nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Microsoft boffins build better crypto for secure medical data crunching

Practical homomorphic encryption manual released

By Team Register, 16 Nov 2015

As genome research - and the genomes themselves - get passed around the scientific community, the world's woken up to the security and privacy risks this can involve. A Microsoft research quintet has therefore published ways to help scientists work on genomic data while reducing the risk of data theft.

The team published an informal manual to help scientists and other researchers to use the Simple Encrypted Arithmetic Library (SEAL).

Homomorphic encryption is a technique in which software can operate on encrypted data without decrypting it. This would let hospitals and labs to work on encrypted data hosted on untrusted clouds, receiving only the decrypted results for analysis.

This means the teams could assist with secure and private outsourcing of personal health records and predictive services for disease risk.

The Redmond research team of Nathan Dowlin, Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Michael Naehrig and John Wernsing describe the findings in the paper Manual for Using Homomorphic Encryption for Bioinformatics [pdf] spotted by ITnews. Here's a sample of their thinking:

A wealth of personal genomic data is becoming available thanks to scientific advances in sequencing the human genome and gene assembly techniques. Hospitals, research institutes, clinics, and companies handling human genomic material and other sensitive health data are all faced with the common problem of securely storing, and interacting, with large amounts of data. … we present new methods for encoding real data which lead to concrete improvements in both performance and storage requirements."

They say previous homomorphic encryption deployments were hand-tuned, inflexible, and private in-house works.

Research into the security threats against medical devices and separately the data it holds has been increasing.

In September researchers Scott Erven and Mark Collao detailed how they found exposed online thousands of critical medical systems, including Magnetic Resonance Imaging machines and nuclear medicine devices.

The pair found a "very large" unnamed US healthcare organisation exposing more than 68,000 medical systems. That US org has some 12,000 staff and 3,000 physicians.

Technical information on how the encryption works is available in the paper. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing