SoylentNews is people
SoylentNews
The topics of security and data have become almost inseparable as enterprises move more workloads to the cloud. But unlocking new uses for that data, particularly driving richer AI and machine learning, will require next-generation security.
To that end, companies have been developing confidential computing to allow data to remain encrypted while it is being processed. But as a complement to that, a security process known as fully homomorphic encryption is now on the verge of making its way out of the labs and into the hands of early adopters after a long gestation period.
Researchers like homomorphic encryption because it provides a certain type of security that can follow the data throughout its journey across systems. In contrast, confidential computing tends to be more reliant upon special hardware that can be powerful but is also limiting in some respects.
Companies such as Microsoft and Intel have been big proponents of homomorphic encryption. Last December, IBM made a splash when it released its first homomorphic encryption services. That package included educational material, support, and prototyping environments for companies that want to experiment.
[...] With FHE, the data can remain encrypted while being used by an application. Imagine, for instance, a navigation app on a phone that can give directions without actually being able to see any personal information or location.
Companies are potentially interested in FHE because it would allow them to apply AI to data, such as from finance and health, while being able to promise users that the company has no way to actually view or access the underlying data.
While the concept of homomorphic encryption has been of interest for decades, the problem is that FHE has taken a huge amount of compute power, so much so that it has been too expensive to be practicable.
But researchers have made big advances in recent years.
[...] Maass said in the near term, IBM envisions FHE being attractive to highly regulated industries, such as financial services and health care.
"They have both the need to unlock the value of that data, but also face extreme pressures to secure and preserve the privacy of the data that they're computing upon," he said.
But he expects that over time a wider range of businesses will benefit from FHE. Many sectors want to improve their use of data, which is becoming a competitive differentiator. That includes using FHE to help drive new forms of collaboration and monetization. As this happens, IBM hopes these new security models will drive wider enterprise adoption of hybrid cloud platforms.
(Score: 1, Interesting) by Anonymous Coward on Tuesday April 06 2021, @04:30PM (2 children)
I can't seem to find the paper anymore, but I seem to remember that there was a group that explored the idea of a "perfect"* homomorphic database.
I think they found that a column of data could be completely decoded to within 5% (that is each entry known to +/- 5% of its real value) within about 500 random queries. The issue was that a DB needed to be able to ask for entries with values in a range (A X B), and querying random ranges (even without knowing the ranges due to encryption) gave you the "shape" of the data. If you knew the header, that gives you clues as to polarity (which end is "high" and which is "low") and general range. Best of all, the attack scaled! It didn't matter how big the DB was, 500 queries was all it took to get to within 5% of the real values for the entire DB.
Remember this was an attack against a perfect implementation of homomorphic encryption! The attack was against the spec itself, not an implementation.
*perfect meant that no data was leaked other than the indexes of the rows that matched a query.
(Score: 0) by Anonymous Coward on Wednesday April 07 2021, @12:52AM
Range queries in general were known to be dangerous for the reason you mention because they reveal information about the underlying data. The paper you mention was just quantifying how dangerous they were. The underlying idea was that with enough range requests you can total order the data and from there compute approximate values, with the accuracy depending on how distributed the data was. However, not all homomorphic encryption allows such operations and the focus has been on computational complexity and security margin, rather than native incorporation into the entire data chain.
(Score: 2) by VLM on Wednesday April 07 2021, @02:03PM
Well the squareroot of 500 is about 20 something and most data is surprisingly narrow range of values (height, for example)
So if you forbid asking how many are exactly 183 cm in height, you can manipulate the system by comparing results like "who's between 182 and 200 cm height" vs "who's between 183 and 200 cm height" and trivially you get one answer with basic subtraction but more fundamentally you build a set of 500 linear equations and try to solve the set and lots of data will fall out. Also there's a shitload more people around 183 cm in height than 400 cm in height so comparing the ranges 182 to 300 and 183 to 400 returns results nearly as good as the previous example.
That's the logic of leaving the data encrypted during the operation and highly regulating the decryption oracle to log what people are going and how often. So for relatively safe data like height you let them get away with it maybe just log what they're doing (why are they so fascinated with height... is it to deanonymize gender or race or age or ??), but for something like deanonymizing online election voting or "celebrity" medical records or whatever you'd probably rate limit the oracle to one query per week so it would take a billion years (or whatever) to deanonymize 1% of federal election ballots in some theoretical online system.