Zero Trust Data Security

February 3, 2020

A quick glance at the world’s biggest data breaches & hacks immediately shows that organizations are suffering from massive breaches and cyber attacks. Each data breach instance on average costs businesses $3.92 million according to a study conducted by IBM. Most of these attacks are often attributed to compromised credentials, backdoors, social engineering, malware and more. This is however masking the root cause which is that data is often not protected with the right safeguards.

In a traditional secure system, customer data is encrypted in transit and at rest but would be decrypted by the provider at computation time. This implies that the data can be viewed by an unintended party, leaving it vulnerable to potential exploits. An attacker, such as a malicious insider or an outsider who has gained access to the system, can intercept at the point the data is decrypted to obtain unauthorized access. Even worse, in some instances, the attacker can steal the private keys and freely decrypt all incoming customer data. To preemptively prevent such attacks from happening, organizations must adopt a Zero Trust mindset for data protection.

Zero Trust Data Security

To that extent, one of the most effective solutions available is Fully Homomorphic Encryption (FHE). Unlike other types of encryption, FHE enables arbitrary computations to be performed directly on the encrypted ciphertexts without decrypting them. The computational result would be the same as if they were performed on plaintexts. The workflow is as follows:

  1. The customer encrypts data with FHE and keeps the private key secret.
  2. The provider computes on the encrypted data directly, without being able to decrypt it. The result is auto-encrypted under the customer’s key.
  3. The customer decrypts the result using the private key.

Throughout the entire process, the provider gains no knowledge about the data, including the output result. Now, consider again the scenario where a hacker has compromised the provider’s system. They no longer have any point of intercept as the data is never decrypted, nor are there any secret keys to steal as the provider does not have them. With FHE, data ownership and data compute are now truly separated, eliminating all privacy concerns and strengthening security.

Also unlike existing popular schemes such as RSA and Diffie-Hellman, FHE schemes are secure even against attacks that leverage quantum computers. For more information, the readers are recommended to view the Homomorphic Encryption Standard website.

While theoretically sound, computing on encrypted data often involves a large overhead resulting in a speed degradation and memory overhead of as much as 1000x compared to its unencrypted counterpart. Leveraging cutting edge advances in Cryptography and Machine Learning, Inferati solves these problems by developing proprietary algorithms that can execute efficiently in the FHE domain with minimal overhead. Our products have applications in many industries such as the financial sector, healthcare, government, and cybersecurity. To learn more about our offerings, please contact us.