New encryption method promises end-to-end cloud securityResearchers at the Massachusetts Institute of Technology have developed an encryption technique that, down the road, could make cloud computing more secure by ensuring that data remains encrypted while being processed.
The system combines three existing schemes — homomorphic encryption, garbled circuit and attribute-based encryption — into what the researchers call a functional-encryption scheme, according to a report in MIT News. The result is that a database in the cloud could handle a request and return a response without data being decrypted.
A scheme that keeps data secure every step of the way would likely appeal to public-sector agencies, which are increasingly moving applications and services to cloud systems, although for the foreseeable future they’ll have to rely on current security measures. The key barrier right now is computing power — the functional-encryption scheme requires more of it than would be practical.
But the researchers point out that the scheme is nascent and performance improvements, as in other areas of computing, are likely. “It’s so new, there are so many things that haven’t been explored — like, ‘How do you really implement this correctly?’ ‘What are the right mathematical constructions?’ ‘What are the right parameter settings?’” MIT associate professor Nickolai Zeldovich, of the co-authors of a paper on the subject, told MIT News.
Homomorphic encryption has been researched for decades, but the first fully homomorphic scheme was developed four years ago by Craig Gentry of IBM. In 2011, he offered MIT Technology Review a very simple demonstration of the mathematical consistency required: A user sends a request to add the numbers 1 and 2, which are encrypted to become the numbers 33 and 54, respectively. The server in the cloud processes the sum as 87, which is downloaded from the cloud and decrypted to the final answer, 3.