Improving Confidentiality in Inter-Organizational Collaborations

Abstract

In today’s interconnected world, collaborations between organizations have become increasingly important to achieve success. Data sharing plays an important role in these collaborations as it enables participants to exchange information and make informed decisions together. With the convergence of several technologies, such as the internet of things (IoT), artificial intelligence (AI), machine learning (ML), and cloud computing, collaborations are now possible across multiple domains and organizations.

However, the current working model for inter-organizational collaborations often requires participants to either share data openly between them or at least with a third party that they all have to trust. While data sharing is essential for effective collaborations, in many cases, this open sharing raises concerns regarding business-critical data, causing companies to reconsider their participation in such collaborations. Companies may be reluctant to participate in collaborations due to the risk of compromising their intellectual property, competitive advantage, or trade secrets.

To address this challenge, one potential solution is to allow for secure and confidential computation in collaborations without the need for sharing data in plaintext. Although secure multi-party computation (SMPC) offers a theoretical solution, it is often not practical due to its high computational cost and slow execution. This thesis proposes a scalable privacy-preserving model for inter-organizational collaborations that ensures the confidentiality of shared data without imposing a significant performance overhead. The model is based on a combination of a hierarchical grouping approach and the use of SMPC. Specifically, the model aims to decompose the computation required for collaboration using the hierarchical grouping approach and apply SMPC to the decomposed computation. This approach enables organizations to collaborate with enhanced confidentiality while also being fast enough to enable new ways of collaboration. Additionally, to encourage organizations to join collaborations, it is necessary to examine the security and privacy concerns that come with sharing data. Therefore, this thesis also presents a novel threat modelling approach tailored to inter-organizational collaborations. This threat modelling approach enables organizations to identify potential threats associated with participating in such collaborations and offers systematic guidance on developing mitigation strategies, as well as designing and establishing secure and privacy-friendly collaborations. The whole approach represented in this thesis is applied to two scenarios, lead time and life-cycle assessment, as case studies to be assessed and evaluated. Experimental results show that our approach results in a significant performance gain in most cases where the collaboration structure allows for hierarchical groupings and parallel computations, while in others, it performs at least as well as approaches using the direct application of SMPC. Furthermore, it offers additional security properties beyond these approaches.