Enabling Secure Data Exchange

The emergence of diverse networked data sources has created new opportunities for the sharing and exchange of data. In support of this, a fruitful line of research has resulted in distributed data processing and integration systems [19, 17, 29, 30, 3]. However in practice, fear of unauthorized disclosure or malicious tampering requires that data stay safely behind firewalls or remain protected by secure servers. Our goal is to overcome these limitations and enable secure data exchange and sharing in distributed integration scenarios. Such scenarios are characterized by many interacting data sources and many data consumers. Primary sources create and publish data; intermediate sources combine, extract, and modify the data for further dissemination; data consumers query it. This paper describes issues in secure data exchange, and illustrates some solutions proposed in the authors’ own work. The basic requirements of secure data exchange are confidentiality and integrity. Confidentiality means that unauthorized parties are prevented from reading data. In data exchange, confidentiality is provided through encryption and managing keys that allow access. Confidentiality benefits data sources who need to protect data. Integrity (in its basic form) means that unauthorized parties are prevented from modifying data. In data exchange, integrity is provided through digital signatures and data certification techniques. Integrity benefits both data sources (who need to make sure data attributed to them is not modified) and data consumers (who need guarantees that the data they use has not been tampered with). Confidentiality and integrity are distinct goals and the tools for each are different. In particular, techniques for providing confidentiality do not by themselves provide integrity. Participants can guarantee both properties by combining techniques. We describe the basic features of our envisioned framework for secure data exchange below: