Cloud computing is great, right? You can outsource all of your storage needs to someone else, and let them do the heavy lifting, while you enjoy seamless access, whenever, wherever. However, this comes at a cost: They get to see your data. Sure, they do their part to ensure that it’s secure against adversaries, but they still have access to it.
Of course, this is necessary from a functionality point of view; after all, if the data was encrypted, how could they return search results to you when you wanted to search for a particular keyword across a massive set of documents? They couldn’t. Yes, there are apps for encrypting your data before it’s stored, but the cloud provider will need a copy of your keys in order to decrypt it prior to search. Otherwise, you’re going to have to download everything and search for it locally, making the appeal of cloud storage a lot less appealing.
Here’s a few questions you should be asking your cloud provider, to gauge where they fit in to the answer to “who has access to my data?”. While you might see them as an extension of your security, they might actually be exposing you to more threats. We’ll answer these questions from our perspective, so you’ll know where we stand.
What if I forget my password?
Unfortunately, if you forget your password, we’re unable to recover it for you. However, this is actually fortunate; it means we never have access to it in the first place. We provide strong cryptographic protection for your data, but not at the expense of requiring that you trust us with access to it. All passwords and keys are generated by you, the client, on your device.
What if an employee leaves and I need access to the data?
This can be a huge problem. In the “CIA” pyramid of “Confidentiality, Integrity, and Availability”, having company data rendered permanently unavailable can be just devastating as unauthorized access to it. You’ll hear things like “key recovery” and “key escrow” being tossed around, but don’t mistake these as synonyms for one another; they’re vastly different things.
It’s a good idea to have a secure key recovery process in place that will allow those with authorization to gain access to company data, should an employee’s key(s) become unavailable. However, this should be done locally; don’t trust a third party cloud provider that offers a “key escrow” service where they hold the keys. This is only making your attack surface larger by exposing you to more threats.
If you don’t have access to my keys, how do you search / organize my data?
You might be thinking, “You just said cloud providers can’t do this without access to my keys, right?” Right. That’s true. But that’s where homomorphic encryption comes in. We’ve built a secure and efficient search protocol powered by our fully homomorphic encryption scheme that’s based on multivariate polynomials. The really magical property of homomorphic encryption is that you can process encrypted data without decrypting it.
What this means for you is that not only can you store encrypted data in the cloud, but, using our API, the cloud provider can process encrypted search queries that you send to it, and return encrypted search results to you. The beauty of this is that the cloud provider never learns anything about what you’re searching for or the related documents. This makes compliance a lot easier, because you’re not outsourcing your trust along with your data.
In the near future, we’ll be posting more on how we’re looking to solve the “forgotten password” problem. In addition, we’ll also share more about how we’re looking to make authentication a lot easier, by supporting hardware solutions like Yubikey.