MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The quantity of data on this planet topped an astounding 59 zetabytes in 2020, a lot of it pooling in data lakes.

Related:  The importance of basic research

We’ve barely scratched the floor of applying synthetic intelligence and superior data analytics to the uncooked data accumulating in these gargantuan cloud-storage constructions erected by Amazon, Microsoft and Google. But it’s coming, within the type of driverless automobiles, climate-restoring infrastructure and next-gen healthcare expertise.

In order to get there, one large technical hurdle have to be surmounted. A brand new type of agile cryptography should get established so as to robustly protect privateness and safety as all this uncooked data will get put to business use.

I lately had the possibility to focus on this with Kei Karasawa, vp of technique, and Fang Wu, advisor, at NTT Research, a Silicon Valley-based suppose tank which is within the thick of deriving the maths formulation that will get us there.

They outlined why one thing referred to as attribute-based encryption, or ABE, has emerged as the premise for a brand new type of agile cryptography that we will want so as to kick digital transformation into excessive gear.

For a drill down on our dialogue, please give the accompanying podcast a pay attention. Here are the important thing takeaways:

Cloud exposures

Data lakes proceed to swell as a result of every second of daily, each human, on common, is creating 1.7 megabytes of fresh data. These are the rivulets feeding the data lakes.

A zettabyte equals one trillion gigabytes. Big data simply retains getting larger. And we people crunch as a lot of it as we are able to by applying machine studying and synthetic intelligence to derive cool new digital companies. But we’re going to want the assistance of quantum computer systems to get to the actually wonderful stuff, and that {hardware} is coming.

As we press forward into our digital future, nevertheless, we’ll additionally want to retool the public-key-infrastructure. PKI is the authentication and encryption framework on which the Internet is constructed. It works by issuing digital certificates to confirm the authenticity of the servers ingesting the data trickling in from our smartphones, Internet of Things sensors and the like.

Just as crucially, PKI is the framework for encrypting data in transit; it really works by issuing units of decryption keys – a public key on the server facet, and a non-public key on the consumer facet. This association has gotten us this far – however it’s too brittle, from a safety perspective, to carry us ahead.

Karasawa cites the instance of an organization electronic mail server that has a public key and points non-public keys to all its customers. Each non-public key serves a slim perform: it offers the identical sort of authenticity and stage of access to every consumer.

This creates publicity. The finest proof of that is how electronic mail has change into a battleground the place corporations should frequently defend attackers’ endlessly artistic efforts to manipulate electronic mail to flow into malware and distribute phishing ruses.

And this publicity doesn’t go away by changing the corporate’s on-premises electronic mail server with a cloud-based electronic mail service, Karasawa says. In reality, it highlights how the migration to cloud companies has expanded the assault floor.


“When you create an electronic mail archive within the cloud, you want to share secret keys to the entire dataset, so everybody can learn all the data within the cloud,” Karasawa says. All the attacker wants to do, he says, is to take over the account of a authentic consumer to attain deep access to quite a lot of delicate data saved within the cloud. And menace actors have change into  adept at account takeovers.

Attribute-based access

Clearly, our method to issuing secret consumer keys wants rethinking. And that is the place attribute-based encryption – ABE — enters the image.

Some context: attribute-based access management – ABAC — is a long-standing methodology by which attributes, or traits, reasonably than roles (corresponding to approved electronic mail consumer) are used to decide access.

The National Institute of Standards and Technology has issued intensive ABAC pointers. The NIST requirements function a roadmap exhibiting how to extra granularly handle access rights for folks and methods with out unduly burdening customers or system directors.

ABE is a brand new type of public-key encryption by which it’s doable to subject non-public keys that work solely when a particular set of circumstances are met – and people circumstances can vary from simplistic to intensive.

In quick, ABE makes it doable to subject extremely custom-made non-public keys designed to serve very granular functions. This capability to push attribute-based access down the encryption stage goes to be important to preserve the integrity of the next-gen sensible infrastructure and sensible digital companies.

These modern methods, actually, are ramping up as we speak, as 5G connectivity, which permits for a lot denser distribution of IoT sensors, achieve an increasing number of traction. Our cities, transportation methods, houses, workplaces and even clothes are getting smarter, day-by-day, trickling ever extra data into the data lakes. As absolutely the variety of legacy encryption keys retains rising, it’s turning into an increasing number of evident that one-size-fits-most cryptography options gained’t be sufficient.

Encrypting simply as soon as

Consider the instance of an aged couple counting on sensible companies. Data from IoT sensors on this hypothetical couple’s dwelling, automobile, home equipment and varied well being screens will trickle right into a data lake. A small military of specialists — from software program builders and varied service suppliers to medical workers and members of the family — will leverage apps to help this couple.

These apps, in flip, will make use of data saved in data lakes. Yet every get together on this instance wants access to just a few particular drops of data from the lake. And the couple’s privateness will want to be preserved.


“If you used the standard manner of doing individualized encryption, you’d just about have to encrypt each time with totally different keys,” Wu says. “ABE permits you to encrypt as soon as, after which subject totally different sorts of keys to totally different customers, relying in your insurance policies. So from that perspective this offers you a way more environment friendly manner of defending the data.”

This method aligns with NIST’s lengthy established requirements for attribute-based access controls – ABAC–  typically.  ABAC is a confirmed methodology of authorization primarily based on evaluating attributes related to the topic or object and correlating that data with insurance policies, rules and relationships.

By applying those self same rules to PKI keys, ABE “gives for a way more fine-grained definition of delicate data,” Karasawa advised me. “People can take into consideration offering extra versatile IoT companies and different kinds of companies.”

We are going to want a extra granular method to encrypting the data flowing into our data lakes. The cool new companies derived from the huge quantities of data collected by next-gen IoT methods demand it – these companies merely can’t be too straightforward to corrupt.

Karasawa identified the instance of facial-recognition methods gaining the capability to precisely establish faces in video streams. “That data can embrace unsure privateness, so these access rights want to be fastidiously approved,” he observes.

ABE is on the cusp of wider productization. It holds the potential to assist us make greater use of all these zetabytes of data flowing into data lakes – in ways in which respect private privateness and retains operational data safe. I’ll maintain watch, and maintain reporting.


Pulitzer Prize-winning enterprise journalist Byron V. Acohido is devoted to fostering public consciousness about how to make the Internet as non-public and safe because it ought to be.

(LW gives consulting companies to the distributors we cowl.)


*** This is a Security Bloggers Network syndicated weblog from The Last Watchdog authored by bacohido. Read the unique submit at:

Related Posts