Users of Internet services currently have to entrust the respective service provider with their data. However, attackers or secret services can obtain access to that data by using vulnerabilities or backdoors in hard- or software. Moreover, authorities can force the service provider to give out data. The new EU General Data Protection Regulation (GDPR) now mandates that companies take appropriate measures to protect user data.
The project „PSOTI“ (Privacy-preserving Services On The Internet) will eliminate the need to trust a single service provider and empower users to keep full control over their data. For this, the user can choose from multiple service providers who jointly process the data, without gaining direct access to the contents. The data will be protected, as long as at least one provider is trustworthy.
The main goal of PSOTI is to develop privacy-preserving services for commonly used applications on the Internet like data storage, online surveys, and email. These services will provide extensive functionalities and will allow to securely and efficiently store, retrieve, search, and process data. This will allow to comply with the GDPR and preserve the fundamental rights to privacy and the protection of personal data.
A practical system for secure multi-party computations will be developed which can also be used for the secure processing of other sensitive data such as in the areas of genomics or machine learning. Also protocols for private search queries will be built that even hide the structure of the query and that can be used in multiple application scenarios.
Thomas Schneider is full professor for Computer Science at TU Darmstadt and heads the Cryptography and Privacy Engineering (ENCRYPTO). In their research, he and his team demonstrate that privacy can be efficiently protected in several applications. For this, they use methods from applied cryptography and algorithm engineering for developing protocols, tools, and software prototypes to efficiently protect sensitive data.
Before becoming a professor in March 2018, he was an independent research group leader at TU Darmstadt (2012–2018) and did his PhD in IT Security with distinction at Ruhr-University Bochum (2008–2011). In 2012, he obtained the science award of the German Association for Data Protection and Data Security (GDD) for his dissertation. In 2007, he did a research internship at Bell Labs, NJ, USA. More details are available here.