Data encryption has become a staple strategy among IT administrators hoping to keep sensitive information away from unauthorized eyes. Unfortunately, a good deal of functionality has typically been sacrificed to gain these levels of data protection. That may soon change, however, thanks to the latest innovations offered by researchers from the Massachusetts Institute of Technology.
"For the last three decades or so, the big problem in using encryption hasn't been whether strongly encrypted files can be cracked," explained Forbes staff writer Andy Greenberg in his latest column. "The problem remains that to actually do anything with the encrypted data – search it, sort it or perform computation with it – that data must be decrypted and exposed to prying eyes."
CryptDB, a piece of database software developed by MIT computer scientists, promises to deliver a solution to the basic yet serious problem. According to the new research report, the program allows users to send queries to encrypted data sets and receive their answers without decrypting the information and leaving it vulnerable to abuse.
"CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data," the report stated. "As a result, a database administrator never gets access to decrypted data and, even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in."
The underlying technology for this data security breakthrough is called fully homomorphic encryption. Developed in 2009 by then Stanford University doctoral student Craig Gentry, FHE allowed users to perform a series of calculations on strings of encrypted information that would derive the same answers they would have received from the data were it left unencrypted.
There was one major complicating factor with this technique, however. According to Forbes, the time it took to perform a manipulation in this manner was exponentially greater than that observed in traditional calculation processes. But with the help of Gentry and others, MIT researchers have now almost completely nullified this unfortunate side effect, adding just 15 to 26 percent to the computing time when working with most common applications.
This news has been of particular interest in IT circles, with some suggesting that FHE and CryptDB could provide the magic bullet for cloud security. According to InfoBoom contributor and former Fortune 500 executive Karen Hanna, understanding how data is stored and handled in virtual environments continues to trouble corporate IT professionals. Citing figures from a recent TechTarget survey, data security continues to be the top concern among 88 percent of administrators tasked with deploying cloud computing environments.
By approaching the matter from a more data-centric angle, MIT researchers may signal the way forward in cloud management. Instead of struggling to monitor traffic across environments with ever-expanding perimeters, it may be wiser to intervene at the data level. With advanced encryption, administrators can be confident that data is protected at rest and in transit. But the functionality offered by FHE suggests that crucial visibility and analytical functionality does not necessarily have to be sacrificed in the process.
The buzz generated by FHE in recent years has already translated into public and private sector research funding. According to Forbes, the latest MIT report was backed by Google and Citigroup alongside the National Science Foundation. The project has also drawn interest from the Department of Defense.
The Pentagon's Defense Advance Research Projects Agency previously promised $20 million to anyone who could develop a strategy that provided a marked boost in efficiency over Gentry's original FHE calculations. As a result, according to Forbes, the MIT research team could very well receive a call from federal engineers in the coming months asking for additional perspective on this potentially powerful cloud security breakthrough.
Cloud Security News from SimplySecurity.com by Trend Micro