New Encryption Tools for the Cloud

Georgia Tech Researchers Tackle Key Security Issues

Paul Royal

Paul Royal

Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.

This encryption research, designed to address security concerns associated with cloud computing, is highlighted in Georgia Tech's just-issued Emerging Cyber Threats Report 2014.

The university has developed an application called CloudCapsule that encrypts data on mobile and other devices before its securely transmitted and stored in the cloud, Royal explains in an interview with Information Security Media Group.

Encrypting data before it enters the cloud provides protection against cybercriminals seeking to pilfer data and governments demanding keys to decrypt data on servers situated in their jurisdictions, Royal says. "For those reasons, we feel it is best for the encryption to occur before the data leaves the device and goes into the cloud," he says.

Georgia Tech has completed a version of CloudCapsule for Apple's mobile platform, which is available upon request. It's working on a version for Android devices.

Searchable Encryption

In a related effort, Georgia Tech researchers are continuing work on a method for enabling a search of encrypted data stored in the cloud. "What that means is that when you search, your criteria is likewise encrypted and the encrypted representation of your basic keyword search is used over that data," Royal says. The data would not be decrypted until it's delivered to the end-user's device.

In the interview, Royal also addresses:

The development of software to determine if a device on a network is legitimate by analyzing its unique traffic patterns. Royal says the properties and responses of counterfeit or corrupted devices aren't the same as those of the altered wares mimicking them. The implications of the bring-your-own-device trend for security application development. Steps researchers are taking to help ensure that any newly developed security solutions can be easily applied.

Royal is a research scientist in the College of Computing at Georgia Tech. In this role, he engages in collaborative research on various facets of the online criminal ecosystem. Earlier, Royal served as principal researcher at Purewire, where he identified emerging threats and designed methods that enhanced the company's web security service.