Feature Story
Creating a New Cybersecurity Paradigm for a Cloud-Based World
The notion of cybersecurity has traditionally been represented by a reassuringly solid lock. In a world governed by the metaphor of the cloud — distributed, ephemeral and not quite tangible — the idea that sensitive data can be protected like jewels in a vault no longer applies.
Over the past few years, cyberattacks that compromise critical infrastructure — think SolarWinds, Colonial Pipeline and the Oldsmar water treatment facility — have garnered headlines and made it abundantly clear that there are new vectors of attack available to hackers that demand innovation in cybersecurity.
We increasingly live in a world where systems are built from commodity hardware and shared between different actors, which makes them easier to reverse engineer and makes the data more easily accessible.
Scientists, mathematicians and engineers at the ֱ Applied Physics Laboratory (APL) in Laurel, Maryland, are meeting this challenge, building a new cybersecurity paradigm that’s suited to the realities of how computing and collaborating are done in the 21st century. Their work has applications in health care, weapons systems and space, as well as in protecting critical infrastructure and industry generally.
The notion of cybersecurity has traditionally been represented by a reassuringly solid, if somewhat generic lock. When all data lived in a single physical location, controlled by a single party, the metaphor was apt. But in a world governed by the metaphor of the cloud — distributed, ephemeral and not quite tangible — the idea that sensitive data can be protected like jewels in a vault no longer applies.
“In the old paradigm, we built up trust layer by layer, beginning with the hardware, and before you know it you’ve invested your trust in tens of millions of lines of code, along with the hardware and whatever other physical security measures you’ve taken,” said Aaron Pendergrass, a cybersecurity researcher at APL. “But we increasingly live in a world where systems are built from commodity hardware and shared between different actors, which makes them easier to reverse engineer and makes the data more easily accessible.”
Solving for SCOCI
The Lab has a name for this reality: Secure Computation on Compromised Infrastructure, or SCOCI. It’s a ubiquitous problem across virtually every type of data and system that needs to be protected. APL is working on SCOCI solutions in multiple areas of concern by taking a two-pronged approach, broadly speaking, that encompasses software- and hardware-focused strategies.
On the software side, the Lab is working on solving a fundamental limitation with encryption, by bringing a concept called homomorphic encryption from the academic literature into practical applications. Homomorphic encryption, or HE, addresses a key vulnerability in data protection: privacy in use.
To return to the bank vault metaphor, suppose what’s being guarded is not jewels but a ledger. Today, it’s possible to secure the ledger as long as it’s sitting in the vault, which provides privacy at rest. It can also be secured in an armored truck if it needs to be relocated elsewhere, maintaining privacy in transit. But if you want to actually do something with the information without exposing it to prying eyes, you’re out of luck.
HE can provide privacy in use — but first, it needs to be implemented.
“The literature has focused on demonstrating that HE is possible in theoretical systems, but has practicality challenges in real use cases,” explained Russ Fink, one of the pioneers of APL’s work in HE. “The issue is that it adds complexity to even basic computations, potentially making whatever operations you need to do thousands of times slower.”
Another gap between conceptual and real-world applications is the complexity of real use cases, which often involve multiple parties with different levels of access to data.
“In HE as it exists in the literature, there’s a single data provider —someone who computes on this data but doesn’t get access to it — and there’s a data consumer, so you’re dealing with essentially a two-party protocol,” said Eric McCorkle, an APL computer scientist. “That’s good for developing the theory, but it’s very constrained for building a real-world system.”
From Possible, to Practical, to Usable
McCorkle is working on generalizing access control in HE schemes, making it possible to receive input from, and provide output to, an arbitrary number of parties without any of them having access to data that is not theirs to know. His work has immediate applicability in health care — for example, enabling hospitals in different jurisdictions to share and update patient records without sharing sensitive information.
“When we began the work in early 2021, the question was, ‘is this even possible?’” McCorkle said. “The answer then was ‘no.’ But now it’s ‘yes.’”
For HE to be widely applied, it has to be usable by real programmers — ideally without deep expertise in HE, which very few people have anyway. APL has made considerable progress in creating pre-built program libraries designed to apply HE to specific use cases. In the process, researchers have pushed the boundaries of the kinds of operations that can be done using HE, extending the technique beyond simple addition and multiplication and into complex trigonometric operations.
Hacking with Hardware
APL scientists have also combined HE with commodity hardware solutions for cybersecurity, significantly lowering the computational overhead that might otherwise preclude the use of the technique. They accomplished this using specially designed commercial processors that hide any code being executed from practically anything and anyone who might want to inspect it, including the operating system and anyone with physical access to the computer’s memory.
“We can use an HE scheme inside one of these processors to provide a kind of cryptographic ‘double wrapping,’” said Leif Powers, the project manager leading this work. “That allows us to use a less computationally expensive HE scheme while not relying entirely on the security of the processor, which allows us to achieve a high level of security without compromising practicality.”
Bringing It All Together
The Lab is also working on a capability to rapidly and iteratively test various SCOCI and HE schemes. Called Mintaka, this unique testbed will serve as a prototype of a complete SCOCI system, able to stand up to rigorous simulated attacks to test the techniques developed at APL.
“The idea is that as new concepts and features related to SCOCI are developed, we can add them to the Mintaka prototype and test them to see what they add in terms of protecting against an adversary’s actions,” said Brian Garofalo, who leads the Mintaka development effort.
Rewriting the Rulebook
There are commercial applications of HE, to be sure, including a patent-pending technology that has demonstrated the practicality of using HE to encrypt free-form text and concept searching.
I think this technology will change the world — it really rewrites the rulebook of what’s possible with cryptography, and it has applications everywhere.
According to Fink, Term Encrypted Retrieval Privacy (TERP), a project co-led by David Zaret, allows users to query a server by encrypting a simple phrase — such as ”Hollywood star diet” — and retrieve relevant documents without the server learning the phrase or knowing what results might have matched the phrase.
“Such a capability might enable a sponsor to search an unclassified domain for sensitive concepts, or even to detect the presence of classified ‘information spills’ on unclassified assets, including derivative works, without revealing the nature of the spill,” Fink said.
“I think this technology will change the world — it really rewrites the rulebook of what’s possible with cryptography, and it has applications everywhere,” McCorkle said. “At ֱ, we have a trifecta of the largest university affiliated research center [APL] in the nation, a world-class medical institution [ֱ Medicine] and a top-tier university that does a lot of cryptographic research. I don’t know of any other institution that has all three of those advantages.”