Security

The Future of Data Encryption: What You Need to Know Now

Increasing computing power will soon make existing encryption algorithms ineffective. Here’s how the industry is responding and how your agency can benefit from new encryption innovations today.

Steve Orrin

Steve Orrin is the federal CTO for Intel Corporation. He has held architectural and leadership positions at Intel, driving strategy and projects on identity, anti-malware, HTML5 security, cloud and virtualization security since joining the company in 2005. Previously, Orrin held technology positions, including serving as the chief security officer of Sarvega, CTO of Sanctum, CTO and co-founder of LockStar and CTO of SynData Technologies.

The federal government has always needed to prevent classified information from being disclosed. But as cyberattacks become more sophisticated and prevalent, the stakes are only getting higher.

One way that organizations can protect data is through encryption, which applies algorithms to scramble data so that it’s readable only by someone who holds the key to decrypt it.

Given enough computing power, however, a sophisticated adversary could crack an encryption code. So, encryption involves a kind of arms race. As processors become more powerful — following Moore’s law, roughly doubling in transistor density about every two years — adversaries have a greater chance of breaking encryption keys. To stay ahead, the high-tech industry works to develop ever more advanced encryption algorithms and increase encryption key sizes.

Classified government information typically needs to remain classified for 25 years. As a result, when the government encrypts data, it needs to be certain the encryption will remain viable for decades. Otherwise, an adversary could steal the encrypted data simply by waiting for computing power to catch up, and then cracking the code.

But the encryption arms race is about to become much more challenging. That’s because quantum computing will soon make processors vastly more powerful. That eventuality will require significant advances in encryption.

Expect Double Exponential Growth via Quantum Computing

Classical computing uses electrical signals to encode data in bits. Each bit can have a value of 0 or 1. Quantum computing can use other physical systems, such as electrons and protons, to encode data in qubits. A qubit can have a state of 0, 1 or some combination of those digits. Because the quantum state of a qubit can be almost infinite, a qubit can encode exponentially more data than a bit.

Classical computing performance has experienced exponential growth, increasing by powers of 2 (2, 4, 8, 16, etc.). Quantum computing is expected to involve double exponential growth, increasing by powers of powers of 2 (4, 16, 256, 65,536, etc.). You can see how quickly the performance of quantum computers will leap ahead.

What’s more, quantum computers are ideally suited to the integer factorization needed to crack today’s asymmetric encryption algorithms. Common public key cryptosystems such as RSA could become trivially easy to break.

Usable, fault-tolerant quantum computers are still several years off, but you can be sure nation-states are developing them, and if they don’t have the capability today, they soon will. If we want to protect today’s sensitive information for the next 25 years, we need to act now to make encryption safe from quantum computing. That means we need new approaches to encrypting data.

Making Encryption Harder, Better, Faster and Stronger

In response, the industry is advancing encryption on several fronts. Some efforts are focused on increasing key sizes to protect against brute-force decryption. Other efforts are looking at new cryptographic algorithms. For example, the National Institute of Standards and Technology is evaluating a next-generation public key algorithm intended to be quantum safe.

The trouble is that most quantum-safe algorithms aren’t efficient in classical computer architectures. To address this problem, the industry is focused on developing accelerators to speed up algorithms on x86 platforms.

A third area of research is homomorphic encryption, an amazing concept that allows users to perform calculations on encrypted data without first decrypting it. So, an analyst who needs to can query a database containing classified information without having to ask an analyst with higher clearance to access the data or request that the data be declassified.

A big advantage of homomorphic encryption is that it protects data in all its states — at rest (stored on a hard drive), in motion (transmitted across a network) or in use (while in computer memory). Another boon is that it’s quantum safe, because it’s based on some of the same math as quantum computing.

A downside is that homomorphic encryption performs very poorly on traditional computers, because it’s not designed to work with them. The industry is collaborating to develop x86-style instructions to make these new cryptosystems operate at cloud speeds. Practical applications are still a few years away, but we’re confident we’ll get there.

EXPLORE: How can agencies combat encrypted attacks on government traffic?

Encryption Innovations Agencies Can Use Today

In the interim, a new encryption capability has emerged that organizations can take advantage of right now: confidential computing. Confidential computing safeguards data while it’s being acted upon in computer memory; for example, while a user is conducting analytics on a database.

Confidential computing works by having the CPU reserve a section of memory as a secure enclave, encrypting the memory in the enclave with a key unique to the CPU. Data and application code placed in the enclave can be decrypted only within that enclave, on that CPU. Even if attackers gained root access to the system, they wouldn’t be able to read the data.

With the latest generation of computer processors, a two-CPU server can create a 1 terabyte enclave. That enables organizations to place an entire database or transaction server inside the enclave.

The functionality is now being extended with the ability to encrypt all of a computer’s memory with minimal impact on performance. Total memory encryption uses a platform-specific encryption key that’s randomly derived each time the system is booted up. When the computer is turned off, the key goes away. So even if cybercriminals stole the CPU, they wouldn’t be able to access the memory.

Confidential computing transforms the way organizations approach security in the cloud, because they no longer have to implicitly trust the cloud provider. Instead, they can protect their data while it’s in use, even though it’s being hosted by a third party.

One major cloud provider already offers a confidential computing service to the federal government, and more will surely follow. Agencies can now build enclave-based applications to protect data in use in a dedicated cloud that meets government security and compliance requirements.

The need for strong data encryption won’t go away, and the encryption challenges will only increase as quantum computing emerges over the next several years. In the meantime, innovative new encryption capabilities are delivering tighter cybersecurity to agencies today, and the industry is investing in the next generation of cryptosystems to protect government information for the next 25 years.

matejmo/Getty Images