Many organizations face the challenge of implementing data protection and security system because the threat can significantly disrupt and damage their enterprise. Data security is convergence of disciplines, technologies and methodologies for the purpose of protecting and securing digital assets. With the increasing importance and emphasis on security in ever growing enterprise storage network, new scalable and transparent security controls for future data centre are required to cope with the constantly changing advance attacks. We are particularly interested in modern cryptographic systems include Lattice based Cryptography, specifically the Ring LWE forms. Some of our pioneering projects aim to engineer state-of-the-art techniques and concepts to deployable data storage and transport systems benefiting the local as well as the Global Data intensive industries.
Another area of interest for Data Security team is the use of Distributed Hash tables and BlockChains and their effect on security landscape in avoiding Single Point of Failure and avoiding Distributed Denial of Service scenarios.
1. Secure Search
Enterprise cloud tenants would store their outsourced cloud data in encrypted form for data privacy and security. However, flexible data access functions such as data searching is usually sacrificed as a result. Thus, enterprise tenants demand secure data retrieval and computation solution from the cloud provider, which will allow them to utilize cloud services without the risks of leaking private data to outsiders and even service providers. One solution to this problem is to support all operations on an encrypted data, also known as Fully Homomorphic Encryption (FHE). But this is not practical at the moment on large swaths of data. We have invented a new scheme exploiting the Homomorphic property of XOR to provide oblivious scalable search on large data to support secure keyword searching on encrypted data for cloud storage.
First, this scheme specifies a new data protection method by encrypting the keyword and randomizing it by performing XOR operation with a random bit-string for each session to protect access pattern leakage; Secondly, a Homomorphic evaluation key enables the searching evaluation to be on-demand calculated, thus it removes the dependency of key storage on cloud and enhance protection against cloud’s violability; Thirdly, this scheme can effectively protect data-in-transit against passive attack such as access pattern analysis due to the randomization. This scheme also can reduce data leakage to service provider because the homomorphism-key solution instead of key storage on cloud.
The above three features have been proved by the experiments and further tested out at Email service which can support secure subject searching. The execution time of one searching process is just in the order of milliseconds.
2. Fully Homomorphic Encryption (FHE) and Applications
One of the core research areas of the Security team is Homomorphic Encryption techniques. We are pioneering application focused research in Levelled, Somewhat and Fully Homomorphic Encryption algorithms.
FHE is a technique that allows any amount of computation to be performed on the encrypted data without ever the need to decrypt, until the final result is obtained in encrypted form. It solves one of the biggest challenges in Cloud computing today. Privacy of data. Since computation is now possible on encrypted domain, the technique can be leveraged to utilize computational power of the cloud while keeping the data private.
A typical FHE application
But the technology is still in a nascent stage and evolving. Currently the solution is impractical owing to the enormous multiplication of size of data in encrypted form and massively intense computation required to perform operations on the encrypted data. Given the impracticality of the FHE techniques on large volumes of data, we apply design tradeoffs using application knowledge to achieve a practical and secure implementation. The following application domains are currently being pursued.
3. Secure Health Care Cloud
In 2015, Healthcare Industry suffered about $5.6B loss due to data breaches. At the same time cloud computation significantly helps the diagnosis and healthcare delivery across the world and evolved tremendously in the last few years. We are looking into providing a secure health care cloud where Patient data is stored in encrypted form and regulatory bodies or Insurance companies can calculate risk and other useful analytical information in the encrypted data and give the result in encrypted form to the patient. One can envisage the results as insurance premium quotes calculated on the patient data, but done with complete privacy.