SecureDataCloud – Innaxis.aero

The project

SecureDataCloud is a research project funded by SESAR-WPE (Long Term and Innovative Research) that presents an innovative solution to the data sharing challenge within ATM. The solutions developed used secure (multiparty) computation; a set of techniques enabling non-trivial computations while preserving the privacy of the inputs from any party.

The challenge and the vision

Most ATM data are considered in Europe as confidential and sensitive and therefore, private – both for their commercial value (e.g., when the business strategies of airlines could be inferred), and for the political or social consequence some of the analyses may cause (e.g., safety analysis or comparisons among stakeholders).

Within this project, a new paradigm is proposed to address confidentiality issues without limiting the ability of performing relevant computation of private data through the use of secure computation techniques. Secure computation is the Veld of cryptology devoted to the study of performing a computation while preserving the privacy of the inputs of any party, i.e. computing any function on any input in a distributed system, in which each participant holds a part of the information, even in a cloud computing environment.

Although this can be solved by a trusted third party, this modality is not always feasible in real applications. Secure computation techniques can enable business models in cases where trusted parties are difficult to designate and specific, secure computation algorithms and protocols have been specifically developed.

Outputs and results

SecureDataCloud fosters interactions and data sharing among stakeholders by dint of secure computation techniques. General guidelines for the application are developed to address such techniques to air transport, following three outputs:

Guidelines for the implementing secure computation techniques for different Business Cases

This would include high-level descriptions of situations in which secure computation can provide an added value to ATM. This also includes a review of: requirements, benefits for the ATM stakeholders involved, and the availability of algorithms and protocols.

Software Reference Framework

This software framework includes functions, algorithms and protocols that constitute the starting ground for anyone beginning a new development in this field.

Complete simulation results for two Case Studies

This includes real experiments on the use of secure computation and precise metrics, such as the computational cost or the data transmission bandwidth required to ensure proper functionality. Additionally, the project includes measurements of the guaranteed security levels.

More info on the case studies

The first case study involves the execution of a general secure auction, covering different time scales and market sizes. Specifically, we consider an airline planning to operate a new route between two airports. Therefore, at a strategic level, the airline firstly tries to buy slots from both airports, i.e. in the primary market. Afterwards, if this first step was not successful, it may try to buy a suitable slot in the secondary market, i.e. from other airlines. Here, the term “airport slot” is used in its general meaning, thus includes both landing and departure slots. Furthermore, airports (and airlines) may be selling one or more slots at the same time; nevertheless, and for the sake of simplicity, these slots will be considered as a single entity if sold with a unique prize, and as two separate slots if the prizes are different. As a final step, the airline may want to trade specialised trajectories near an airport, e.g. priority approach trajectories that could allow a reduction in fuel consumption or a higher delay recovery. In this case, the airline will try to bid for the resource directly to the airport, probably along with other competitor airlines.

The global objective of the second case study is the creation of delay reports using cleared information coming from different stakeholders, securely merged in order to achieve additional knowledge about causes of delays and their evolution through time. Here, cleared information refers to delay information whose causes and amounts have already been processed by the stakeholders, thus reaching a consensus about them. Several stakeholders collaborate by introducing delay information inside the system: pilot, airline representatives, ATC officers, EUROCONTROL’s Network Manager Unit, airport representatives, and handling organisations. Different types of analyses are performed on the available data, including: average delay in the route, global and airline-based benchmarking, comparison of different routes, analysis of extreme values, and the analysis of correlation between delay codes.

As an example of the output of the project, the following image presents the graphical interface associated to the first case study. It has been implemented in Java, to ensure cross-platform operability – this has been verified in different environments, including Windows, OS X and Linux machines.

Communications between all machines are encrypted according to the TLS standard. Data input and output, e.g. price definition and results delivery, are performed through CSV files, which simplifies the interface with external programs, including automatic data processing software (for instance, any software the airline may have to keep track of its CO2 allowance needs). Finally, software elements (i.e. the integration system and the SMC engine) are launched by executing. BAT files, which start JAVA machines and initialise the corresponding program.

About secure multi-party computation

Secure Multi-party Computation (SMC) is a set of techniques and algorithms that allows two or more untrusted parties to perform some kind of computation on a data set, while keeping their respective information private. Once the computation is complete the only new information each party would possess is the output of that computation, without any additional knowledge on the information provided by the other party.

In other words, instead of providing a party with the full set of data (and thus creating a security issue) or alternatively denying access to the data (essentially blocking any possibility of using the data), the data owners could allow a third party to run computations on their data for some functions, without real access to the full dataset.

SMC in air transport

As any other socio-technical system, the air transport system is always looking for ways of improving its operations: SESAR in Europe, NextGen in USA, OneSky in Australia, SIRIUS in Brazil, or CARATS in Japan. One priority is shared among all of them: a free Pow of information between the agents and stakeholders involved in the operation. Some examples span from sharing future trajectory plans by aircraft, negotiations for slot exchange by airlines, the continuous monitoring of global mobility and CO2 emissions, or achieving higher safety levels.

Achieving such seamless flow of information comes with notable challenges. Most ATM datasets are considered confidential and sensitive and, therefore private – both for their commercial value, and for the political or social consequences some of the analyses may cause. If stakeholders remain isolated with little cross-integration, the solutions being developed by the community, such as SESAR’s System Wide Information Management (SWIM), would not successfully and fully address this confidentiality issue, as data are actually released to the party requiring them. Essentially the confidentiality of the system is as good as the confidentiality of the worst procedure implemented by the entities.

A completely different approach is enabled by SMC. Parties can collectively compute on private data, with the security that the information will not be disclosed to the other participants. In fact, only the final result will be disclosed. Example includes airport slot trading, CO2 allowance trading, analysis of delay and safety reports, and many more!

Publications

M. Zanin et al., “SecureDataCloud: Introducing Secure Computation in ATM”. Poster at the SESAR Innovation Days 2013, Stockholm (2013).

M. Zanin et al., “Enabling the Aviation CO2 Allowance Trading Through Secure Market Mechanisms” SESAR Innovation Days 2014, Madrid (2014).

M. Zanin et al., “Towards a secure trading of aviation CO 2 allowance.” Journal of Air Transport Management 56 (2016): 3-11.

M. Zanin et al., “Design and Implementation of a Secure Auction System for Air Transport Slots”.
IEEE Services 2015 – Visionary Track: Security and Privacy Engineering, New York (2015).

SecureDataCloud: A project coordinated by
The Innaxis Foundation and Research Institute