The HREDA (Human and Robotic Exploration Data Archive) is a data archive and information portal that contains ESA funded or co-funded investigations and experiments since 1972. These experiments are performed in the International Space Experiments from different investigation fields such as growing vegetables and fluids physics studies in the space.
The archive is a joint effort by ESA’s Directorate for Human and Robotic Exploration, the Directorate of Science, and the Science Data Centre (SDC) Madrid. It became operational in 2020 and supersedes the former Erasmus Experiment Archive (EEA) and the ESA Microgravity Database (MGDB).
HREDA is developed by the ESAC Science Data Centre (ESDC). The ESDC provides services and tools to access and retrieve observations and data from ESA's space science missions (astronomy, planetary science, heliophysics and human robotic exploration). 

The data archive within the system is highly heterogeneous, requiring the management of different security levels. Some data is always public, some becomes public after an initial prior access, whereas sensitive data requires special permissions for accessing like medical analysis from astronauts. This paper focuses on the advanced mechanisms developed for accessing sensitive data.

Our archive incorporates an advanced security framework for managing sensitive data, ensuring compliance with data protection standards. The system ensures that all incoming data is received in an encrypted format, safeguarding it from unauthorized access from the moment it enters the network. Each dataset is assigned an unique certificate, adding an additional layer of security and traceability. Decryption keys are securely stored in a robust Key Management Service (KMS) server, further protecting the data from breaches.


Our solution integrates two-factor authentication (2FA) with HRE-IC Internet Secured Services (HISS) to provide an extra layer of security, ensuring that only verified users can access the data. Additionally, access authorization is meticulously managed on an individual basis, with each user requiring explicit approval. This personalized authorization process guarantees that only the right personnel have access to the sensitive information.
This implementation enables the end user to securely download decrypted data without having to manage the complexities of certification and key management.