Researchers show they can steal data during homomorphic encryption

As threat increases, college cybersecurity programs are more in demand
Courtesy of Brett Sayles

Homomorphic encryption is considered a next generation data security technology; but researchers have identified a vulnerability that allows hackers to steal data—even as it is being encrypted.

“We weren’t able to crack homomorphic encryption using mathematical tools,” says Aydin Aysu, an assistant professor of computer engineering at North Carolina State University. “Instead, we used side-channel attacks. Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted. This demonstrates that even next generation encryption technologies need protection against side-channel attacks.”

Homomorphic encryption is a way of encrypting data so that it is undetectable by third parties. However, this still allows third parties and third-party technologies to conduct operations using the data. For example, a user could use this encryption method to upload sensitive data to a cloud computing system and perform analyses of the data. Programs in the cloud could perform the analyses and send the resulting information back to the user, but those programs would never be able to read the sensitive data.

“Homomorphic encryption is appealing because it preserves data privacy, but allows users to make use of the data,” Aysu says. “While it has been theoretically possible for a while, homomorphic encryption requires a tremendous amount of computing power. As a result, we are still in the early stages of producing hardware and software to make homomorphic encryption practical.”

Microsoft has been a leader in homomorphic encryption and created the Simple Encrypted Arithmetic Library (SEAL) Homomorphic Encryption Library to facilitate research and development on homomorphic encryption by the broader research community.

“What we’ve found is that there is a way to ‘crack’ homomorphic encryption that is done using that library via a side-channel attack,” Aysu says. “We were able to do this with a single power measurement.”

The researchers were able to verify the vulnerability in the SEAL Homomorphic Encryption Library up through at least version 3.6.

“The library is constantly being updated, so we’re not sure if this vulnerability will be addressed in the most recent versions – or if there may be new vulnerabilities that we haven’t identified in more recent versions,” Aysu says.

Side-channel attacks are well understood. There are already countermeasures that organizations can put into place to thwart them.

“As homomorphic encryption moves forward, we need to ensure that we are also incorporating tools and techniques to protect against side-channel attacks,” Aysu says.

This article originally appeared on North Carolina (NC) State University’s website. NC State University is a CFE Media content partner.




Keep your finger on the pulse of top industry news