Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

IBM Releases Open Source Toolkits for Processing Data While Encrypted

IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted.

IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted.

The toolkits implement fully homomorphic encryption (FHE), which enables the processing of encrypted data without providing access to the actual data. The toolkits are currently available for macOS and iOS, but IBM is also working on versions for Android and Linux.

Applications are typically designed to encrypt data while it’s at rest or in transit, but malicious actors could still gain access to it while it’s being processed since at this stage the data is decrypted. FHE addresses this problem by enabling authorized parties to work with data while it remains encrypted.

IBM invented FHE in 2009, but until recently its use was impractical as it was too slow.

“In recent years, thanks to algorithmic advancements, Fully Homomorphic Encryption has reached an inflection point where its performance is becoming practical. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” IBM says on a page dedicated to FHE.

The tech giant says the use of FHE is ideal for sensitive applications such as the ones used in the financial and healthcare sectors, allowing associated data to be shared without exposing it during processing.

The open source toolkits released this week by IBM make it easier for developers to implement FHE.

One practical use case suggested by IBM is for apps that allow users to search for certain types of products or services (e.g. restaurant apps). The use of FHE would allow the developer to implement what IBM describes as “privacy-preserving search,” enabling the user to obtain the information they are looking for without exposing the search query to the cloud provider.

Another use case is for machine learning. Developers of machine learning systems could train their model using encrypted data provided by others analyzing the same type of problem, but without the actual data being made available.

“For example, what if all the health care providers on the planet could pool fully encrypted patient records to allow analytics on patient data without divulging anything about the individuals involved. Think of the progress that could be made with regards to treating certain kinds of diseases!” IBM’s Eli Dow explained in a blog post.

Dow added, “As you might appreciate, the concept generalizes to analytics and cloud storage for regulated industries in general. Basically most scenarios where information-sharing collides with the paradox of ‘need-to-know’ vs. ‘need to share’ would benefit from FHE.”

The FHE toolkits are available on GitHub for macOS and iOS.

Related: Microsoft Introduces Free Source Code Analyzer

Related: CISA Announces Open Source Post-Election Auditing Tool

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...