Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Big Data Faces Big Challenges With Encryption

Data encryption is one the keys to data protection, but big data brings its own set of complications to cryptography.

Data encryption is one the keys to data protection, but big data brings its own set of complications to cryptography.

At a session at the Cloud Security Alliance’s upcoming CSA Congress event this week in Orlando, Fujitsu’s Arnab Roy will outline the top 10 challenges in cryptography for big data, which he contends lay in the following areas: communication protocols; access policy-based encryption; big data privacy; key management; data integrity and poisoning concerns; searching and filtering encrypted data; secure data collection; secure collaboration; proof of storage and the secure outsourcing of computation so that cloud environments can compute on encrypted data with sacrificing end-to-end privacy.

Step one to addressing these concerns involves systematically striking the right balance between privacy and utility, he said.

Big Data Encryption“The advent of high volumes of sensitive data like retail, financial and medical has enabled a plethora of analytics techniques which generate information of high value for third-party organizations who desire to target the right demographics with their products,” said Roy. “In practice, such data is shared after sufficient removal of apparently unique identifiers by the processes of anonymization and aggregation. [But] this process is adhoc, often based on empirical evidence and has led to many instances of “de-anonymization” in conjunction with publicly-available data.”

This can be further complicated by cloud environments.

Advertisement. Scroll to continue reading.

“Consider that a client wants to send all her sensitive data to a cloud: photos, medical records, financial records and so on,” he said. “She could send everything encrypted, but this wouldn’t be much use if she wanted the cloud to perform some computations on them, such as how much she spent on movies last month. With Fully Homomorphic Encryption (FHE), a cloud can perform any computation on the underlying plaintext all the while the results are encrypted. The cloud obtains no clue about the plaintext or the results.”

“In general, wherever there needs to be a trust boundary between data owners and computation-storage providers, this challenge arises naturally,” he continued. “The only solution which provides mathematical guarantees of privacy in this setting, without the requirement to trust a third party’s hardware, is provided by cryptography.”

Access control is also one of the key challenges to protecting data. According to Roy, access controls should be enforced without depending on the host system.

“Traditionally access control to data has been enforced by systems – operating systems [and] virtual machines – which restrict access to data based on some access policy,” he said. “The data is still in plaintext. There are at least two problems to the systems paradigm: one, systems can be hacked; two, security of the same data in transit is a separate concern.”

“The other approach is to protect the data itself in a cryptographic shell depending on the access policy,” he explained. “Decryption is only possible by entities allowed by the policy. One might make the argument that keys can also be hacked. However, this exposes a much smaller attack surface. Although covert side-channel attacks are possible to extract secret keys, these attacks are far more difficult to mount and require sanitized environments. Also encrypted data can be moved around, as well as kept at rest, making its handling uniform.”

The good news, Roy said, is that encryption technology in both the research phase and in limited deployment can enable big data analytics and governance that “plain vanilla encryption techniques” has not, and emerging research is aimed squarely at addressing complex ownership characteristics, authentication and anonymity expectations.

“There are of course the challenges of retargeting existing cryptographic solutions to the ever increasing volume, variety and velocity and the infrastructural shift due to big data,” he said. “However, there are emergent problems for big data as well which cryptography research has started addressing.”

Roy’s presentation is scheduled for Dec. 5.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.