermore, collaboration across different domains is expected to give rise to new applications. By combining with secure computation and ICT infrastructure technology for trusted data use such as trusted execution environment (TEE), data utilization with even stronger privacy protection can be realized in computational operations that integrate updated information.
Secure optical transport is a cryptographic communication technology that realizes secure optical communication even in the quantum computing era. Taking into account compromising of post-quantum cryptography (PQC), which is said to be secure against quantum computers, in the future, this technology realizes a key exchange architecture that enables combining multiple cryptographic algorithms and switching cryptographic algorithms according to users’ needs and situations. With this architecture, the security level of cryptographic communications is always maintained, even in the quantum computing era.
Virtual data lake technology is a data infrastructure technology that enables the data in various locations to be used without the need to aggregate them into a single location. By collecting metadata instead of data itself, this technology virtually aggregates and centralizes data.This makes it possible for data users to efficiently obtain the necessary data on demand for analysis and processing. For data providers, this technology makes it easy to maintain governance of their data by allowing them to always manage master data at their locations and providing data to data users upon request via the virtual data lake.