Can cloud-based computing be made more secure in the future using what crypto geeks call "fully homomorphic encryption" to send data as "encrypted blobs" that can be understood and subject to processing without having to actually de-crypt them first to see the plaintext?
"That's the vision," says J.R. Rao, IBM's senior manager for secure software and services at the IBM Thomas J. Watson Research Center. He notes that breakthrough mathematical work in fully homomorphic encryption done by IBM researcher Craig Gentry is providing a "foundation for the encrypted path" that IBM hopes will radically improve how data can be kept secret and confidential.
But Rao acknowledges the feeling that it's all still a bit like the Wright brothers' first flight in aviation, with some practical developments needed before everyone climbs on board.
Today, data can be encrypted using a variety of techniques, but in order to do anything that might have to be done with the data, it's necessary to decrypt it. "Today, to work with data, you have to work with data in the clear," Rao notes. "And that can be a problem." Instead, the idea is to create "encrypted blobs" that don't have to be decrypted and still allow for many practical applications by being combined with and processed by other encrypted blobs. "But you know what's encrypted in the blobs," says Rao.
But others don't. With what has been ground-breaking development work in fully homomorphic encryption, it's possible.
IBM is convinced the basis is there to do a wide variety of things with encrypted blobs, including computational arithmetic on encrypted data, which could be useful in the financial sector. Or privacy-enhancement for Web services, such as searching, which would keep search engines from building up profiles on people. And in cloud computing, it would be a way to store data so that there could be authorized processing of it without it having to be changed into cleartext and then encrypted again.
"We're in the process of working on that now," says Rao. The goal is that "if end users are submitting private and sensitive information in the cloud," they would know that data would be kept confidential as encrypted blobs. "We're now figuring out how to do this in cloud computing," he says, but adds that IBM is not at the stage to announce products or services yet.