Menu
Menu
Note: this article has been updated and refreshed as of 12/10/23
As the cybersecurity landscape evolves in scope and complexity, encryption remains a key layer to the data security posture of an enterprise. Ongoing breaches in major enterprises — Facebook, Google, British Airways, Chegg, Quora, Marriott Hotels, and The Indian Government (Aadhar Database), to name a few — underscore the critical need for advanced encryption technologies.
While encryption has been around for decades, there has been significant investment and innovation in this area in recent years. This blog highlights some of the emerging technologies that have the potential to shape the cryptology space for the coming decade and more, specifically focusing on innovation around software based encryption technology trends. Areas not addressed here include innovation around runtime encryption techniques relying on hardware.
Homomorphic Encryption is a computation technique where data is processed without the need for decrypting it first. One of the most promising features of Homomorphic Encryption is its ability to secure data in use or data in motion.
Invented in 2009 by IBM researcher Craig Gentry, the method at the time required high computational power to execute simple tasks. However, since its invention, Homomorphic Encryption technology and the infrastructure to support it has matured to a level where it can be used in real-world applications.
With Homomorphic Encryption, it is possible to do computation on private databases without decrypting the original data. This is a remarkable property that could allow computation on datasets which either reside in silos or are owned by different entities. For example, Genomic data and patient data that if analyzed together, could help find genome sequence associated with a certain disease without actually “seeing” the data and violating the patient’s privacy.
Homomorphic Encryption also enables private search engine queries, essentially creating a search engine that preserves the privacy of the user.
Recent developments have significantly reduced computational demands, making it more feasible for practical applications. In 2023, we’ve witnessed its growing adoption in sectors like finance and healthcare, where data privacy is especially paramount.
One of the emerging encryption mechanisms used against brute force attacks is honey encryption, which deceives the attacker into believing that he or she has hacked the codebase.
A brute force attack relies on repeated decryption with randomly generated keys. What honey encryption does is that it produces ciphertext, which, on decryption with the wrong key, yields a plausible looking yet incorrect plaintext encryption keys. This will make it harder for the attacker to know if he/she has guessed correctly or not.
Ari Juels from Cornell Institute and Thomas Ristenpart from the University of Wisconsin developed honey encryption in 2014. The honey encryption mechanism is used to protect private data in real-world applications like credit card transactions and text messaging.
Recent implementations have seen its application in protection of cloud storage and big data, offering a deceptive layer of security that confounds potential attackers with misleading data.
Multi-Party Computation is an important subset of cryptography, which splits the work up across multiple servers and ensures that no single server has all the encrypted data at once.
Originating in the 1980s (and so not new), it works as follows.
Let’s say the data that needs to be protected is a “user’s personal data”. The personal data is split into several, smaller parts, each of which is masked using cryptographic techniques. Next, each piece of encrypted data is sent to a separate, independent server, so that each server only contains a small part of the data.
An individual or organization looking to access the user’s personal data will need to aggregate the encoded data. Additionally, it will be possible to perform computations based on the personal data, by requiring each server to perform computations on its small part of the data, without disclosing the entire dataset to the server.
Multi-Party Computation’s combination of encryption and distributed computation can enable compelling solutions for data privacy and security. A sample application would be for for governments and enterprises to securely store public records of individuals. The latest advancements have enabled more efficient computations, making it a viable option for large-scale, privacy-preserving data analysis.
Biometrics is increasingly used for authentication leading to the need for cryptographers to devise encryption approaches that can secure these biometric-based authentication systems.
How it works: Biometric encryption binds a cryptographic key to a biometric like fingerprints, facial scan or voice in such a way that neither the key nor the biometric can be retrieved from the stored biometric template. This key can be recreated only if the original and live biometric is presented for verification.
There are two phases in biometric encryption:
Biometrics have a widespread application in wearables, fingerprint and facial scanners, and speech recognition technologies. From mobile phones to laptops to governments across the world are using biometrics for authentication. As apps like Snapchat and FaceApp give users an option to do a wide gamut of image manipulation and share them with the world, finding ways to keep this deluge of PII safe is pertinent and requires continued innovation in biometric encryption space.
With increased adoption of biometrics in personal and enterprise security systems, biometric encryption has become more critical than ever. Recent innovations have focused on enhancing the security of biometric data against sophisticated cyber threats, ensuring the integrity of this uniquely personal form of encryption.
Quantum computing technology could disrupt many businesses primarily in the security, finance, and health industries. Though quantum computing is still in the nascent stages of development, when widely adopted, it has the potential to easily break the existing encryption systems by allowing malicious actors to use the massive compute capability of Quantum computers to brute force decrypt data or engage in man in the middle attacks.
With quantum computing, the security industry will witness one of its most challenging problems: How to secure data when the power of quantum computing is in the hands of malicious actors?
Quantum cryptography is an encryption mechanism that uses principles of quantum physics to encrypt and transmit data in a secure manner. Typically, encryption systems work with secret keys that are mostly randomly generated string of numbers used to encrypt/decrypt data. In quantum cryptography, photons are used to transmit data from one point to another.
Careful measurements of the quantum properties of photons on both ends helps in determining the key and if it is secure to use. If a third party tries to access or copy this communication, the state of photons will change, and the communicating endpoints will detect this change and prevent unauthorized access to the data.
One of the pioneers of quantum cryptography, Stephen Wiesner, introduced the idea of quantum conjugate coding, a concept that laid the foundation for advancements in quantum cryptography. His paper on conjugate coding was published on SIGACT.
As quantum computing edges closer to reality, quantum cryptography is sure to be a key area of focus. In 2023, we’ve seen significant strides in developing quantum-resistant encryption methods.
Libero nibh at ultrices torquent litora dictum porta info [email protected]
Start connecting your payment with Switch App.
