|
|
PEP is an acronym for "Polymorphic Encryption and Pseudonymization". Functionally, PEP is software for the storage and retrieval of tabular data. PEP's storage consists of a single table. This rather limited [data structure](Data-structure) is offset by some features that run-of-the-mill database systems do not normally provide:
|
|
## NOLAI Workshop
|
|
|
|
|
|
|
|
- PEP [encrypts](#encryption) data both [at rest](https://en.wikipedia.org/wiki/Data_at_rest#Encryption) and in transit, effectively providing [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) between the data's uploader(s) and downloader(s).
|
|
Go [to the NOLAI PEP Workshop](PEP-Workshop-for-NOLAI).
|
|
|
- PEP [ensures](#trust-reduction) that no single server or administrator or hosting party can access the data (or provide access to it) by themselves.
|
|
|
|
|
- PEP [pseudonymizes data](Pseudonymization) to prevent multiple downloaders from blending data into a larger data set.
|
|
# About PEP
|
|
|
- PEP [keeps previous data](Data-structure#retention) versions available after a cell's contents are overwritten.
|
|
|
|
|
|
|
PEP is an acronym for "Polymorphic Encryption and Pseudonymization". Functionally, PEP is software for the storage and retrieval of tabular data. PEP's storage consists of a single table. This rather limited [data structure](Data-structure) is offset by some features that run-of-the-mill database systems do not normally provide:
|
|
|
Because of these features, PEP is usable for the storage of any (sensitive and/or confidential) information that must be made available in a pseudonymized form, and/or that must be kept available in multiple versions that may exist over time. Its current applications include the storage and dissemination of medical data for multiple academic research projects. Because of this, some of PEP's [terminology](Glossary) is geared toward such use.
|
|
|
|
|
|
|
- PEP [encrypts](#encryption) data both [at rest](https://en.wikipedia.org/wiki/Data_at_rest#Encryption) and in transit, effectively providing [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) between the data's uploader(s) and downloader(s).
|
|
|
More information on PEP's four key features can be found [below](#features). More elaborate documentation can be found by following hyperlinks.
|
|
- PEP [ensures](#trust-reduction) that no single server or administrator or hosting party can access the data (or provide access to it) by themselves.
|
|
|
|
|
- PEP [pseudonymizes data](Pseudonymization) to prevent multiple downloaders from blending data into a larger data set.
|
|
|
# Features
|
|
- PEP [keeps previous data](Data-structure#retention) versions available after a cell's contents are overwritten.
|
|
|
|
|
|
|
|
## Encryption
|
|
Because of these features, PEP is usable for the storage of any (sensitive and/or confidential) information that must be made available in a pseudonymized form, and/or that must be kept available in multiple versions that may exist over time. Its current applications include the storage and dissemination of medical data for multiple academic research projects. Because of this, some of PEP's [terminology](Glossary) is geared toward such use.
|
|
|
|
|
|
|
|
PEP applies strong cryptography to all data stored in the system. Cryptographic keys are only made available to authorized uploaders and downloaders, who (respectively) encrypt and decrypt the data on their local machines. Thus, data cannot be accessed by the PEP system itself, by its hosting parties, by its administrators, or by anyone else that may gain access to PEP's innards.
|
|
More information on PEP's four key features can be found [below](#features). More elaborate documentation can be found by following hyperlinks.
|
|
|
|
|
|
|
|
## Trust reduction
|
|
# Features
|
|
|
|
|
|
|
|
PEP is designed not to rely on any single party to safeguard data. Server components complement, check, and audit each others' actions. This ensures that data confidentiality cannot be compromised by breaching a single server. A similar "four eyes" principle applies to PEP's authorization system. Multiple administrators must cooperate to grant access, preventing any single administrator from being able to expose confidential data.
|
|
## Encryption
|
|
|
|
|
|
|
|
## Pseudonymization
|
|
PEP applies strong cryptography to all data stored in the system. Cryptographic keys are only made available to authorized uploaders and downloaders, who (respectively) encrypt and decrypt the data on their local machines. Thus, data cannot be accessed by the PEP system itself, by its hosting parties, by its administrators, or by anyone else that may gain access to PEP's innards.
|
|
|
|
|
|
|
|
Perhaps the most central and unique feature of the system, different PEP users receive different identifiers to refer to the same data. This prevents downloaders from blending their respective data into a single, larger data set. Thus, with its built-in [pseudonymization](Pseudonymization) mechanism, PEP provides some basic privacy safeguards when disseminating sensitive data such as medical or financial information.
