Over last two decades, companies have protected data in transit with VPNs, HTTPS, and TLS. Those same companies have also protected data at rest with various file-level and whole-disk encryption technologies.
For data in transit, your browser or VPN software contacts a web or VPN server, they negotiate a common set of capabilities such as cipher strengths, public certificate information, and a Diffie-Hellman exchange of a secret key. After this handshake process is complete, you and your destination can send data securely over the wire.
For data at rest, there are two options. File-level encryption locks down individual files so if a file share scraping malware tries exfiltrating data, it’s useless to them. Whole-disk encryption essentially creates a secure, encrypted wrapper around the hard disk of a laptop, for example, where if someone tries taking the hard disk out of that laptop and inserting it in another machine, the contents of the whole disk are useless.
But what about data in use? Until now, data in use has always been the weak link in the data security chain. Data at use is data that is in clear text in memory (RAM). When you browse a website, let’s say your bank account, your browser has to retrieve your financial details from the bank’s servers, transfer them to your computer over HTTPS, then decrypt the financial data in RAM and finally, display the information on your screen. While in RAM, data is vulnerable to data exfiltrating malware.
After forty years of research, cryptographers have finally created viable homomorphic encryption solutions the issue of plaintext data in use. Homomorphic encryption lets data operations be performed on ciphertext as if it were plaintext. According to pioneering HE startup Enveil’s CEO, “[homomorphic encryption] provides the security of encryption while keeping data usable, allowing functions to be performed on the data in its encrypted state. This eliminates both the extra effort and exposure gap required by today’s standard practice (decrypt, use, encrypt again).”
So what are the use cases for homomorphic encryption (HE)? Think about allowing a third-party to search an entire database of information. Homomorphic encryption enables data sharing without the need to hand over entire data sets. Cyber-physical systems (CPSs) such as the accelerator and break in a vehicle are prone to being hacked. According to a recent academic paper by several Korean researchers, “One immediate solution could be encrypting the signals, but in order to perform computation in the controller, they should be decrypted before computation and encrypted again after computation. For this, the controller keeps the secret key, which in turn increases vulnerability from the attacker.”
It’s a bit early to tell where this is all headed, but like blockchain and other disruptive technologies, it’s worth keeping an eye out for the security and business benefits of HE.