IBM sets out to crack FHE, the ‘holy grail’ of encryption in cloud

  • Fully homomorphic encryption allows means data is usable, even when it’s encrypted 
  • It’s been called a ‘holy grail’ for cloud security
  • IBM is launching a FHE test environment, where customers can test the service   

Computing giant IBM is launching a fully homomorphic encryption (FHE) test service for businesses.

Homomorphic encryption allows users’ data to be protected anytime it’s sent to the cloud, while still keeping some of the useful properties of cloud services, like searching for strings within files.

That’s because it allows operations and functions to be pre-formed over encrypted data, meaning data is never unencrypted data so, for example, a disgruntled and rogue AWS employee can’t go and access private customer data. 

Companies can therefore achieve zero-trust, by unlocking their data on untrusted domains without needing to decrypt it.

And this is why FHE has been regarded as the ‘holy grail’ of cloud security — one of the main concerns for enterprise adoption. 

IBM said the new FHE solution, called IBM Security Homomorphic Encryption Services, will allow clients to start experimenting with how the tech could be implemented to enhance the privacy of their existing IT architecture, products, and data. 

“Fully homomorphic encryption holds tremendous potential for the future of privacy and cloud computing, but businesses must begin learning about and experimenting with FHE before they can take full advantage of what it has to offer,” said Sridhar Muppidi, chief technology officer at IBM Security. 

“By bringing IBM’s cryptography expertise and resources to our clients that are driving innovation in their unique industries, we can work together to create a new generation of applications that leverage the power of sensitive data, without compromising on privacy.”

IBM has been developing the algorithms behinds its FHE service for more than a decade. The original computations, however, were too slow, taking days or weeks for calculations that would otherwise take seconds. 

As computing power has continued to exponentially grow, algorithms behind FHE have advanced and it’s now able to perform the task in seconds, making it viable for real-world use cases. 

The company has now completed a number of trials, with clients working on pilot programs to implement the service. IBM customers can access a testing environment where they can create prototype applications using FHE, with support from IBM trainers. 

While the technology is still in the early stages, launching a test environment will help IBM and its customers understand real-world challenges — the company is aiming the service at developers and engineers specializing in cryptographics first. 

Source link

Japan joins Five Eyes in call for Facebook to lower encryption

TOKYO — Japan will join countries in the Five Eyes security alliance in a call for Facebook to review its encryption practices over concerns the company’s messaging apps will become tools for terrorists and child traffickers, Nikkei has learned.

Currently, Facebook encrypts the contents of messages exchanged between the sender and receiver so that no one else — including Facebook itself — can see them. While this technology serves to protect users’ privacy, it also makes it impossible for the company to provide authorities with information related to crimes.

Japan and the Five Eyes countries — the U.S., the U.K., Australia, Canada and New Zealand — are planning to issue a joint statement to press Facebook to change its encryption technology on Messenger and WhatsApp. 

In the statement, the countries say they understand the importance of protecting privacy, but say Facebook should seek a way to balance privacy and security concerns. It is expected that the countries will ask Facebook to introduce a measure that allows it to decrypt in case of an emergency.

The decision for Tokyo to join the call comes as it seeks closer ties with alliance. The Five Eyes has also engaged Japan as it seeks to share confidential information in response to China’s growing military expansion.

Facebook CEO Mark Zuckerberg said in March 2019 that contents exchanged on messaging apps including Messenger and WhatsApp would be encrypted. WhatsApp has been already encrypted.

In October 2019, law enforcement officials in the U.S., U.K. and Australia demanded Facebook take measures to allow the company to decrypt in case of emergency. They claimed investigations could be hindered if terrorists or child abductors take advantage of the technology. Facebook has not complied.

The joint statement is not legally binding so it remains unclear whether Facebook will agree to introduce the measure. Even if it introduces a decryption measure, that does not guarantee the company will provide the data when requested by authorities.

In 2016, a large amount of personal data leaked from Facebook and was misused to manipulate public opinion in the U.S. presidential election. Since then, Facebook has stepped up measures to enhance users’ privacy.

Source link

Russia’s Digital Development Ministry wants to ban the latest encryption technologies from the RuNet

Russia’s Ministry of Digital Development, Communications, and Mass Media wants to ban websites from using the latest encryption technologies, to make it easier for Russia’s federal censor, Roskomnadzor, to block access to RuNet resources containing prohibited content. Experts point out that a number of large Internet companies, including the Russian Internet giant Yandex, currently rely on these technologies — and underscore that this new initiative could lead to another mass block of IP addresses belonging to major providers like Amazon Web Services and Cloudflare, the hosts behind many sites.

Source link

Zoom to offer all users full encryption, bending to pressure

Zoom Video Communications will offer full end-to-end encryption to all users, free and paid, succumbing to pressure from members of Congress and the public who pushed the video-conferencing company to bolster privacy.

Those using the service at no charge will have to verify their phone numbers to get access to the strongest level of security, Zoom CEO Eric Yuan said Wednesday in a blog post. End-to-end encryption makes it impossible for third parties to decipher communications, but will mean that participants cannot call into a Zoom meeting on a telephone line.

“We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform,” Yuan wrote. Verifying the identities of free participants will help the company combat abuse taking place on its platform, he added.

The San Jose, Calif.-based company said it plans to begin testing the stronger encryption in July. Zoom said previously it would reserve this feature for large corporate clients who paid for the service. About 70,000 internet users signed two petitions this week urging Zoom to give full encryption to everyone in the interest of cybersafety for those who can’t afford a subscription. U.S. Senators Sherrod Brown, an Ohio Democrat, and Richard Blumenthal, a Democrat from Connecticut, have blasted the software maker for not offering end-to-end encryption, though the company earlier had claimed it did.

While its stock has more than tripled this year, Zoom has suffered a series of controversies related to privacy and security. During the coronavirus pandemic, when hundreds of millions of people started using the video-conferencing app to keep in touch with colleagues, loved ones and communities, trolls began invading calls with profane, pornographic and racist content, in a phenomenon known as Zoombombing. After researchers discovered instances when Zoom meetings and their related encryption keys were routed through servers in China, even though no one on the call was based there, the company pledged to offer full encryption to allay concerns that Zoom wasn’t secure.

Yuan said on an earnings call this month that he wouldn’t offer free users full encryption so Zoom could work with the Federal Bureau of Investigation and local law enforcement to identify people who were committing crimes during video-conference meetings. The company later clarified those remarks after a user uproar about the ties to law enforcement.

More must-read tech coverage from Fortune:

Source link