Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Making Use of Sensitive Data in the Cloud Without Ever Decrypting It

Researchers Propose Method to Make Use of Encrypted Data in the Cloud While Never Exposing It

Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.

Researchers Propose Method to Make Use of Encrypted Data in the Cloud While Never Exposing It

Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.

Encrypting Data in Cloud EnvironmentsKristin Lauter, with Vinod Vaikuntanathan and Michael Naehrig, worked on a system that can perform statistical analyses on encrypted data despite never decrypting it. The data can only be interpreted using the key in the possession of the data’s owner. She told Technology Review “This proof of concept shows that we could build a medical service that calculates predictions or warnings based on data from a medical monitor tracking something like heart rate or blood sugar.”

The Microsoft research builds on the work of IBM Researcher Craig Gentry, who has been working on a lattice-based cryptography method called homomorphic encryption.

The basic problem is that if you encrypt the data coming into a Cloud, the services there can’t really do anything meaningful with that data without decrypting it, which defeats the purpose of securing it in the first place. Consider sensitive data such as healthcare information. Homomorphic encryption seeks to remedy that by encrypting the data in a way that allows for mathematical operations to be performed. The analogous operation performed on the encrypted data is known as homomorphism.

Gentry found this wasn’t so easy in practice. In 2008, he discovered he could do a few basic operations on the encrypted data before the results became useless. There are many reasons for this. For example, if one is to find a piece of text within an e-mail, this would require chaining together thousands of basic operations. Gentry found that applying a second layer of encryption works, if only to protect the intermediate results when the system broke down.

The example given to Technology Review is what if we wanted to add 1 to 2? The 1 could be encrypted to become the number 33, and the 2 could be encrypted to become the number 54. The combination of the two numbers, 87, could be decrypted to become the number 3. This is a vast simplification, but it shows the potential. Gentry’s 200 plus page homomorphic encryption thesis paper can be found here.

Homomorphic encryption has also been mentioned as a means of providing secure electronic voting. Votes could be tallied, yet the privacy and integrity of the voter remains, something that is not always possible with electronic voting systems today.

This is encouraging research. As we move toward Cloud services, we need better security on the data that is outside our reach. By keeping it always encrypted seems a viable method, although back end processing power will need to be strengthened.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility