Banner Image

Research and Innovation

Searchable Encryption Can Help You Get the Most out of Sensitive Data

 
June 20, 2016

In the past few years, data security and privacy has become a serious concern, with the number of data breaches on the rise. In the first five months of this year, the US alone has seen 430 data breaches in businesses across different sectors, including education, banking and finance, government and military, businesses, and healthcare. These data breaches highlight the need for data privacy and identity protection.

Data analysis has become critical to many industries, especially healthcare and financial services, but organizations find it difficult to analyze data without potentially exposing sensitive data.

Allowing businesses, and even private users, to perform a search on encrypted data will help minimize data breaches, while still allowing data analytics. To perform such a search, the keyword and the data are stored on the cloud in encrypted form, and users can query the cloud using the encrypted keyword. This is called searchable encryption. Searchable encryption technologies ensure that privacy of data is maintained, eliminating the possibility of a data breach. There are two types of searchable encryption schemes: symmetric search, where users search only within their own data, and asymmetric search, which allows anyone to search user data.

There are, however, some drawbacks to searchable encryption. Since the encryption and subsequent decryption takes time, this method tends to be slower than normal searches. Also, because the cipher text is stored on the cloud, the amount of storage needed is higher. Also, symmetric searches are less popular than asymmetric schemes as users prefer to search within the entire data rather than their own data.

Using searchable encryption, it is possible to conduct either a complete search (which returns records that match the entire search string) or a partial search (returns records that partially match the encrypted keyword). Since security is the key issue, it is possible to use a delegation key: a restricted decryption key created by a proxy server for each keyword. Using the delegation key, the cloud will search the database without revealing the encrypted key used for the search. The delegation key can either be provided by a third party or generated by a proxy within the system.

While using a third party could mean less work for the developer, there is a bottleneck resulting from the need to send data to and from the third party. There are now a few dynamic searchable encryption systems that eliminate the need for the third party. Searching through encrypted data can also take a lot of time. In the past, searchable encryption systems like MIT’s CryptDB have managed to improve the speed of searches through proper indexing.

If your business collects and stores a lot of sensitive customer data, the future looks brighter. While sharing, and searching on, unencrypted data could lead to a data breach when large amounts of sensitive data are in question, searchable encryption can help minimize leaks. I predict that, in the next couple of years, there will be many new systems that offer faster and more efficient options to perform searches on encrypted data.

Tags

Meena is a researcher with TCS Innovation Labs, Bangalore. She has 10 years of experience in security and privacy, and has presented papers in international conferences on topics like code obfuscation, fully homomorphic encryption, and searchable encryption. She holds a US patent on secure electronic transactions. Meena is currently working on Bitcoin and digitalizing contracts. She holds an MS in cryptography from IIT Madras.