When Kurt Rohloff was working as a senior scientist at Raytheon BBN Technologies, he quickly realized the value of encryption when storing data in the cloud. However, he viewed the fact that the data couldn’t be computed on after encryption as a major obstacle in what he needed to accomplish.
“If I wanted to have someone process computations on that data, I had to either share the decryption key or share the information unencrypted,” Rohloff says. Both methods invited unnecessary security risks.
When faced with a challenge there are often two choices: find a solution or invent one. For Rohloff, the answer lay in the latter. The obstacle inspired him to focus intensely on a project funded by the Defense Advanced Research Projects Agency (DARPA) at Raytheon and then take the leap over to academia to further his research. Today, as an associate professor of computer science at the New Jersey Institute of Technology, he’s actively working to solve the issue of security in the cloud by making homomorphic encryption—a cryptic system that allows computations to be performed on data without decrypting it—practical and scalable.
The technology underlying Rohloff’s approach is a relatively new family of encryption schemes called lattice encryption. As Rohloff explains, encryption schemes are determined to be secure based on the hardness of some underlying computational problem. Lattice encryption schemes (e.g., homomorphic encryption schemes) offer more security than traditional public key encryption schemes like RSA. “Even if an adversary had a practical quantum computing device, the adversary would be unable to break the primary lattice encryption technologies,” Rohloff says.
Rohloff adds that a big benefit to continuing his research in academia is the ability to focus much more on open source technologies. He recognized that if the technology was going to be used in a general context, the core parts would need to be evaluated to establish trust, and the easiest way to do this is open source. Rohloff is developing an open source library that he expects will be released in the next several months.
Rohloff’s homomorphic encryption solution and scalable algorithm design have exciting implications for IT administrators, managers and architects across virtually any industry that would benefit from performing computations on encrypted data stored in the cloud. And, it couldn’t come at a better time. According to a recent study from IDG Enterprise, IT decision makers’ spending on security technologies is expected to increase 46 percent in 2015, with cloud computing increasing 42 percent. Furthermore, cloud computing initiatives are now viewed as the most important project for the majority of IT departments today, with 16 percent of those departments focusing on these initiatives this year.
A prime example of an industry to benefit from Rohloff’s open source library and approach is the military or law enforcement. Suppose police officers or military personnel had body cameras on their chests and wanted to enlist facial-recognition technologies to produce real-time data to assist in say, searching for criminals. This technology would allow IT professionals to encrypt a video feed and send it to a commercial cloud, which would offer a way to reduce the cost of hosting data internally. Then, they could run an encrypted facial-recognition algorithm on the video feed while the data remained fully encrypted in the cloud. Once the algorithm generated identifications on people-of-interest observed in the video feed, alerts could be sent back to the police wearing the cameras.
The solution could also make data processing from medical or financial records more secure. Insurance companies, hospitals and doctors would be able to compute data securely to address topics like determining the most beneficial treatment without having to share identifying information, worry about a data leak or be concerned about breaching HIPAA regulations. Financial professionals could use the technology to, say, assess the probability of an individual getting audited without having to share any personal data.
“I see homomorphic encryption as a way of putting control back in the hands of the owner of the data, rather than in the hands of cloud providers,” Rohloff says. He also says the technology dissolves liability issues, since cloud providers would no longer have to worry about the data itself; they would have no access to it at all.
To be sure, solutions for homomorphic encryptions are already available today (discovered as mathematically possible back in 2009), but they process data very slowly. Rohloff’s solution is taking this technology in the direction of faster and more efficient computing in the cloud, and he is working with data cloud providers to help define what computing on encrypted data will look like.
As Rohloff explains, “Everyone wants security, just like everyone wants world peace.” World peace may be an unattainable goal, but thanks to Rohloff’s ingenuity and willingness to redirect his work efforts to solve a very real challenge, a solution for making your data stored in the cloud more secure may be closer than you think.
For updates on Rohloff’s open source library and continued work to secure your data, go to https://cryptolab.njit.edu.
Renee Morad is a freelance writer and editor based in New Jersey. Her work has appeared in The New York Times, Discovery News, Business Insider, Ozy.com, NPR, MainStreet.com, and other outlets. If you have a story you would like profiled, contact her at [email protected]
The IT Innovators series of articles is underwritten by Microsoft, and is editorially independent.