Artificial Intelligence and Data Analytics (AIDA) Guidebook

order to increase security of data transfer. This is particularly important when users transmit
sensitive data, such as by logging into a bank account, email service, or health insurance
provider. Any website, especially those that require login credentials, often uses HTTPS. A
primary use case of TLS is encrypting the communication between web applications and
servers, such as web browsers loading a website. TLS can also be used to encrypt other
communications such as email, messaging, and voice over IP (VoIP). FTPS is a secure file
transfer protocol that allows businesses to connect securely with their trading partners, users,
and customers. Sent files are exchanged through FTPS and authenticated by FTPS supported
applications such as client certificates and server identities.
When compared to the data in transit, data at rest is generally harder to access, which means
that oftentimes private information, such as health records, are stored this way. Making the
interception of this data more valuable to hackers and more consequential for victims of cyber-
attacks. Despite the greater security, there is still a risk of this data being intercepted by
hackers through cyber-attacks, potentially causing private information such as addresses and
financial records to be released, putting an individual’s safety at risk. Protecting all sensitive
data, whether in motion or at rest, is imperative for modern enterprises as attackers find
increasingly innovative ways to compromise systems and steal data.

If the data must be protected for many years, one should make sure that the encryption
scheme used is quantum-safe. Current publically available quantum computers are not
powerful enough to threaten current encryption methods. However, as quantum processors
advance, this could change. Most current public-key encryption methods (where different keys
are used for encryption and decryption) could be broken with a powerful enough quantum
computer. On the other hand, most current symmetric cryptographic algorithms (where the
encryption and decryption keys are the same) are not susceptible to quantum attacks,
assuming the keys are sufficiently long.11
For applications where confidentiality of the data in use is of utmost importance, additional
technologies could be used. When one wants to keep the data private even while it is being
processed, there are a number of technologies that can be employed independently or, in some
cases, even together. These include homomorphic encryption, differential privacy, federated
computing, and synthetic data. Homomorphic encryption is a technique that allows operations
to be performed on encrypted data without decrypting it.12 This permits the confidential
processing of data on a system that is untrusted. The results of the computation can only be
only decrypted with the original key. The biggest barrier to widespread use of homomorphic
encryption has been its poor performance. It is significantly slower than performing the

11
http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010
-c1.pdf
12
See https://eprint.iacr.org/2015/1192 for an overview of homomorphic encryption and related technologies

Page 19