Cryptography and privacy go hand in hand: Leveraging cryptography to encrypt data for the purposes of preserving privacy isn’t a new concept. In fact, data encryption itself is quite easy. The far greater challenge is data decryption – or, put another way, making sure that encryption doesn’t get in the way of collaboration. After all, data is only useful when it’s allowed to move freely and be shared with the right people at the right time.
It’s also a timely topic that begs for greater understanding in light of the different positions that tech companies, privacy advocates, governments, and law enforcement have regarding the ability to decrypt sensitive data.
Historically, it’s been extremely challenging to achieve the appropriate balance of data security and ease of use. Business leaders trying to strike this balance have often tipped the scales to one extreme or the other, either locking the data down or opening access to everyone. With the former approach, innovation is stifled and the business struggles to grow. With the latter approach, data compromise is likely, leading to fines or having data held ransom.
The good news is that you don’t have to choose between one extreme or the other. With modern technology, it is possible to strike a balance between data privacy and data sharing. This article will cover the basics of data encryption, how data encryption does and does not ensure data privacy, and introduce some modern techniques designed to simultaneously enable data security and easy data sharing.
Explaining Data Encryption and the Key Exchange Problem
In technical terms, data encryption is the process of converting data into code to prevent unauthorized access. It’s like placing a digital lock on data. And just like locks in the physical world, a person needs one or more keys to unlock the door – or, in this case, the encrypted data. Once data is encrypted, any person, device, or system that needs to access that data will need the key to unlock it.
In the physical-world example, people could meet and privately exchange keys to the locks. But on the internet, there is a bit more of a chicken-and-egg scenario. People want to securely exchange keys, but that requires encryption – and they can’t use encryption until they’ve exchanged the keys. This is commonly referred to as the “key exchange problem” and understanding the approaches to solving this problem will help increase understanding of the unique challenge that preserving data privacy presents, even with encryption.
While a hybrid approach to key establishment and exchange between parties is a great balance between speed, security, and user experience, there is still a degree of trust required between the parties exchanging data.
To put it simply, if a person were to send you some encrypted data and provide only you the keys to unlock it, once you unlocked the data, you would have full access and control to the now-decrypted copy of that data. If the data were sensitive or confidential in nature, then that person would be trusting you to maintain the privacy and security of that data. In the physical world, this would be like handing a folder of financial documents over to your banker in person and having some degree of control because you can observe what they do with those documents. But once you walk out of the room, the banker could photocopy the documents and share them with whomever they wish.
Most people don’t love the idea that they have to choose between getting value from their data or preserving their control over their data and their privacy. Increasingly there are options that allow people to have both.
Privacy-preserving cryptography is an area of cryptographic techniques designed to enable data to be freely shared while keeping the underlying data private, even while that data is “in use.” These cryptographic approaches enable data to be shared with another party and for that data to be used in secure computation without directly revealing the actual data to the other party. Basically, people can share the data, not share the keys, and still extract insights from the data. Here are several privacy-preserving cryptography techniques:
- Secure multiparty computation is an area of cryptography focused on enabling two or more parties to interact with each other in a way that enables each of them to keep all of their own important data secret and still enable everyone to learn something interesting from the combined data. For example, a group of co-workers can share their salaries to learn the maximum salary without giving away each of their individual salaries to anyone else
- Zero-knowledge proofs are a subtle but important variation on this concept. The simple idea is that people can prove X to you without actually revealing any details about that information directly. A practical example might be proving to a bank that a person is qualified for a given loan amount without having to provide them with their historical financial data.
- Fully homomorphic encryption (FHE) is probably the most exciting variation. It enables a person or organization to share encrypted data with another party without giving them the keys, but still allows that party to perform many different types of computations on their data. This approach essentially puts fewer limits on the types of computations possible. The results of any computations are also encrypted and can only be decrypted by the data owner. Basically, the other party can analyze data but not learn anything about the data or the analysis of the data.
A practical example of this technology could be used for storing data in the cloud – a person could store data encrypted with FHE in the cloud but still be able to search and retrieve select data without having to hand over the keys to decrypt that data to the cloud provider, and without the cloud provider being able to see the query string or the results of the query.
Each of the above techniques shares a common characteristic: They enable the sharing of encrypted data for analysis by another party without having to provide the decryption keys to that party. But these aren’t the only ways to protect user privacy while data is in use.
Data-centric security technologies enable data owners to make fine-grained decisions about data access. By cryptographically binding access policy to the encrypted data, the policy travels with that data, preserving data the owner’s control and providing visibility into data usage. Data-centric security approaches are crypto-agile, meaning that they can adapt with the changing cryptography landscape to leverage any secure cryptographic technique that they choose. This crypto-agility enables data-centric security policies to be combined with any of the privacy-enhancing techniques we’ve discussed, enabling data owners to leverage both best-in-class privacy-preserving analytics and the ability to share the decryption key to the underlying encrypted data only with particular individuals, devices, or systems.
For example, if this data-centric approach were combined with fully homomorphic encryption in a healthcare scenario, a person would be able to enable a third party to analyze their protected health information and define an access policy that enables themselves, their family, and their doctor to decrypt the result from that analysis.
Data-centric security is an emerging area of technology and one that is gaining traction in the commercial and federal sectors around the world. In fact, there is an existing standard, published by the Office of the Director of National Intelligence or ODNI, called the Trusted Data Format, that defines a standard format for implementing data-centric security.
The Need for Crypto-Agility
Whether a person or organization chooses to adopt data-centric security technologies and/or privacy-enhancing technologies, they should at the very least be looking to adopt solutions and technologies that enable them and their organization to be crypto-agile. As we’ve seen with the recently reported Microsoft Office Message Encryption (OME) vulnerability, the choice of the cryptography algorithms used in modern solutions matters.
In the Microsoft OME case, Microsoft has been using an approach that has been deemed to be a ‘bad’ one for message encryption, leaving the underlying message contents vulnerable to a brute-force attack given enough encrypted data. If the Microsoft OME solution were crypto-agile, Microsoft could enable its customers to change the underlying method used for day-forward message encryption.Given the rapid pace of innovation in technology in general and cryptography techniques in particular, and the growing rise in cyberattacks, organizations should be asking basic questions about how their data privacy is preserved by the technologies and vendors that they leverage for their cybersecurity needs, including what algorithms are used, whether the solution is crypto-agile, and who owns the decryption keys.