DHS Awards Galois Contract To Enable Sensitive Network Data To Remain Encrypted When Shared And Analyzed

Cryptographic tool will be leveraged by DHS and, over time, government agencies and corporations seeking to enable cyber security solutions and safeguard sensitive data

Galois today announced that it has been awarded a two-year, $800K contract by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to develop a tool suite for organizations to share sensitive data that is needed to develop, test and evaluate cyber security solutions – while safeguarding against the exposure of private and confidential information that may compromise user and organization expectations.

The DHS Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) program supports the global cyber risk research community by enabling information sharing among academic, industry and government researchers. However, sources of valuable cyber security data- industry and consumer victims of cyber attacks- are most often reluctant to share such data due to privacy and confidentiality concerns. The Galois suite, the Framework for Information Disclosure with Ethical Security (FIDES), aims to help DHS address these concerns by allowing sensitive data to be shared and analyzed while it remains fully encrypted.

“FIDES represents perhaps the first practical ‘big data’ analytics platform for network and other data that provides government agencies and corporations the ability to understand that data while keeping it private,” said Dr. David Archer, principal researcher in privacy and cryptography, Galois. “We are in effect providing a ‘glovebox’ where sensitive data can be analyzed in depth without researchers seeing that data ‘in the clear’. This approach offers data providers assurance that the data remains private, and offers researchers the ability to conduct research with much lower risk of accidentally exposing that data.”

FIDES uniquely reduces risk for data providers by keeping non-anonymized data cryptographically secure for its entire lifetime: neither end users, insider threats, nor external adversaries can access such data “in the clear” at any time. For example, a government agency sustaining a DDoS attack might seek to tap the expertise of cyber security firms to analyze data from attack patterns on a network, while protecting the privacy of users on that network. As well, corporations who derive increasing value from analyzing vast troves of private user information are increasingly under fire to provably account that that the data it stewards are being safeguarded.

For additional information on FIDES visit https://galois.com/project/fides. For information on the DHS IMPACT program, visit https://ImpactCyberTrust.org, and https://www.dhs.gov/csd-impact.

About Galois

Galois has been performing computer science research and development since 1999. With many of the world’s foremost experts in computer science and mathematics and a world-class team of programmers and engineers, Galois is uniquely positioned to take on the world’s most difficult challenges in computer science. Galois is a trusted partner in the defense and intelligence industries, proving the feasibility of cutting edge research as it applies to critical systems. Technology companies turn to Galois to build reliability, safety and security into their product development efforts from day one. For additional information, visit http://www.galois.com.

This material is based on work supported by DHS and the United States Air Force under Contract No. FA8750-18-C-0051.  Any opinions, finding and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DHS or the United States Air Force.