Thursday, February 13, 2014

Made in Japan: Homomorphic encryption biometrics style!

The last weeks I am blogging, writing articles and social networking about homomorphic encryption.
This all started when reading the news Fujitsu Labs Ltd. wants to implement a DNA read- and processtechnology using homomorphic encryption where encrypted genetic data can be read without decrypting it.
Great news for a software tester with a bioinformatics background and privacy at heart!

Fujitsu Labs claims it can ensure privacy by encrypting the query , the data and the searchresults, so a possible third party (read pharmaceutical company etc.) can't see to which person the DNA data belongs to.
But, homomorphic encryption is a slow process, how does Fujitsu cope with this?
They have 2 solutions:
The first is that the searches are in batchmode (16K per second) and second is that the search already starts when encrypting the data.
Cool stuff, but still questions pop up in my mind: is the encryption undecryptable for hackers, is the performance really 16K strings per second (performance tes(t!)), are the search results correct and can the data be tampered with with for instance Man in the Middle Attacks?
Questions I like to see answered and I wait until more news emerges.
Implementation is set in 2015. Let's see what happens and how the competition will deal with this.

Feedback is very welcome by responding to this blog, through Tweeting to @TestingSaaS or through the TestingSaaS Facebook-page.

Tuesday, February 4, 2014

2014, year of encryption?



According to Unisys, 2014 will be the year of encryption.
Quite logical, regarding the protection of personal data needed after all those hacks the past years. Encrypting this data is not a bad option, but it has its drawbacks.
How can I search in encrypted data?
Is decrypting the data not necessary then? But this costs computer power and time diminishing the search efficiency. Is there a solution?
A possibility is homomorphic encryption, which is an encryption issue to tackle at different universities and companies like MIT, IBM, Fujitsu and Microsoft. What is it then? In cryptography, encryption is the process of encoding messages (or information) in such a way that only authorized parties can read it. With homomorphic encryption, encrypted data could be processed without decrypting it first. This makes it ideal for Cloud applications, enabling vendors to process encrypted personal data without decryption, ensuring privacy of the data owner. This would be great in the financial and medical sector. One disadvantage, homomorphic encryption is a slow process. Full encryption is still practically impossible, but partially there are possibilities.
Which ones are part of the next blogposts. This tester's adventure in encryption continues!


PS:
This blogpost is also posted in the Dutch online magazine for IT-professionals Computable:

Versleutelde data-verwerking in de cloud