The Next Wave | Vol. 20 No. 3 | 20141R e s e a r c h D i r e c t o r at e s t a f fA major hurdle to the adoption of cloud-based services is security. Cloud users, particularly at the enterprise and government level, are concerned with losing control of, or just plain losing, their data once it is placed in the cloud. The abstractness of cloud storage makes it difficult for consumers to feel comfortable that their data is well protected by cloud service providers. Encryption could allevi-ate this issue. However, if you want to manipulate your encrypted data in the cloud, the secret key to decrypt your data must be shared with the cloud provider. This sort of defeats the idea of a secret key. Sharing this key of course would allow the current cloud provider (or future provider if the service changes hands) access to your data. The answer to this problem could be homomorphicencryption.For example, a bakery in New York that uses a cloud service provider’s infrastructure to host their e-mail wants to search through those e-mails for an order erroneously sent to Hoboken, New Jersey. If the data is plaintext, the subscriber just plugs in a search term (e.g., “cupcakes Hoboken”) and views the results. If the data is encrypted, the bakery will need to share the secret key with the cloud provider to access the information stored on the provider’s servers to query against the data. Sharing that secret key now potentially gives the provider access to the company’s data, and if there is a security breach, it may also give cybercriminals access to the data. Homomorphic encryption would allow the bakery’s owners to search the encrypted e-mails for items related to the Hoboken mishap and get results as if The word homomorphichas roots in Greek and loosely translates as “same shape” or “same form.” In relation to cryptography, the concept is that operations can be performed on encrypted data without sharing the secret key needed to decrypt the data. Homomorphic encryption has great utility in cloud computing, particularly for those that wish to house encrypted data on cloud providers’ servers. Securing the cloud with homomorphic encryption
The Next Wave | Vol. 20 No. 3 | 20142Securing the cloud with homomorphic encryptionquerying against the plaintext data, without sharing thekey. The idea of homomorphic encryption has been around for about 30 years, and thanks to a sig-nificant breakthrough in 2009, the end game of a practical fully homomorphic encryption solution is in sight. There are fully homomorphic encryption solutions that exist today, but because of limitations related mainly to the complexity of computations, these solutions are not considered practical for use with today’s applications. These limitations are being addressed, and some say a practical solution could be achieved within a decade. If a practical, fully homomorphic solution can be created, it could be the catalyst that breaks down the security barrier to widespread cloudadoption.