At the request of the International Consortium of Investigative Journalists (ICIJ), an EPFL laboratory has developed a decentralized search engine and secure messaging. The aim is to guarantee an exchange of information without risk of leakage.
With more than 200 members in 70 countries, therevealed many cases, including medical and tax fraud. The most famous is undoubtedly the “Panama Papers”, which revealed the existence of several hundreds of thousands of front companies allowing in particular to make tax evasion. A leak during the exchange of such sensitive files would have compromised not only the publication of this information in the media, but also the safety of journalists and sources, said Sunday evening in a statement the Federal Polytechnic of Lausanne (EPFL ).
Mandated by the ICIJ, thefrom EPFL has developed a fully anonymous decentralized information retrieval and exchange system, Datashare Network. The latter will be presented during the Usenix Security Symposium, which will be held online from August 12 to 14. Anonymity is the central point of the system. Both research and exchange of information can be done without disclosing their identity or the content of the requests, either to colleagues or to the organization. The latter guarantees the proper functioning of the system but has no knowledge of the exchanges.
Documents remain on members’ servers or computers
A centralized management system would be too obvious a target for hackers, notes EPFL. Since the organization does not have decentralized servers in various jurisdictions, the documents therefore remain on the members’ servers or computers. Users store only a few pieces of information in the system that allow others to link to their survey. Searches are sent encrypted to all users. If the information matches, the requester receives an alert and decides whether he wishes to enter into communication and possibly exchange information.
“Given the different time zones and the fact that some members only have access to the internet for a few hours a day, it was important that the research and responses could be done in a non-synchronized manner,” said Carmela Troncoso, director of the laboratory. at the origin of the system. Another system, messaging this time, also secure and anonymous, then allows bilateral exchanges.
Completely new secure components
The research team used elements known as anonymous authentication and communication mechanisms which they optimized for this type of use, but they also developed entirely new secure elements. The security of the unsynchronized search engine is ensured by a new protocol which makes it possible to search efficiently in numerous databases without increasing the risk of leaks. As for the mail server, it uses a very large number of virtual mailboxes which can be used only once.
The collaboration of the laboratory with the organization of journalists made it possible to draw a new corpus of needs, rarely studied in scientific publications. “The constraints specific to this development open up a new research area with great potential for other areas,” concludes Carmela Troncoso.
ats / vic