Data in Use: The Third Pillar Of Cryptography

We (or at least those in the Cyber Security industry) are all familiar with the concept of keeping data secure. Encryption technologies come in many forms and it turns out that we use very different technologies to secure data when it is at rest and when it’s in transit. For example, you’d use one set of tools to encrypt the hard-drive on your laptop, and another to encrypt your internet traffic.

This well-known distinction between the technologies used for securing data at rest and those for securing data in transit is taught in all cryptography courses; and we are well used to it. However, there is a third pillar, and that is to secure data when it is actually “in use”.

For example, suppose I am using a signing key to sign documents. When the key is being stored I may use a key wrap algorithm to ensure anyone who accesses the data on my disk does not get access to the signing key. I may want to send the signing key to another device, in which case I may use an encrypted channel to send the key over. However, at some point I actually want to use the key.

It appears at this point in the cycle my key will have to be “in the clear” – after all –  how can I compute with it if I don’t know what value it takes?

Traditionally, the method for securing cryptographic keys “in use” has been to rely on hardware; either a tamper resistant smart card or a Hardware Security Module (HSM). These are good technologies, but are only really available for high-end users due to their high cost and complexity.

This is where Multi-Party Computation (MPC) comes in – anyone can use it to secure data whilst it is in use. MPC does this by splitting the data into portions and then using a protocol to compute the desired operation without ever bringing the key back together into one location. In principle this technique can be used to secure any data in any application, and not just keys.

Thus with MPC,  we can secure the third pillar of data usage, namely actually using the data. When combined with traditional techniques to secure data in-transit and data at-rest, we find we now have a complete repertoire of methods to secure the entire data life cycle. At the core of Dyadic vHSM is MPC technology. We’d be happy to help you learn more about how vHSM powers Dyadic’s Enterprise Key Management and Secure Authentication solutions.

Prof. Nigel Smart

Prof. Nigel Smart

Nigel Smart, Unbound Co-Founder, is a Professor at University of Bristol UK. He is a world-renowned expert in applied cryptography, and was the Vice President of the International Association of Cryptologic Research. In the past, Nigel worked at Hewlett-Packard Laboratories developing advanced encryption technologies. He has also been involved in developing many standards, and has worked with both industry and government on applying cryptography to solve critical security problems.

Subscribe to BLOG