Thought Leadership

Data Privacy and Security: A Look at Data at Rest, in Transit, and in Use

January 30, 2024

In the era of digital transformation, data privacy, and security have become paramount. As data moves through different stages - at rest, in transit, and in use - it becomes vulnerable to various threats. This post will delve into these stages, the associated risks, and the methods used to mitigate these risks. We'll discuss each stage in two separate sections: privacy and security, to provide a clear understanding of the techniques involved.

Overview of methods in data @rest/transit/use

Data at Rest

When we talk about "data at rest," we're referring to any data stored on physical or digital storage mediums. This could be anything from databases and file systems to other structured or unstructured storage platforms. The security and privacy of this data are crucial as it remains stationary, making it a potential target for unauthorized access or breaches.

Privacy of Data at Rest‍

Data at rest, while seemingly dormant, can be a treasure trove of information for malicious actors. Ensuring its privacy means taking steps to make sure that even if someone gains unauthorized access, the data remains unintelligible and useless to them.

Anonymization and Pseudonymization

Anonymization and pseudonymization are methods used to protect personal data by removing or encrypting personally identifiable information. These techniques are often used in data sharing and open data scenarios. However, they are not foolproof, as sophisticated techniques can sometimes re-identify anonymized data.

Differential Privacy

Differential Privacy (DP) adds noise to the results of data queries to provide privacy guarantees and prevent the identification of individuals within a dataset. DP is used in data analysis where privacy is a concern, such as in census data. While it provides strong mathematical guarantees of privacy, it requires careful selection of privacy parameters and may reduce data utility due to noise addition.

Security of Data at Rest

Ensuring the security of data at rest is akin to safeguarding a vault. It's about putting up barriers that prevent unauthorized access, and even if someone manages to break in, making sure they can't decipher the contents.

Model Encryption

Model Encryption is used in machine learning to protect the intellectual property of models. It involves encrypting the model parameters to prevent unauthorized access. For example, a company might use model encryption to share a proprietary machine learning model with a business partner without revealing the underlying parameters that make the model work.

AES (Advanced Encryption Standard)

AES is a symmetric encryption algorithm established by the U.S. National Institute of Standards and Technology (NIST) in 2001. It is a block cipher that encrypts data in fixed-size blocks (128 bits in the case of AES), and it's used widely across the globe to protect sensitive data.

Data in Transit

Data in transit refers to the active movement of data across networks. As it travels, it's exposed to various vulnerabilities, making its protection both a challenge and a necessity. The dynamic nature of data in transit requires real-time solutions to ensure its integrity and confidentiality.

Privacy of Data in Transit

As data moves, it becomes a moving target. Ensuring its privacy during transit means making sure that even if it's intercepted, it remains a jumble of meaningless information to the interceptor.

Homomorphic Encryption

Homomorphic Encryption (HE) is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext. This is particularly useful in cloud computing, where sensitive data can be processed in an encrypted form, and only the user with the decryption key can see the results.

Security of Data in Transit

Data in transit is like a convoy moving valuable assets across a hostile territory. The goal is to ensure the convoy reaches its destination without any breaches, and if there are any attempts to intercept, they are effectively thwarted.

HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

RSA (Rivest-Shamir-Adleman)

RSA is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and distinct from the decryption key which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.

Data in Use

Data in use pertains to data that's actively being processed or accessed. This could be data in a machine learning model, a database operation, or even being displayed on a screen. Given its active state, it's exposed to real-time threats, necessitating immediate protective measures.

Privacy of Data in Use

When data is in active use, it's like a live broadcast. Ensuring its privacy means making sure that only authorized viewers can understand the broadcast, while others, even if they tap into it, see only static.

Federated Learning

Federated Learning is a machine learning approach where the model is trained across multiple decentralized devices or servers holding local data samples, without exchanging them. This is useful in scenarios where you want to train a model on data distributed across multiple devices.

Secure Multi-Party Computation (SMPC)

Secure Multi-Party Computation (SMPC) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. This is useful in scenarios where multiple parties need to compute a function over their inputs (like a shared model) while keeping those inputs private.

Fully Homomorphic Encryption (FHE)

Fully Homomorphic Encryption (FHE) is an advanced form of homomorphic encryption that allows arbitrary computation on plaintexts by performing these computations directly on the ciphertext. This means that sensitive data can be processed in an encrypted form, and only the user with the decryption key can see the results. However, FHE is computationally intensive and currently not practical for most real-world applications.

Security of Data in Use

Data in use is akin to a live performance on a stage. The goal is to ensure that the performance goes on without any disruptions, and any attempts to sabotage it are promptly dealt with.

Trusted Execution Environment (TEE)

A Trusted Execution Environment (TEE) is a secure area of a main processor that guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. TEEs are widely used in mobile devices, set-top boxes, and network equipment.

FHE

Fully Homomorphic Encryption (FHE) requires special mention twice because it is useful not only for privacy but also for security.

Secure Enclave

A Secure Enclave is a type of TEE implemented in Apple's A7 or later A-series processors. It's a coprocessor that provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised. The Secure Enclave is used in Apple devices for a variety of security-critical functions, including data encryption and biometric authentication.

Confidential Computing

Confidential Computing is the protection of data in use using hardware-based Trusted Execution Environments (TEE). It focuses on securing data at rest, in transit, and in use. The goal of confidential computing is to ensure that when data is in the clear, which is required for efficient processing, the data is protected inside a TEE or similar environment.

Why Understanding This Matters for Enkrypt AI Users

For businesses and individuals leveraging Enkrypt AI's offerings, understanding the intricacies of data privacy and security is paramount. Enkrypt AI is at the forefront of securing machine learning model deployment in potentially hostile environments. Our solutions encompass the protection of model IP, the assurance of model and data privacy, the facilitation of model usage analytics, and the creation of new revenue avenues. By grasping the concepts elucidated in this post, users can better appreciate the depth, breadth, and sophistication of Enkrypt AI's offerings, ensuring they harness our tools to their maximum potential.

Empower Your Data Privacy and Security with Enkrypt AI

In the labyrinthine realm of data privacy and security, guidance is invaluable. Enkrypt AI stands as a beacon, offering state-of-the-art solutions that empower businesses to safeguard their data and ML models, especially when in use.

Reach out today to discover how Enkrypt AI can bolster your data protection endeavors and fortify your ML models.

Contact Enkrypt AI