Encrypted cloud could lead to hack-proof data
Hacking cloud storage could net the online assailants nothing but a cache of meaningless encrypted code – with little indication of what was even being done with it – if researchers have their way. Working on a practical implementation of homomorphic encryption, a hitherto primarily theoretical system where encrypted code is worked on by software that produces already-encrypted results, Microsoft researcher Kristin Lauter and coder colleagues Vinod Vaikuntanathan and Michael Naehrig have come up with a proof-of-concept which, they reckon, would mean that both data and results would only be understandable with the user's decryption key.
"This proof of concept shows that we could build a medical service that calculates predictions or warnings based on data from a medical monitor tracking something like heart rate or blood sugar. A person's data would always remain encrypted, and that protects their privacy" Kristin Lauter, Microsoft Research
The limitation of homomorphic encryption so far has been the incredible amounts of processing power required to handle all that secure crunching. Lauter's system is currently limited to additions and multiplications, which means while it's not going to replace most cloud-computing installations, it's good enough for basic statistical shuffling of the sort that's done on health research data.
In their demo, a regular laptop could add together 100 numbers – each 128 binary digits in length – in 20ms, with both source data and the output being encrypted. Existing attempts at true homomorphic encryption calculations take more like 30 minutes.
While encrypted cloud data would present some difficulties – such as indexing and searching – it would also offer a new degree of security from hackers. Without the decryption key, even if a server was raided and data stolen, it would be considerably more difficult to make malicious use of it. The expectation is that partial-homomorphic encryption is likely to show up in federal and medical record keeping initially.
[via Technology Review]