New Fujitsu Labs tech can do batch searches of encrypted data

Method can batch-search 16,000 characters per second, and could be used for DNA research.

If snooping by the U.S. National Security Agency isn't enough to make you worry about your privacy, Japan's Fujitsu Laboratories has developed a fast method to perform secret searches of data that is encrypted.

The technology makes use of homomorphic encryption, which allows for operations to be performed on encrypted data without having to decrypt it.

Fujitsu developed a batch search method that can rifle through 16,000 characters per second using any search term without the need for pre-registering keywords.

The lab hopes to commercialize the technology by 2015, billing it as a useful analytical tool in an increasingly data-driven world. The researchers said it's one that will in fact protect privacy.

"Our technology is based on public-key encryption," said Jun Kogure, research manager at the Social Innovation Laboratories in the Secure Computing Lab of Fujitsu Laboratories.

"When acquiring a public key, one also obtains a secret key paired to that public key. Those who perform searches only need a public key, which is made public beforehand and is something anyone can obtain. As results of searches are also encrypted, only those who have the secret key can see the search results."

If thieves or spies tried to use the method, it would be fruitless.

"They may be able to make searches, but it will not mean anything without the secret key," Kogure said.

Forgoing registration of searchable keywords distinguishes Fujitsu's new approach from other ways of looking through encrypted data.

"Many of the existing methods use tag-based searches, which pre-register keyword tags and in the search phase privately check if the specified keyword matches one of the registered tags," said Kogure.

"Our technology is not based on tag-searching. We use homomorphic encryption to perform full-text searches."

The batch search is performed using encrypted character strings, and the search results themselves are encrypted. That means only users with the decryption key can read them.

Possible applications include searching for a particular base sequence in a strand of DNA. The method would preserve the privacy of the DNA information while yielding a useful result, and could be used in multiple DNA searches.

Searching through encrypted academic scores from a number of schools for analytical purposes could be another application, the lab suggested.

The latest know-how is based on the lab's development in 2013 of a method that allows for high-speed statistical calculations and biometric authentication to be performed on encrypted data.

That method involves batch-encrypting data and opens the door to applications such as matching fingerprint or vein patterns to a secure database without having to decrypt it. The processing speed of this method is about 2,000 times faster than bit-by-bit encryption, according to the lab, which presented the research at security conferences in Germany and the U.K. in September 2013.

Programmers have long faced the challenge of needing unencrypted, plain-text data in order to be able to do anything useful with it, such as mathematical calculations. One goal is to be able to implement new cloud-based services such as medical or marketing analyses using fully encrypted data that isn't as vulnerable to attack as the plain version.

After years of work on the problem, IBM recently received a patent for a method known as fully homomorphic encryption, which allows encrypted data to be processed as is.

Big Blue said its invention would pave the way for more secure cloud computing services. Creating so-called "encrypted blobs" and using them with other encrypted blobs for processing can yield the same results as if the data were not encrypted.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityFujitsuprivacy

More about Big BlueFujitsu AustraliaFujitsu LaboratoriesIBM AustraliaNational Security AgencySecure Computing

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Hornyak

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place