Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Making Use of Sensitive Data in the Cloud Without Ever Decrypting It

Researchers Propose Method to Make Use of Encrypted Data in the Cloud While Never Exposing It

Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.

Researchers Propose Method to Make Use of Encrypted Data in the Cloud While Never Exposing It

Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.

Encrypting Data in Cloud EnvironmentsKristin Lauter, with Vinod Vaikuntanathan and Michael Naehrig, worked on a system that can perform statistical analyses on encrypted data despite never decrypting it. The data can only be interpreted using the key in the possession of the data’s owner. She told Technology Review “This proof of concept shows that we could build a medical service that calculates predictions or warnings based on data from a medical monitor tracking something like heart rate or blood sugar.”

The Microsoft research builds on the work of IBM Researcher Craig Gentry, who has been working on a lattice-based cryptography method called homomorphic encryption.

The basic problem is that if you encrypt the data coming into a Cloud, the services there can’t really do anything meaningful with that data without decrypting it, which defeats the purpose of securing it in the first place. Consider sensitive data such as healthcare information. Homomorphic encryption seeks to remedy that by encrypting the data in a way that allows for mathematical operations to be performed. The analogous operation performed on the encrypted data is known as homomorphism.

Gentry found this wasn’t so easy in practice. In 2008, he discovered he could do a few basic operations on the encrypted data before the results became useless. There are many reasons for this. For example, if one is to find a piece of text within an e-mail, this would require chaining together thousands of basic operations. Gentry found that applying a second layer of encryption works, if only to protect the intermediate results when the system broke down.

The example given to Technology Review is what if we wanted to add 1 to 2? The 1 could be encrypted to become the number 33, and the 2 could be encrypted to become the number 54. The combination of the two numbers, 87, could be decrypted to become the number 3. This is a vast simplification, but it shows the potential. Gentry’s 200 plus page homomorphic encryption thesis paper can be found here.

Homomorphic encryption has also been mentioned as a means of providing secure electronic voting. Votes could be tallied, yet the privacy and integrity of the voter remains, something that is not always possible with electronic voting systems today.

This is encouraging research. As we move toward Cloud services, we need better security on the data that is outside our reach. By keeping it always encrypted seems a viable method, although back end processing power will need to be strengthened.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.