|
|
## Trust reduction
|
|
|
|
|
|
|
|
## Retention
|
|
PEP is designed not to rely on any single party to safeguard data. Server components complement, check, and audit each others' actions. This ensures that data confidentiality cannot be compromised by breaching a single server. A similar "four eyes" principle applies to PEP's authorization system. Multiple administrators must cooperate to grant access, preventing any single administrator from being able to expose confidential data.
|
|
|
|
|
|
|
|
Data stored in PEP are [never overwritten](Data-structure#retention). When users upload data into PEP, the system also retains any data that were previously stored at the same location. PEP can thus reconstruct its state as it was at any point in the past, allowing the exact same data set to be retrieved multiple times. This makes PEP eminently usable for the distribution of data for academic (replication) studies.
|
|
## Pseudonymization
|
|
|
|
|
|
|
|
# Acquiring the software
|
|
Perhaps the most central and unique feature of the system, different PEP users receive different identifiers to refer to the same data. This prevents downloaders from blending their respective data into a single, larger data set. Thus, with its built-in [pseudonymization](Pseudonymization) mechanism, PEP provides some basic privacy safeguards when disseminating sensitive data such as medical or financial information.
|
|
|
|
|
|
|
|
The PEP client software is distributed as a Windows installer package. There are separate installers for each environment, e.g.:
|
|
## Retention
|
|
|
|
|
|
|
|
- [for the PPP environment](https://pep.cs.ru.nl/ppp/prod/pep.msi)
|
|
Data stored in PEP are [never overwritten](Data-structure#retention). When users upload data into PEP, the system also retains any data that were previously stored at the same location. PEP can thus reconstruct its state as it was at any point in the past, allowing the exact same data set to be retrieved multiple times. This makes PEP eminently usable for the distribution of data for academic (replication) studies.
|
|
|
- [for the Healthy Brain environment](https://pep.cs.ru.nl/hb/prod/pep.msi)
|
|
|
|
|
|
|
# Acquiring the software
|
|
|
PEP client software is also distributed in a [Docker](https://www.docker.com/) image for other platforms. See the page [Using pepcli with docker](https://gitlab.pep.cs.ru.nl/pep-public/user-docs/-/wikis/Using-pepcli-with-docker) for details.
|
|
|
|
|
|
|
The PEP client software is distributed as a Windows installer package. There are separate installers for each environment, e.g.:
|
|
|
# Detailed documentation
|
|
|
|
|
|
|
- [for the PPP environment](https://pep.cs.ru.nl/ppp/prod/pep.msi)
|
|
|
The information in the below pages is to be merged into a more interlinked wiki structure:
|
|
- [for the Healthy Brain environment](https://pep.cs.ru.nl/hb/prod/pep.msi)
|
|
|
|
|
|
|
|
- [General pepcli usage and examples](Using-pepcli)
|
|
PEP client software is also distributed in a [Docker](https://www.docker.com/) image for other platforms. See the page [Using pepcli with docker](https://gitlab.pep.cs.ru.nl/pep-public/user-docs/-/wikis/Using-pepcli-with-docker) for details.
|
|
|
- [Pseudonymized upload of MRI data](pseudonymized-upload)
|
|
|
|
|
|
|
# Detailed documentation
|
|
|
# Support
|
|
|
|
|
|
|
The information in the below pages is to be merged into a more interlinked wiki structure:
|
|
|
End users (such as researchers working with the data) should contact the support team for their respective environment when they have questions:
|
|
|
|
|
|
|
- [General pepcli usage and examples](Using-pepcli)
|
|
|
- For the Healthy Brain Project: hbs-data@radboudumc.nl
|
|
- [Pseudonymized upload of MRI data](pseudonymized-upload)
|
|
|
- For the Personalized Parkinson Project: ppp-data@radboudumc.nl
|
|
|
|
|
|
|
# Support
|
|
|
|
|
|
|
|
End users (such as researchers working with the data) should contact the support team for their respective environment when they have questions:
|
|
|
|
|
|
|
|
- For the Healthy Brain Project: hbs-data@radboudumc.nl
|
|
|
|
- For the Personalized Parkinson Project: ppp-data@radboudumc.nl
|
|
|
|
|
|
|
Project teams that use PEP, or parties interested in doing so, can direct their questions at support@pep.cs.ru.nl . Mail can be encrypted using [this GPG public key](uploads/654519843e424a555de2fb17324c1eb9/PEP_team_0x4CD939B8_public.asc) |
|
Project teams that use PEP, or parties interested in doing so, can direct their questions at support@pep.cs.ru.nl . Mail can be encrypted using [this GPG public key](uploads/654519843e424a555de2fb17324c1eb9/PEP_team_0x4CD939B8_public.asc) |
|
|
|
\ No newline at end of file |
