Secure Cloud Data Processing
Companies outsourcing data storage and management to cloud services are being confronted with a new concern. How can data be stored and accessed in a way such that individuals and businesses privacy is maintained?
Traditional cryptographic encryption applications are limited to the transmission of data to and from the cloud and occasionally with data at rest in some sort of cloud storage.
But most companies aren’t content to simply store data in the cloud – they want to analyze it! And performing almost any analysis requires that the data first be decrypted. Therefore, persistent attackers will still have an opportunity to compromise sensitive data.
In 1978, Rivest, Adleman and Dertouzos asked,
“Can one compute on encrypted data, while keeping it encrypted?”
What is Homomorphic Encryption?
Homomorphic encryption (HE) is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext, as represented below:
Enc(M1) + Enc(M2) = Enc(M1+M2)
HE enables companies to process and analyze data within a cloud computing environment while helping to ensure the confidentiality of processed data.
For example, companies can encrypt data such as e-mails, order transactions, and financial data and then upload them to the cloud. Then, they can use the cloud-stored encrypted data to attempt to analyze sentiment, predict market trends, and identify bottlenecks. Like the input data, the corresponding results would be also be encrypted, which would additionally insure privacy and protect potential trade secrets.
How can Splunk and other cloud service providers use HE?
In this post-Snowden era, security and privacy concerns have reached a new level, nowhere more so than in the cloud. Splunk and other cloud service providers should consider the following recommendations:
- Open the cryptographic schemes and algorithms we use to the public
- Use HE and HE-capable applications to transmit, store, and process customer data and ensure that results are similarly encrypted
- Never store any plaintext data from customers except where completely unavoidable
Cloud computing has started to revive the public’s interest in creating practical HE schemes and applications. At Splunk, we believe in the possibility of advancing HE, both in academics and in industry, and we look forward to someday bringing new HE technologies to the market.
The author would like to thank Alex Raitz for his helpful insight and feedback on this article.