Microsoft Research Explores Secure Cloud Data Exchanges

By Pedro Hernandez  |  Posted 2016-08-10 Print this article Print
Microsoft, secure cloud, data exchanges

Microsoft researchers hope that one day organizations won't have to sacrifice usability for security when jointly working with encrypted data in the cloud.

Encrypting data is an effective and time-tested way of keeping sensitive or confidential information out of the hands of unauthorized users and hackers. The problem, at least in scenarios involving partners or multiple parties, is that encryption can stand in the way of unearthing new insights and making scientific breakthroughs.

The solution seems simple; decrypt the data and allow trusted party access to the information. However, as Microsoft Research writer John Roach blogged on Aug. 9, decrypting data can make it vulnerable to a breach. And for some institutions, like health and genetic research organizations, a breach can be devastating.

Microsoft is proposing a new way of working with encrypted data using a cloud-based secure exchange.

"New research from Microsoft aims to unlock the full value of encrypted data by using the cloud itself to perform secure data trades between multiple willing parties in a way that provides users full control over how much information the exchange reveals," Roach wrote. The exchange is based on multiparty computation, where calculations using data from two or more parties fail to reveal the specifics of each individual's data.

Roach gives an example of a situation where a group of employees wants to know how their salaries rank without revealing how much they are paid to the group. The group enlists a trusted colleague with the information, who calculates the average salary, delivers it to the group and forgets the details. The employees can then see how their pay stacks up.

Microsoft's secure data exchange eliminates the need for the trusted colleague. Instead, the cloud is used to handle decryption tasks and broker the transfer of select data while keeping a tight lid on the rest of the information. Encryption keys are used to decrypt data inside the multiparty computation, making the data available for a computation without revealing anything but the results.

"All of the computation is performed in the cloud, and the computation itself is encrypted in such a way that not even the cloud knows what is being computed, which protects any of the buyer's data used in the computation such as a proprietary algorithm. If everything goes as expected, the cloud reveals the decrypted results to the interested parties," Roach explained.

Microsoft hopes secure cloud-based data exchanges not only open up a trove of anonymized health and genetic data to researchers, but also helps them make the most of their limited budgets.

The technology can enable them to "test-drive" a portion of a full data set to test its viability before committing to a purchase. "The secure data exchange system allows the researchers to perform a statistical analysis on a portion of the medical center's anonymized genetic data that reveals how much it differs from the data already used to build the disease-prediction algorithm," offered Roach as an example. If successful, a lab can opt to buy the full bundle.

Microsoft plans to release its secure exchange toolset in the near future, added Roach.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel