SoylentNews is people
SoylentNews
The topics of security and data have become almost inseparable as enterprises move more workloads to the cloud. But unlocking new uses for that data, particularly driving richer AI and machine learning, will require next-generation security.
To that end, companies have been developing confidential computing to allow data to remain encrypted while it is being processed. But as a complement to that, a security process known as fully homomorphic encryption is now on the verge of making its way out of the labs and into the hands of early adopters after a long gestation period.
Researchers like homomorphic encryption because it provides a certain type of security that can follow the data throughout its journey across systems. In contrast, confidential computing tends to be more reliant upon special hardware that can be powerful but is also limiting in some respects.
Companies such as Microsoft and Intel have been big proponents of homomorphic encryption. Last December, IBM made a splash when it released its first homomorphic encryption services. That package included educational material, support, and prototyping environments for companies that want to experiment.
[...] With FHE, the data can remain encrypted while being used by an application. Imagine, for instance, a navigation app on a phone that can give directions without actually being able to see any personal information or location.
Companies are potentially interested in FHE because it would allow them to apply AI to data, such as from finance and health, while being able to promise users that the company has no way to actually view or access the underlying data.
While the concept of homomorphic encryption has been of interest for decades, the problem is that FHE has taken a huge amount of compute power, so much so that it has been too expensive to be practicable.
But researchers have made big advances in recent years.
[...] Maass said in the near term, IBM envisions FHE being attractive to highly regulated industries, such as financial services and health care.
"They have both the need to unlock the value of that data, but also face extreme pressures to secure and preserve the privacy of the data that they're computing upon," he said.
But he expects that over time a wider range of businesses will benefit from FHE. Many sectors want to improve their use of data, which is becoming a competitive differentiator. That includes using FHE to help drive new forms of collaboration and monetization. As this happens, IBM hopes these new security models will drive wider enterprise adoption of hybrid cloud platforms.
(Score: 5, Interesting) by Mojibake Tengu on Tuesday April 06 2021, @09:28AM (1 child)
Data breach attacks are rarely targeted against ciphers and/or transport/processing directly, for it is technically difficult even today.
Most vulnerable points are end users or their platforms respectively, since they need to consume said data in final, unencrypted form to understand their practical meaning for purposes that go beyond digital domain (such as in healthcare).
"Navigation app without location" is a pure nonsense. Location is revealed existentially, by flow of communication protocols, not logically by data the protocol transports. The same with personal identity, so much datapoints for unification.
Much better safety could be achieved by decentralization, give the user all the map data you have so she can walk around safely while offline.
And let her download the music she listens while walking instead of keeping her online for tracking.
Probably not what you want, though.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 1) by shrewdsheep on Tuesday April 06 2021, @12:00PM
You certainly have valid points. Still, I believe that your location data example is only one side of the coin. Say, I want to analyze location data that was collected by a third party and I expressly want to respect privacy. In this case, homeomorphic encryption allows to me to do that and to prove the fact. Of course, location data is not automatically anonymized. Trust is still required and homeomorphic encryption only helps to remove some potentially weak links along the chain of trust.
Malicious actors still have a lot potiential in a homeomorphic encryption scenario. You you craft your analysis to reveal personal data in an obfuscated way which the final decryption still will reveal to you. Therefore review of the analyses becomes a new requirement which moves the target.
Still, I believe that homeomorphic encryption will have a greater impact.