The Future of Data Encryption: What You Need to Know Now – FedTech Magazine

Making Encryption Harder, Better, Faster and Stronger

In response, the industry is advancing encryption on several fronts. Some efforts are focused on increasing key sizes to protect against brute-force decryption. Other efforts are looking at new cryptographic algorithms. For example, the National Institute of Standards and Technology isevaluating a next-generation public key algorithm intended to be quantum safe.

The trouble is that most quantum-safe algorithms arent efficient in classical computer architectures. To address this problem, the industry is focused on developing accelerators to speed up algorithms on x86 platforms.

A third area of research ishomomorphic encryption, an amazing concept that allows users to perform calculations on encrypted data without first decrypting it. So, an analyst who needs to can query a database containing classified information without having to ask an analyst with higher clearance to access the data or request that the data be declassified.

A big advantage of homomorphic encryption is that it protects data in all its states at rest (stored on a hard drive), in motion (transmitted across a network) or in use (while in computer memory). Another boon is that its quantum safe, because its based on some of the same math as quantum computing.

A downside is that homomorphic encryption performs very poorly on traditional computers, because its not designed to work with them. The industry is collaborating to develop x86-style instructions to make these new cryptosystems operate at cloud speeds. Practical applications are still a few years away, but were confident well get there.

EXPLORE:How can agencies combat encrypted attacks on government traffic?

In the interim, a new encryption capability has emerged that organizations can take advantage of right now:confidential computing. Confidential computing safeguards data while its being acted upon in computer memory; for example, while a user is conducting analytics on a database.

Confidential computing works by having the CPU reserve a section of memory as a secure enclave, encrypting the memory in the enclave with a key unique to the CPU. Data and application code placed in the enclave can be decrypted only within that enclave, on that CPU. Even if attackers gained root access to the system, they wouldnt be able to read the data.

With the latest generation of computer processors, a two-CPU server can create a 1 terabyte enclave. That enables organizations to place an entire database or transaction server inside the enclave.

The functionality is now being extended with the ability to encrypt all of a computers memory with minimal impact on performance. Total memory encryption uses a platform-specific encryption key thats randomly derived each time the system is booted up. When the computer is turned off, the key goes away. So even if cybercriminals stole the CPU, they wouldnt be able to access the memory.

Confidential computing transforms the way organizations approach security in the cloud, because they no longer have to implicitly trust the cloud provider. Instead, they can protect their data while its in use, even though its being hosted by a third party.

One major cloud provider already offers a confidential computing service to the federal government, and more will surely follow. Agencies can now build enclave-based applications to protect data in use in a dedicated cloud that meets government security and compliance requirements.

The need for strong data encryption wont go away, and the encryption challenges will only increase as quantum computing emerges over the next several years. In the meantime, innovative new encryption capabilities are delivering tighter cybersecurity to agencies today, and the industry is investing in the next generation of cryptosystems to protect government information for the next 25 years.

More here:
The Future of Data Encryption: What You Need to Know Now - FedTech Magazine

Related Posts

Comments are closed.