How Homomorphic Encryption Could Secure Our Future In The Cloud

26 Sep

Many organizations say one of the primary reasons they aren’t yet adopting the cloud is because of security. While the cloud does provide a high level of security for certain tasks, there is a little left to be desired when it comes to other operations. Such operations include analyzing and mining large amounts of data in the cloud – especially when the data is sensitive in nature. Homomorphic encryption hopes to solve the problem of giving unencrypted data to a public cloud provider.

The hot topic in the technology and cryptology world these days is homomorphic encryption. Homomorphic encryption is defined as:

“A form of encryption which allows specific types of computations to be carried out on ciphertext and generate an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.”

Common encryption methods involved encrypting the data on one end, and using a “key” of some kind on the other to decrypt the message. This generally means that only the key holder may decipher the message. This is an age-old method that has made its way into current technology. The encryption is used to protect the message from anyone who may capture it before it meets its destination.

Homomorphic encryption hopes to change encryption and data analysis. Currently, encrypted data can be sent to and from a cloud provider’s data center, however, the servers that power that cloud can’t do any work on the data this way. Homomorphic encryption is a method of encrypting data so that it can be analyzed without being decrypted, while still returning an encrypted result. For instance, say we want to add 5 and 7 together. The data is then encrypted so that 5 becomes 29 and 7 becomes 41. The data is then sent to the cloud to be processed. The result (70) is then downloaded and decrypted to give us our answer (12). Essentially, this means you encrypt the data so that performing a mathematical operation on the encrypted information and then decrypting the result produces the same answer as performing an analogous operation on the unencrypted data. This is known as homomorphism and is the basis behind homomorphic encryption.

Now, this may fly over the heads of some out there. Encryption…Cryptography..We just want to know our data is secure. Homomorphic encryption is what will power security in the cloud and over the Internet. Essentially it allows us to analyze data and perform certain computational tasks using data without having to decrypt the data. This, in theory, means that only the creator of the data can decrypt it, and they would never have to worry about sending unencrypted data into the cloud to be analyzed in the cloud.

For example, a company could encrypt its database of e-mails and upload them to the cloud. The company could then analyze this data while it’s in the cloud without decrypting it. The e-mails can be analyzed for any function or relationship, while still encrypted, then the result of the query may be downloaded and decrypted to plaintext. So, not only are we getting an encrypted positive result in the cloud, we’re getting a decrypted result after download that matches. The primary goal here is to be able to analyze data in the cloud without having to decrypt it first, a non-possibility in the past.

While this technology is the wave of the future, it is still difficult to accomplish today. While homomorphic encryption has been successful in some general cases, it still struggles with more complex data sets and takes immense computing power for more practical operations. Its use in practical applications such as searching databases is not far off, however, and it should be noted that several breakthroughs in the field occur every year. In fact, IBM did file for a patent in this area earlier this year, hinting that they may be close to a practical version. We’ll continue to monitor hot topics like this, and keep a close eye on breakthrough technology – especially as it pertains to the cloud or cloud security.