Encrypted Data In The Cloud – The Future (4/4)
The Fourth Wave - Searchable Encryption
With a view to addressing the issue of protecting data on third party provider platforms, a number of approaches to operating on data whilst in encrypted form have been developed. The long-term solution to this problem is undoubtedly Fully Homomorphic Encryption (FHE), which allows for data to be operated on and modified whilst in encrypted form (without having to disclose the associated decryption key(s)). A number of FHE schemes have been developed to date, but none are considered efficient enough at this point that they could be utilised in a commercial product.
Other approaches such as Searchable Encryption (SE), which allows for an encrypted document collection to be searched and matching search results retrieved, all whilst in encrypted form, have proven to be much more efficient. Given the wide variety of search functionality supported by modern search engines along with the vast array of cryptographic primitives, a wide variety of Searchable Encryption schemes exist.
SE is a sub-domain of Homomorphic Encryption (HE). This has arisen as the prevalence of Cloud Computing has increased steadily to the point that it is now common practice to outsource storage of data to third party Cloud Service Providers (CSPs). Unfortunately, concerns surrounding the security and privacy of data in the cloud remain. Whilst CSPs support the use of encryption to protect data in-transit and at-rest, they still require access to customers’ decryption keys in order to process data. This is unacceptable to many and the research community has responded by developing encryption schemes that support computations on encrypted data. FHE, a type of encryption that supports arbitrary computation on encrypted data, already exists. However, it remains extremely inefficient.
Other forms of encryption that support specific forms of computation, such as SE, also exist and have been shown to be quite efficient. As an application of cryptography, SE schemes are designed to be secure against an adversarial model. SE schemes are typically designed with a technical environment in mind. Legacy-Compliant SE schemes are designed to be utilised with traditional Relational-Database Management Systems (RDBMS) that utilise Structured Query Language (SQL), whilst custom schemes discuss the operation of SE schemes in a manner that utilises abstract data structures. In the case of SE, this adversary is typically an “honest-but-curious” CSP looking to make deductions and inferences about encrypted documents based on users’ encrypted queries and encrypted search results. Ultimately it means that even if a cloud service is breached, the data is encrypted. Individuals (or companies) are the only ones who retain the private key to unlock the data.
Having data encrypted in the cloud, yet still searchable and updatable is one path to preventing future data breaches. This fourth wave has potential to become the holy grail of cloud security.
We all agree that everything should be encrypted prior to being placed on the cloud. PIE stands for Pre Internet Encryption, which basically refers to best practice in encrypting all information prior to uploading to a third party server. It is not a widely used term but understood by cybersecurity experts. Issue is: It is too simple. It basically means your documents are non-searchable, non-modifiable and non-shareable in a privacy preserving manner. We all agree that cryptography is a powerful tool, both for keeping important information private, and, when in the wrong hands, keeping illegal activities hidden from government agencies. As computers grow faster and methods for breaking encryption become more viable and sophisticated, encryption algorithms will need to be constantly strengthened to stop them becoming insecure. There is little that can be done about the usage of cryptography to keep illegal activities hidden, short of making all forms of strong encryption illegal, which would create an outrage in countries used to freedom in such matters, and would still not guarantee that usage of strong encryption would stop, with steganography allowing even the usage of encryption to be kept hidden.
Vaultree takes the holy grail, FHE, and makes it practical. We developed Enhanced Searchable Encryption. With this, we have moved the "bar height" significantly. At this time and to the best of our knowledge, no one is closer in a pragmatic sense where the balance between efficiency and security is maintained at the highest level. Concerning the market, we all know the web is broken in regards to data breaches. Our approach is necessary and applicable to consumers and enterprises alike. No one wishes to have their data leaked, but of course enterprises of all sorts risk large fines and loss of customer confidence. Vaultree's vision is to create an encrypted tomorrow and provide everyone, not just the privileged few, with the most secure place for data, which synchronises with all your devices and third party platforms and tools in the most secure manner possible with today’s and tomorrow’s technology.