Encrypted Data in the Cloud

In recent years, there have been numerous data breaches where sensitive data has been leaked. Global data privacy and protection legislation is still poorly enforced, creating confusion and misinterpretation. As well as this, data security and data privacy are two of the most commonly cited issues with cloud computing. There is a fear amongst some that cloud service providers (CSPs) exploit customer data for their own means, such as sharing customer data with third parties. To alleviate these fears, cloud service providers have introduced support for data encryption. Whilst encryption is synonymous with data security, the manner in which it is utilized by cloud service providers fails to offer complete security.

Encryption Guarantees Security

Used in its traditional form, encryption guarantees the security of data-in-transit and data-at-rest. However, it must be decrypted once received or retrieved from storage to allow any type of computation to be performed on it. To retain the ability to process encrypted customer data, cloud service providers require access to the associated decryption keys. Such keys can be stored on the premises of the cloud service provider or forwarded there by the customer as and when they require access to their data. Whilst this approach goes some way towards addressing the data security and privacy fears associated with the cloud, it is not considered truly secure by virtue of the fact that customers must disclose their decryption keys.

Varying Approaches of Encryption

With a view to addressing this issue, a number of approaches to operate encrypted data have been developed. The long-term solution is undoubtedly Fully-Homomorphic Encryption (FHE), which allows data to be operated on and modified while in its encrypted form, without having to disclose the associated decryption keys. A number of FHE schemes have been developed to date, but none are considered efficient enough at this point that they could be utilized in a commercial product.

Other approaches, such as searchable encryption (SE), allow an encrypted document to be searched while in its encrypted form, which has proven to be much more efficient. Given the wide variety of search functionality supported by modern search engines, along with the vast array of cryptographic primitives, a wide variety of SE schemes exist.

SE is a sub-domain of homomorphic encryption, which has steadily risen along with cloud computing. It is now common practice to outsource storage of data to third party cloud service providers. Unfortunately, concerns surrounding the security and privacy of data in the cloud remain. While CSPs support the use of encryption to protect data in-transit and at-rest, they still require access to customers’ decryption keys in order to process data. This is unacceptable to many and the research community has responded by developing encryption schemes that support computations on encrypted data. Although FHE exists, it remains extremely inefficient.

As an application of cryptography, SE schemes are designed to be secure against an adversarial model and with a technical environment in mind. Legacy-Compliant Searchable Encryption schemes can be utilized with traditional relational-database management systems (RDBMS) which use structured query language (SQL) – a type of programming designed to retrieve specific information from databases. Ultimately, if a cloud service is breached and the data is encrypted, individuals or companies are the only ones who retain the private key to unlock the data. Having data encrypted in the cloud, yet still searchable and updatable is one path to preventing future data breaches.

Fully-homomorphic encryption and searchable encryption will be an essential tool for many individuals and organizations – especially in a time where the majority of us are relying on technology more than ever before. We can expect to see the continuation of this as technology advances, to prevent data breaches from becoming even more of a threat.

What’s Hot on Infosecurity Magazine?