While many cybersecurity systems offer protection of the information they store in the form of encryption, a crucial limitation is the fact that this information is useless in encrypted form, and therefore to extract utility, the system must allow for its decryption in authorized situations. While there are various techniques to minimize risk during such accesses, there is no avoiding the fundamental fact that there is extra vulnerability in any solution that requires raw (decrypted) access to information. Indeed, for every solution that attempts to protect against attacks, there are counter-attacks and real-world examples that highlight the risk:
- Authorized/Credentialed Access: Subject to loss/leakage of passwords, backdoors introduced by malware, and insider infiltration.
- Firewalls: Vulnerable to attackers able to poke holes in the firewalls, and/or gaining access through improper usage by authorized users.
- Trusted Environments: Secure enclaves and trusted hardware still store data on-device, and any such environment is vulnerable to attack. Numerous known attacks on such environments call into question the viability of the “trusted environment” approach.
We avoid the cat-and-mouse game of cybersecurity solution versus attackers altogether by addressing the fundamental weakness of any such solution: the need to decrypt information in order to perform the requisite tasks that motivated the collection/storage of this information. Namely, by using novel cryptographic techniques, our technology allows for computation on encrypted data. There is enormous potential for this technology; for example:
- Aggregate Analysis. Information that is siloed in separate organizations, or even separate departments or branches within the same organization, can be combined and analyzed in aggregate, whereby only the final output of the analysis is decrypted, thereby protecting individual records.
- (Non-) Removal of Sensitive Information. Since individual records are never decrypted, sensitive user information — e.g. Personally Identifiable Information (PII) — need not be removed from records. This unlocks the potential for rich research and analyses by linking separate sources of user data.
- AI/ML on Private Data. The set of computations that we support include complex statistical analysis (e.g. Moments, Order Statistics, Regression, MLE) as well as machine learning. For example, we can generate machine learning models using encrypted records for training, as well as running the model on a private instance (only the output classification is decrypted).
Visit our the Secure Computation section of our Projects page, as well as our Toolsuite page, for more information on tools we have built that leverage the ability to compute on encrypted data.
There are numerous applications in which a person with sensitive information needs to demonstrate some property of that information, but does not want or need to reveal anything else. For example:
- Demonstrating identity, without explicitly revealing SSN, DOB, etc.;
- Demonstrating compliance with regulations, e.g. funds were spent according to some parameters;
- Demonstrating fulfillment of a contract to an independent regulator, without revealing the contract details.
Through various projects, Stealth has developed solutions that address each of the above scenarios, and many others. For example:
- Tooling for Zero-Knowledge Proofs: As part of the our work on the DARPA SIEVE program, we developed an end-to-end solution for proving statements in zero-knowledge, which includes an interpreter (for translating the statement into a ZK-friendly format), statement parser, and software for running the “Prover” and “Verifier”.
- Auditing of Community-Maintained Database: When several independent users (a few or millions) contribute sensitive data to our Secure Database, we offer assurances that each user is faithfully uploading their data, that the uploaded data is accurate, and that each user is behaving according to requisite (application-specific) regulations.
- Generic Computation on Encrypted Data: Our Secure Computation Engine allows arbitrary computation on encrypted data, which in particular can allow for checking that given encrypted record(s) satisfy some property.
Blockchains are a method for synchronizing data contributed by many users, in a manner that ensures its validity and consistency as well as guaranteeing longevity and untamperability. Blockchain is the driving technology behind cryptocurrency, and has also been proposed for several other applications, including supply-chain monitoring, auditing, and smart-contracts.
Stealth has developed a blockchain framework that provides additional security and privacy benefits over traditional blockchain systems, including:
- Faster, Cheaper, More Scalable: We leverage techniques from cryptography that allow for faster validation of information updates, to overcome shortcomings of traditional blockchain mechanism.
- Faster Search: By distributing and storing data in a structured way, we can quickly scan previous ‘blocks’ for the relevant data a user is seeking.
- Private Data Storage: While data stored on most blockchains is public, we offer an additional private storage system that integrates with the public blockchain, and allows for several features including: privacy-preserving auditing where rules can be enforced and violations identified; and aggregate analysis where private data can be linked with our secure computation engine, allowing for analyses of (encrypted) aggregate data without ever decrypting it.
See our Projects pages, and specifically the DEBLOOM, MEGA-ACE, and FISH ‘N CHIPS programs, for more information on tools we have built for blockchain applications.
When peer-to-peer communication must pass between a network of server nodes, there are several security concerns that arise based on the vulnerabilities of the network. While protection of message contents is crucial (to prevent leakage, alteration, or deletion), so too is protecting the identities of the users — and in particular keeping hidden the linkage between sender and receiver. Stealth has developed tools to do precisely this: even if a large portion of the network becomes compromised, it is not possible to link a message’s sender to its receiver.
Through various programs, Stealth has developed technology to:
- “Last-mile” Secure Communication: Preventing unauthorized access, by eavesdropping, wiretapping, or other “shoulder surfing” leakage between the user and the device.
- Anonymized Communication: For communications transmitted through a network, breaking the link between the sender of a message and the recipient of the message.
Our Projects pages, and specifically the RACE, MATH, MASQUERADE, and ETERNAL projects, have additional information on tools we have built that protect communication between users.
Even when data is encrypted, sensitive information can still be revealed via its metadata or knowledge of access patterns that indicate who (which users), what (which records), where, when, why, and how the records are accessed. Stealth offers numerous tools that minimize such “indirect leakage”, such as:
- Search on Encrypted Records: Our secure database technology allows a database to process queries and return results, while performing the search (i.e. finding the matching records) over encrypted data. Indeed, our technology goes well beyond simply hiding the underlying data records from the server:
- The number of records returned and knowledge of which records were returned is hidden
- The user’s query is hidden
- Policy rules can be enforced, where the policies themselves are hidden
- Data-dependent rules can be enforced, without revealing the rules and when they are triggered
- Private Information Retrieval (PIR): Allows users to retrieve a record from a database, while hiding (from the database server) which record was retrieved.
- Oblivious Access: For generalized access, such as a series of create/read/update/delete (CRUD), ORAM enables the ability to hide which requests are made, while hiding which CRUD operation(s) were performed as well as the location(s) accessed and the values that were read/written.
See our Projects pages, and specifically the Durasift, Brandeis/PIPE, SMP, and the SPAR/ENTACT/SPARSE series, for more information on tools we have built supporting secure databases.
Over its nearly two decade history, Stealth has developed an extensive suite of privacy-enhancing technologies. Furthermore, many of the programs we have participated in had a research component that allowed us to push forward the state-of-the-art capabilities of essential cryptographic primitives that are then utilized as the building blocks of integrated solutions. Indeed, as a result of this work, we now offer an extensive cryptographic library, with modular components that can be swapped in as part of larger solutions. For example, our library includes:
- Tools for Protecting Metadata and Indirect Leakage: In Cryptographic terms, these tools provide highly performant and secure instantiations of the cryptographic primitives: Oblivious Transfer (OT), Pseudo-Random Generators (PRGs), Function Secret-Sharing (FSS), and Oblivious RAM (ORAM); among others.
- Tools for Running MPC: our machinery allows for two or more entities, who each hold data that they want to use as part of a computation, to compute the desired result without exposing their own data to any external entity.
- Tools for Zero-Knowledge Proofs: We have tools for generating, parsing, and running Zero-Knowledge Proofs.
- Tools for Lifting Legacy Code: Our software will automatically translate old code (written in a language/version with known security vulnerabilities) into code that can leverage built-in security features of newer languages.