Thursday, April 5, 2012

Encryption followup

Not sure I completely agree that the author's perspective, that this particular approach to enciphering data will be the "big breakthrough" in cloud security, but the article is worth reading for two reasons, IMHO,

- A novel approach to a way to ensure security of data; this method seems to offer a compelling means.

- It illustrates why the use of patents to secure investment in a new technology is a double-edged sword.

By making the monopolistic use of a technology possible for inventors, the theory goes that inventors are motivated by the potential profits. On the other hand, useful inventions are denies by artificially maintaining high prices.

This particular approach utilizes homomorphic concatenation (concatenating two fragments of ciphertext, and can be found in RSA's approach as well as others. When considering cloud computing, "encrypting in the cloud" (on the server side) might not make the most sense. But because one buys computing resources on as-needed basis, it is very easy to increase the number of available servers when peak usage occurs, and reduce the number when not needed. While you can secure the channel to the cloud resource (via SSL), what do you do with the data on the persistent storage side?

As Craig Stuntz explains, what if it were possible for a user to upload their information encrypted under a public key? Then their data would be secure. This is possible today, but the server-side resource would be unable to act on the data. If, however, the encryption method used was also fully homomorphic, then the cloud-based web service could do all of the work without first decrypting the user’s information. The output of would still be encrypted under original public key. In fact, you'd be providing a valuable service without ever decrypting the end user's data.

Read more...

No comments:

Post a Comment