Microsoft research aims to better utilise encrypted cloud data without privacy fears
In some instances, encryption is a double-edged sword: if data is encrypted in the cloud, it’s secure, but you can’t get access to it. Yet a new research paper presented by Microsoft may be the first step to changing it.
The paper examines the concept of secure data exchange (SDE), where the aim, as a blog post from Microsoft Research writer John Roach puts it, is to “unlock the full value of encrypted data by using the cloud itself to perform secure data trades between multiple willing parties in a way that provides users full control over how much information the exchange reveals.”
Microsoft gave a real-world example of their plan. For instance, imagine if a group of employees wanted to know where their salary ranks in relation to each other, but not wanting to reveal their salary to the rest of the group. A trusted colleague could hear each employee’s salary in confidence, calculate an average and then forget about it. Here, the cloud – as a ‘secure multiparty computation’ enabler – makes the latter redundant.
As a result, all of the computation is performed in the cloud and is encrypted in such a way that the cloud server does not know what is being computed. If all goes to plan, the cloud reveals the decrypted results to the interested parties and privacy and security are not compromised.
The research also examines the potential such an implementation could have on machine learning – for instance, in making progress in genome-wide association studies (GWAS) to assess whether genetic variants have effects on certain diseases. The report authors note that the privacy fears of those who do not wish to participate in these projects would be assuaged, as well as making better use of the data generally – “full of potential but ultimately of little use to anyone but its owner,” as Roach writes.
“What we are trying to build is a mechanism by which you can say ‘Look, I am interested in your data, but I want to verify it is really what I need before I purchase it,’” said Ran Gilad-Bachrach, a researcher in Microsoft’s Cryptography Research group and co-author of the paper.
You can read the full paper (PDF) here.
- » Hyperscale operators invest hard in data centres amid modest overall capex, says Synergy
- » Waste not, want not: How enterprises can avoid an idle cloud estate
- » How AI is bringing a new dimension to software testing
- » Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more
- » Cloud complexity and ‘terrifying’ IoT means organisations’ asset visibility is worsening – report