Encryption, when used appropriately, can add an essential layer to the data security posture of an enterprise and protect sensitive data by making them less vulnerable to a breach. This has become very topical, given several enterprises - Facebook, Google, British Airways, Chegg, Quora, Marriott Hotels, and The Indian Government (Aadhar Database) - have all been hacked in the recent past and millions of customer accounts compromised.
While encryption has been around for more than 2 decades, there has been a lot of investment and innovation in this area in recent years; this blog highlights some of the emerging technologies that have the potential to shape the cryptology space for the coming decade and more. This post specifically focuses on innovation around software based encryption technology trends (areas not addressed include innovation around runtime encryption techniques relying on hardware).
Homomorphic Encryption is a computation technique where data is processed without the need for decrypting it first. One of the most promising features of Homomorphic Encryption is its ability to secure data in use or data in motion.
Invented in 2009 by IBM researcher Craig Gentry, though at the time Homomorphic Encryption method required high computational power to execute simple tasks. However, in the decade since its invention, Homomorphic Encryption technology and the infrastructure to support it has matured to a level where it can be used in real-world applications.
With Homomorphic Encryption, it is possible to do computation on private databases without decrypting the original data. This is a remarkable property that could allow computation on datasets which either reside in silos or are owned by different entities. For example , Genomic data and patient data that if analyzed together, could help find genome sequence associated with a certain disease without actually “seeing” the data and violating the patient’s privacy. Homomorphic Encryption also enables private search engine queries, essentially creating a search engine that preserves the privacy of the user.
One of the emerging encryption mechanisms used against brute force attacks is honey encryption that deceives the attacker into believing that she has hacked the codebase.
A brute force attack relies on repeated decryption with randomly generated keys. What honey encryption does is that it produces ciphertext that on decryption with the wrong key yields a plausible looking yet incorrect plaintext encryption keys. This will make it harder for the attacker to know if he/she has guessed correctly or not.
Ari Juels from Cornell Institute and Thomas Ristenpart from the University of Wisconsin developed honey encryption in 2014. Honey encryption mechanism is used to protect private data in real-world applications like credit card transactions and text messaging.
Multi-Party Computation is an important subset of cryptography. Multi-party computation splits the work up across multiple servers and ensures that no single server has all the encrypted data at once. Originating in the 1980s (and so not new), it works as follows. Let’s say the data that needs to be protected is a "user’s personal data". The personal data is split into several, smaller parts, each of which is masked using cryptographic techniques. Next, each piece of encrypted data is sent to a separate, independent server, so that each server only contains a small part of the data.
An individual or organization looking to access the user's personal data will need to aggregate the encoded data. Additionally, it will be possible to perform computations based on the personal data, by requiring each server to perform computations on its small part of the data, without disclosing the entire dataset to the server.
Multi-Party Computation's combination of encryption and distributed computation can enable compelling solutions for data privacy and security. A sample application would be for for governments and enterprises to securely store public records of individuals.
Biometrics is increasingly used for authentication leading to the need for cryptographers to devise encryption approaches that can secure these biometric-based authentication systems.
Biometric encryption binds a cryptographic key to a biometric like fingerprints, facial scan or voice in such a way that neither the key nor the biometric can be retrieved from the stored biometric template. This key can be recreated only if the original and live biometric is presented for verification.
There are two phases in biometric encryption. The first phase is Enrollment, in which the biometric is tied to a randomly generated key to create a biometrically encrypted key using a binding algorithm. The second phase is called Verification in which the fresh biometric is used to decrypt the biometrically encrypted key using a retrieval algorithm to gain access.
Biometrics have a widespread application in wearables, fingerprint & facial scanners, and speech recognition technologies. From mobile phones to laptops to governments across the world are using biometrics for authentication. With the advent of apps like Snapchat, FaceApp that give their users an option to do a wide gamut of image manipulation and share them with the world, finding ways to keep this deluge of PII safe is pertinent and require continued innovation in biometric encryption space.
Quantum computing technology could disrupt many businesses primarily in the security, finance, and health industries. Though quantum computing is still in the nascent stages of development, when widely adopted, it has the potential to easily break the existing encryption systems by allowing malicious actors to use the massive compute capability of Quantum computers to brute force decrypt data or engage in man in the middle attacks.
With quantum computing, the security industry will witness one of its most challenging problems: How to secure data when the power of quantum computing is in the hands of malicious actors?Quantum cryptography is an encryption mechanism that uses principles of quantum physics to encrypt and transmit data in a secure manner. Generally, encryption systems work with secret keys that are mostly randomly generated string of numbers used to encrypt/decrypt data. In quantum cryptography, photons are used to transmit data from one point to another. And careful measurements of the quantum properties of photons on both ends helps in determining the key and if it is secure to use. If a third party tries to access or copy this communication, the state of photons will change, and the communicating endpoints will detect this change and prevent unauthorized access to the data.
One of the pioneers of quantum cryptography Stephen Wiesner introduced the idea of quantum conjugate coding, a concept that laid the foundation for advancements in quantum cryptography. His paper on conjugate coding was published on SIGACT.