The Inquirer-Home

Homomorphic cryptography will save the cloud

No decryption needed on medical information
Tue Aug 09 2011, 16:39
boffin-watch

REDMOND-BASED boffins at Microsoft have been working on a way to send data back and forth to cloud services securely, and by jove, it looks like they have got it.

According to a report at the MIT published Technology Review Microsoft researchers have developed a system based on an homomorphic encryption cryptographic technique that is designed to let users share medical advice and analyse statistics and information in an encrypted form without decrypting it.

The demonstration, which proved that statistical analysis can be performed on the data while not decrypting it, requires a key at the data owner's end to interpret the results. According to Microsoft researchers Kristin Lauter, Vinod Vaikuntanathan and Michael Naehrig, this means that even if data could leak out from the cloud system, as we have seen so often in the past, it would be impossible to read, which makes a change.

"This proof of concept shows that we could build a medical service that calculates predictions or warnings based on data from a medical monitor tracking something like heart rate or blood sugar," said Lauter. "A person's data would always remain encrypted, and that protects their privacy."

According to Lauter the homomorphic encryption has made all the difference. "People have been talking about it for a while as the Holy Grail for cloud computing security," she added. "We wanted to show that it can already be used for some types of cloud service."

Only some parts of this Holy Grail system have been used so the Microsoft researchers call it "somewhat" homomorphic. This somewhat system can perform only a fraction of what a full version could do, but it is apparently fast enough to be used in the real world for some important purposes.

"You can still do a lot of statistical functions and perform analysis like logistical regression, which is used to do things like predict how likely a person is to have a heart attack," added Lauter.

In a test the software was run on an ordinary laptop and added together 100 numbers, each 128 binary digits long, in 20 milliseconds, reports Technology review, and this and other tests could be enough of a proof of concept to foster more use.

"Those schemes are still very much in flux and evolving fast," she added. "We're hoping that people will do serious implementations of our design." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?