DARPA Awards Contracts For Encrypted Data Processing
How can Pentagon clouds process data quickly while it’s still encrypted, instead of having to decrypt it and thereby render it vulnerable?
By KELSEY ATHERTONon March 11, 2021 BreakingNews
Keeping data encrypted as it is processed could mitigate the harm from cyber intrusions, even by determined adversaries.
ALBUQUERQUE: This week, DARPA announced the award of several contracts that will let computers process encrypted data, instead of having to decrypt it prior to processing. That could drastically improve the security and functionality of cloud-based processing for the military, because data won’t have to switch constantly between being protected encrypted forms and vulnerable decrypted ones.
On March 8, DARPA announced the award of contracts to four research teams for the Under the Data Protection in Virtual Environments (DPRIVE) program. These teams will be led by Duality Technologies, Galois, SRI International, and Intel Federal, and will each be responsible for developing both the hardware and the software that allows for encrypted processing at speed.
Quantum computing, which threatens to overwhelm traditional encryption methods, makes developing this technology all the more urgent. “Advances in quantum computing are raising questions about the durability of some of the most advanced data protection technologies,” said DARPA program manager Tom Rondeau in a release. “These challenges underscore an urgent need to explore new secure computing models that can mitigate risk whether data is at-rest, in-transit, or in use.”
Key to this work is Fully Homomorphic Encryption (FHE), which lets inputs, processing, and outputs from data analysis all remain encrypted. When finished, the product of an FHE analysis can be decrypted, and it will be the same as if the entire calculation had been done without encryption.
“The use of homomorphic encryption protects data confidentiality of input, output and intermediate states during data processing,” said Rosario Cammarota, principal engineer and investigator for Intel Labs on the DARPA DPRIVE program. “If a data breach happens, an attacker would only have access to encrypted data – no access to the decryption keys.”
Part of the advantage of moving to cloud-based data processing, as the Department of Defense is adamant about, is that it can reduce the strain on computation resources in the field, while still delivering the results of that work where service members need it.
“The underlying mathematics and algorithms are very complex, and controlling the growth of noise when computations are performed on encrypted data is hard, and performing all this in hardware that quite challenging,” said Dr. Karim Eldefrawy of SRI International, which was awarded $11.5 Million from DARPA to pursue this program.
Fully Homomorphic Encryption can be done at present, using existing technologies, but the result is slow. It might be fine for keeping medical case studies compliant with privacy regulations, but military action often needs more timely information than that.
“A computation that would take a millisecond to complete on a standard laptop would take weeks to compute on a conventional server running FHE today,” noted Rondeau. DARPA is hoping DPRIVE can pick up the pace.
Intel’s contract with DARPA is for 42 months, with the award for the duration set at $12.4 million. Phase one will be working on the code to process the data as encrypted, followed by designing that processing into a chip in Phase 2, and creating a hardware version for Phase 3. In parallel to all this, Intel will develop the software and test in on the ability to handle both statistical analysis and machine learning.
“This is a really hard problem and we have a lot of non-trivial insights and ideas and a new hardware architecture and analysis that give us basis of confidence that we can solve it.,” said Eldefrawy.
With contracts set to run through to 2024, DARPA is betting that cloud will grow in importance for the Department, and that adversaries will invest resources in breaking into computational tools as they process data. Fortunately for the Pentagon, it is likely that the JEDI cloud contracting will no longer be contested by the time FHE is available, or that the military will have found the alternative clouds it needs to make all of this work.
Brad D. Williams also contributed to this story.