Rawpixel - Fotolia
An easier and secure way has been found for encrypted data to be processed and worked on in the cloud without having to be decrypted first, according to Microsoft researchers.
The researchers’ proposed Secure Data Exchange (SDE) protocol is based on the principles of the secure multi-party computation approach to cryptography. Its design allows third parties to carry out computations on encrypted, cloud-stored data and share their results.
“None of the parties will learn anything about the data beyond what they already know and what will be revealed by the function output,” a research paper authored by the group states.
“The data stored in the cloud can be used repeatedly for an arbitrary number of interactions.”
The breakthrough could lower the cost of scientific research, preserving data privacy while the information is being worked on, the Microsoft research team said.
It also has ramifications for the security of data stored in the cloud, as it negates the need for decryption to take place, making it harder for malicious agents to get hold of usable data, according to the team.
The research paper sets out a number of hypothetical use cases for the protocol within the pharmaceutical, healthcare and machine learning industries. The researchers stressed that it will allow organisations to securely sample anonymised medical data before they buy it.
This type of data is typically expensive to procure, the paper said, so a pharma company needs to be assured the information is high quality and likely to prove useful.
“Current solutions used in practice require substantial and costly litigation to preserve the interests of each party, while still typically failing to preserve full privacy,” the paper said.
“In some scenarios anonymisation procedures end up causing the resolution of the data to decrease so much that a significant part of its value is lost in the process.”
Read more about cloud security
- Cloud data security is still a major challenge for companies, with only one-third of sensitive data in cloud applications being protected by encryption, a study shows.
- Enterprise cloud security concerns are rising as investment in cloud grows, with abuse of user credentials seen as the biggest single threat, a report has revealed.
In a blog post, outlining the economic benefits of the method, Microsoft said that using the cloud will enable data owners to retain full control over how much information is revealed during exchanges.
“It’s a research project for now. But the team aims to publicly release the library, or tools, needed to implement the secure data exchange in the near future,” the blog post stated.