A huge setback in our web application use is the vulnerability of our data. Traditionally this has been addressed through encryption, more recently 'end-to-end' encryption which by wording alone suggests that we are 'covered' for securing our data.
Well, the wording is misleading because end-to-end encryption has until now, been unable to completely secure data in all conditions.
The limits of encoding Data
The problem with encryption has always been the moment of decryption. The OWASP classifies the exposure of sensitive data as the third most crucial vulnerability in all web applications.
The vulnerability exists for 'data in use' which unlike 'data at rest' or 'in transit' we are able to encrypt with a fair amount of simplicity.
[Cyberhub Summit is Coming back to Atlanta, Ga | October 9-10, 2018 - Cyber Security education for executives and business owners and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]
Take for example, Bank card details which can be stored and transmitted whilst encrypted, currently these must be decrypted and exposed at the point of processing, putting our data in danger.
Keeping your cloud files safe with crypto locks and keys is all well and good, but as soon as you need to use those files you have to unlock the data, transferring the data to a state of both usability and vulnerability in an instance.
Its' important to recognize that this is a problem that exists on every level, from your personal email to classified National Security documents- as soon as data is decoded it becomes weak and it's something that IBM, along with everyone else, has been battling for decades.
Homomorphic encryption is a method of performing calculations on encrypted information without decoding. In 2009 IBM researcher Craig Gentry had a breakthrough with the first fully homomorphic encryption scheme. He described his own system as a place where everything happens 'inside the box ... never exposed to the outside world.”
This system allows you to work on encrypted data without having to change the status of your data to and from, plaintext.
The problem is, it's really, really slow. The fledgling prototypes struggled with huge performance issues mostly focused on the appalling speed at which homomorphic operations run. IBM has already rewritten its C++ homomorphic encryption library several times and now claims it now goes up to 75 times faster.
Finally, it appears, we may have found a way to use this tried and tested method to safeguard our existing data.
Fast-forward to July 2018 and there has been a significant leap forward with the introduction of ZeroReveal from the Start-up, Enveil.
Start-up company Enveil has launched the first usable and scalable commercial homomorphic platform, ZeroReveal, which as the name suggests, uses the benefits of the homomorphic encryption method to stop exposure of data, at any point.
It allows you to perform operations on encrypted data as if it were unencrypted data.
The best part is, that it can be used on existing data – which is Enveils' unique selling point. Enveil claim that "People don't have to change either the mechanism of storage or how they presently encrypt their data, which in traditional homomorphic systems was impossible.
They have already provided many cases and if this platform withstands the litmus test of different industries, which will include the issues of speed and userability, the potential security breakthrough is huge on the threat landscape from nation-wide security organizations to health organizations, home based workers and of course the upcoming concerns for data processors and owners over the GDPR
The homomorphic revolution may have just begun.