Funtap - stock.adobe.com
How IBM is solving the data privacy problem
IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy
Data is typically encrypted in motion and at rest to keep sensitive information away from prying eyes, but it must be decrypted for computational functions to be performed. This increases the risk of privacy breaches should cyber attackers compromise a server where the data is being computed.
An emerging technology from IBM promises to address that by enabling computational functions, such as analytics and machine learning, to be performed on encrypted data. Called fully homomorphic encryption (FHE), it works by converting readable plaintext data into ciphertext, which is unreadable.
The ciphertext is then computed directly while the data and computed results remain encrypted. This can be done in untrusted or third-party environments such as the public cloud, so even if a threat actor manages to access the data while it is being computed, the data and the results would not make any sense.
Only the owner of the data can decrypt the results in a trusted environment using a cipher algorithm. That means, for example, that a food app that provides recommendations on nearby restaurants will be able to do so using encrypted location data, with the results readable only on the user’s device.
IBM started working on FHE slightly over a decade ago, but interest in the technology has been brewing in recent years with the availability of more computational power that is required for crunching cyphertext.
During a regional media briefing last week, Omri Soceanu, artificial intelligence (AI) security group manager at IBM Research, said the technology can be used in a wide variety of applications, such as enabling encrypted data to be processed outside a country while complying with data sovereignty regulations, and deploying encrypted AI models at the edge without compromising privacy.
Working with the technology requires deep technical skills, however. Developers without a good understanding of cryptography may struggle to translate FHE concepts into their code, and traditional programming methods will also have to evolve to take advantage of FHE.
To address this gap, IBM has created a test environment powered by IBM LinuxOne for researchers and students in Singapore to try out FHE, in addition to the HElib open-source library available on GitHub that can be used to deploy FHE technology using two cryptographic schemes.
Read more about cyber security in APAC
- Australia’s New South Wales department of education was hit by a cyber attack days before remote learning commenced in the new school term.
- Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors.
- Security operations teams in India and Japan see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.
- Singapore’s cyber threat landscape was dominated by ransomware, botnet drones and phishing attacks last year as threat actors capitalised on the anxiety and fear wrought by the pandemic.
But that is not enough. To pave the way for broader adoption of FHE among users without deep expertise in cryptography, IBM has developed a software development kit (SDK) that supports use cases such as credit card fraud detection.
During a demonstration of the SDK, Soceanu showed how a few lines of Python code were used to create an application that analyses encrypted X-ray images using neural networks to predict, in just a few minutes, whether someone is infected with Covid-19.
Patrick Bruinsma, IBM’s client technical manager for IBM Z, said that while he was not aware of organisations in Asia-Pacific that have deployed FHE commercially, it is a “hot topic” among chief information security officers in Southeast Asia who are looking to share data with others who may not have the same levels of security.
But scaling up FHE deployments would require the use of accelerators if the technology is to be used to detect fraud for every credit card transaction, for example. “We’ll also need easy integrations, and the SDK is helping with that through APIs [application programming interfaces],” said Bruinsma.
Meanwhile, IBM is already working with some players in the financial industry on commercial applications of FHE. “This is progressing quite fast,” said Soceanu, “and I hope that in the coming months, this will become a reality.”