New Paper: Encrypted Data Vaults

We’ve now got our first paper from #RWOT9, Encrypted Data Vaults:

Here’s the intro:

"We store a signifcant amount of sensitive data online, such as personally identifying information (PII), trade secrets, family pictures, and customer information. The data that we store is often not protected in an appropriate manner.

"Legislation, such as the General Data Protection Regulation (GDPR), incentivizes service providers to better preserve individuals’ privacy, primarily through making the providers liable in the event of a data breach. This liability pressure has revealed a technological gap, whereby providers are often not equipped with technology that can suitably protect their customers. Encrypted Data Vaults fll this gap and provide a variety of other benefits.

“This paper describes current approaches and architectures, derived requirements, design goals, and dangers that implementers should be aware of when implementing data storage. This paper also explores the base assumptions of these sorts of systems such as providing privacy-respecting mechanisms for storing, indexing, and retrieving encrypted data, as well as data portability.”