Cryptography

What is homomorphic encryption?

April 27, 2021 by Graeme Messina

Homomorphic encryption is a security technology that allows you to safely run and store your confidential data in cloud environments. As with most technologies, there are going to be some pros and cons with choosing this method. They relate to how well it performs, how safe your data is and how well your applications run.

The basic idea behind this technology is there are use cases that require data to be accessible without being decrypted. This is useful in scenarios where confidentiality between the systems processing the data is required. Homomorphic encryption in cloud computing has the potential to be used in services that need to segment user data and keep it encrypted and safe, while still allowing authorized access to the data owners need to read, write and execute. The data and files are being stored in the cloud without exposing the users to risk by decrypting data before it can be accessed appropriately by the user.

To achieve this, homomorphic encryption is used. This encryption method makes it possible for cloud platforms to access encrypted data streams so they can be processed and stored without compromising security. The key benefit of using this technology is performance. There is very little in the way of performance degradation when processing encrypted data versus unencrypted forms of the same decrypted data.

This is a huge advantage. The main reason being the data being read is still encrypted, which means there are fewer vulnerabilities in the way data is accessed when in motion or at rest on the cloud platform. This means both the input and output of the computational operations remains encrypted until it is ready to be accessed by the data owner at a later stage. 

The data owner can access the data by supplying the encryption key at the end of the process. This means the encryption key is less likely to be revealed during the processing or storage phases of the computational processes if an intruder can breach a system and gain access. 

Using this method is not a new idea, but system limitations of previous generations of hardware and encryption systems had made the implementation of homomorphic encryption impractical. This has changed as our computational power and storage capabilities have increased exponentially over the past three decades. 

What is homomorphic encryption and how is it different from traditional methods?

Homomorphic encrypted data can be interacted with while it is still encrypted. The actions that are performed on the data are encrypted and so are the results, which means that the level of security that homomorphic encryption brings to the table is that much higher. 

It also means there is no interactivity while the actions are being carried out, so the encrypted data can be left alone while it is being worked on without there being any oversight of user access during the operation. The only downside is that there is a much greater computational overhead that is required to work on encrypted data like this, especially as it relates to machine learning

Homomorphic encryption also uses something called malleability. This is a built-in design that allows other parties to potentially edit the output of an encrypted stream without actually being able to view the data either before or after affecting the change. This is useful in some scenarios where a user might need to apply functions to the data being processed without necessarily needing to see what those changes are. This is done to maintain data privacy and compliance in some cases.

This is quite different from traditional encryption methods which require that data is decrypted before it can be read and processed. 

Different types of homomorphic encryption

When working with encryption there are a lot of mathematical formulas and principles that apply. Homomorphic encryption uses a lot of functions and formulas to interact with encrypted data, and it can accomplish this in several different ways. We have outlined three of the most popular known methods of using homomorphic encryption:

  • Partially homomorphic encryption (PHE): This is an encryption type that will allow a single mathematical function or operation on a single set of data. The operations can be performed on this set as many times as it is necessary.
  • Somewhat homomorphic encryption (SHE): This kind of encryption will permit for up to two different operation types on a set of data, but is limited to only a select number of times. 
  • Fully homomorphic encryption (FHE): This type of encryption allows many different types of mathematical operations and also allows the operations to be applied an unlimited number of times. Unfortunately, there is quite a hit in performance that affects the overall speed of these operations.

The method you choose will depend on your specific requirements. If you need performance with reduced functionality then either PHE or SHE can be used. FHE is still at a stage in development where performance is not quite up to par. It is not necessarily recommended for production environments that rely on fast data processing to get work done.

Each of the three different homomorphic types we have looked at will offer different benefits to different people depending on their requirements. Each of these solutions helps to further develop the technologies that make an FHE solution possible. Once the performance issues have been worked out we will see much more secure cloud instances of data storage and processing. 

Homomorphic encryption use cases

Regulated markets where privacy is critical

Any industry responsible for keeping records of users is at risk of storing personally identifiable information. This is highly regulated in sectors like banking and healthcare so you need to ensure that all of your data is encrypted and stored in line with the standards that apply to that industry. Currently, there are issues when data is decrypted so that it can be worked on, which puts the data at risk.

One practical example is the use in medical situations. Patient material needs to be decrypted and then analyzed. This creates a security window where data can be misappropriated or stolen. By using homomorphic encryption, medical practitioners and diagnosticians can perform work on this data such as data analysis without even having to decrypt any data. The data that is extracted by using this method is just as detailed and useful as traditional methods.

The financial sector also has the potential to make use of this technology. Confidential information about individual finance and corporate financial records needs to be monitored. When queries are run against a set of data it can remain encrypted so that there is no loss of confidentiality. There are plenty of examples that show how private data can be accessed while keeping it encrypted and secure.

Outsourcing your cloud storage

Not many companies have the financial resources to invest in their cloud infrastructure, let alone the security expertise and skills required to keep this data safe. Running a data center comes with its challenges, so many companies choose to outsource all of these functions to providers. Sometimes this is a result of localized regulations where the data being worked on is not regulated for that region. Examples of this exist in entertainment and finance.

By encrypting this data, companies can sidestep this altogether because the data is technically in an unreadable and encrypted state at all times, even when it is being worked with. Other benefits of using this approach mean users responsible for accessing this data can not view anything other than the output of their authorized queries. Any unauthorized access is technically impossible when using homocentric encryption. 

This makes it an ideal candidate to host in the cloud, where access controls are both strictly monitored and audited. Adding the encryption capabilities into this mix makes the solution both secure and compliant with most security standards. You will need to access a homomorphic encryption library to implement a solution of your own, which Microsoft is currently working on here. 

Utilize homomorphic encryption

Homomorphic encryption keeps critical information secure and is needed in sectors where regulators set strict rules and regulations for data. The performance you can expect depends on the level of homomorphic encryption you decide to work with, and the size of the data set that you will be querying. It is a fine balance at the moment as technology continues to mature. When the speeds catch up to the security of this newly developed system then it could become the new standard of cloud-based data storage.

 

Sources

Microsoft SEAL, Microsoft 

Unlock value of sensitive data without decryption, IBM

Homomorphic encryption: Deriving analytics and insights from encrypted data, CSO

Posted: April 27, 2021
Articles Author
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.


Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117