Description
Training Machine Learning models is challenging for many companies due to the lack of
sufficient and qualitative data. A solution to this problem is collaborating with other companies,
sharing data and jointly training a model. However, concerns about leaking proprietary
information often make companies hesitant to share their data. This work analyzes the use
case of secure collaborative data sharing in the context of the MINERVA project, which aims to
reduce the risk of data collaboration in the machine tool sector. The thesis focuses on the secure
and confidential communication between companies and a cloud infrastructure. We identify
potential security risks, requirements and establish core security goals as well as guiding
principles, including confidentiality, integrity, and accountability. The proposed system uses
group signatures as Confidentiality Protecting Technology, enabling anonymous authentication
to ensure user privacy during the data upload. Further, it allows tracing of contributions
in cases of misbehavior and excludes malicious actors from the system. We develop three
architectural configurations with different levels of trust distribution and participant control.
Depending on the configuration, the authority to disclose a contributor’s identity is either
managed in the cloud or distributed across multiple entities. A qualitative evaluation of the
system’s functionality and security properties confirms its potential to provide a secure and
confidential framework for collaborative data sharing. A modular, containerized, micro-service
implementation demonstrates the system’s feasibility and ease of deployment across different
environments.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching