SecureDataCloud is a research project funded by SESAR-WPE (Long Term and Innovative Research) that presents an innovative solution to the data sharing challenge within ATM. The solutions developed used secure (multi-party) computation; a set of techniques enabling non-trivial computations while preserving the privacy of the inputs from any party.
SecureDataCloud project (2012-2014) was coordinated by Innaxis Research Institute, with Istambul TU, Telenium and DHMI (Turkish ANSP) as partners.
The challenge and the vision
Most ATM data are considered in Europe as confidential and sensitive and therefore, private – both for their commercial value (e.g., when the business strategies of airlines could be inferred), and for the political or social consequence some of the analyses may cause (e.g., safety analysis or comparisons among stakeholders).
Within this project, a new paradigm is proposed to address confidentiality issues without limiting the ability of performing relevant computation of private data through the use of secure computation techniques. Secure computation is the field of cryptology devoted to the study of performing a computation while preserving the privacy of the inputs of any party, i.e. computing any function on any input in a distributed system, in which each participant holds a part of the information, even in a cloud-computing environment.
Although this can be solved by a trusted third party, this modality is not always feasible in real applications. Secure computation techniques can enable business models in cases where trusted parties are difficult to designate and specific, secure computation algorithms and protocols have been specifically developed.
Outputs and results
SecureDataCloud fosters interactions and data sharing among stakeholders by dint of secure computation techniques. General guidelines for the application are developed to address such techniques to air transport, following three outputs:
- Guidelines for the implementing secure computation techniques for different Business Cases: This would include high-level descriptions of situations in which secure computation can provide an added value to ATM. This also includes a review of: requirements, benefits for the ATM stakeholders involved, and the availability of algorithms and protocols.
- Software Reference Framework: This software framework includes functions, algorithms and protocols that constitute the starting ground for anyone beginning a new development in this field.
- Complete simulation results for two Case Studies: This includes real experiments on the use of secure computation and precise metrics, such as the computational cost or the data transmission bandwidth required to ensure proper functionality. Additionally, the project includes measurements of the guaranteed security levels.
- M. Zanin et al., “SecureDataCloud: Introducing Secure Computation in ATM”. Poster at the SESAR Innovation Days 2013, Stockholm (2013).
- M. Zanin et al., “Enabling the Aviation CO2 Allowance Trading Through Secure Market Mechanisms” SESAR Innovation Days 2014, Madrid (2014).
- M. Zanin et al., "Towards a secure trading of aviation CO 2 allowance." Journal of Air Transport Management 56 (2016): 3-11.
- M. Zanin et al., “Design and Implementation of a Secure Auction System for Air Transport Slots”.IEEE Services 2015 – Visionary Track: Security and Privacy Engineering, New York (2015).
More info on the case studies
The first case study involves the execution of a general secure auction, covering different time scales and market sizes. Specifically, we consider an airline planning to operate a new route between two airports. Therefore, at a strategic level, the airline firstly tries to buy slots from both airports, i.e. in the primary market. Afterwards, if this first step was not successful, it may try to buy a suitable slot in the secondary market, i.e. from other airlines. Here, the term "airport slot" is used in its general meaning, thus includes both landing and departure slots. Furthermore, airports (and airlines) may be selling one or more slots at the same time; nevertheless, and for the sake of simplicity, these slots will be considered as a single entity if sold with a unique prize, and as two separate slots if the prizes are different. As a final step, the airline may want to trade specialised trajectories near an airport, e.g. priority approach trajectories that could allow a reduction in fuel consumption or a higher delay recovery. In this case, the airline will try to bid for the resource directly to the airport, probably along with other competitor airlines.
The global objective of the second case study is the creation of delay reports using cleared information coming from different stakeholders, securely merged in order to achieve additional knowledge about causes of delays and their evolution through time. Here, cleared information refers to delay information whose causes and amounts have already been processed by the stakeholders, thus reaching a consensus about them. Several stakeholders collaborate by introducing delay information inside the system: pilot, airline representatives, ATC officers, EUROCONTROL's Network Manager Unit, airport representatives, and handling organisations. Different types of analyses are performed on the available data, including: average delay in the route, global and airline-based benchmarking, comparison of different routes, analysis of extreme values, and the analysis of correlation between delay codes.
As an example of the output of the project, the following image presents the graphical interface associated to the first case study. It has been implemented in Java, to ensure cross-platform operability - this has been verified in different environments, including Windows, OS X and Linux machines. Communications between all machines are encrypted according to the TLS standard. Data input and output, e.g. price definition and results delivery, are performed through CSV files, which simplifies the interface with external programs, including automatic data processing software (for instance, any software the airline may have to keep track of its CO2 allowance needs). Finally, software elements (i.e. the integration system and the SMC engine) are launched by executing .BAT files, which start JAVA machines and initialise the corresponding program.