Friday, November 15, 2024

Financial Crimes Prevention, Detection and Investigation Utilizing Fully Homomorphic Encryption (FHE) for Secure Data Sharing

According to DARPA, the Defense Advanced Research Projects Agency, Fully Homomorphic Encryption (FHE)is the Holy Grail of data security.

What is FHE?

FHE, or Fully Homomorphic Encryption was originally developed at Stanford University by Craig Gentry to enable computing on encrypted data sets, keeping the underlying confidential data secure. Gentry’s scheme, uses lattice-based cryptography, addition, and multiplication operations on ciphertexts, introducing noise, and bootstrapping, ultimately resulting in indecipherable ciphertext.

Why is FHE Important?

FHE enables computation on encrypted data without exposing any information about the underlying data. In short, a party can encrypt input data, while another party, that does not have access to the decryption key, can blindly perform computation on this encrypted input. The final result is also encrypted, and it can be recovered only by the party that possesses a unique key. Thus, data can remain encrypted and obfuscated while it is processed, enabling useful analytical output results to be accomplished with data residing in untrusted environments.

FHE allows for extracting intelligent data analytics without ever decrypting the data to expose the underlying plaintext data, whether it is intellectual property (IP), financial information, personally identifiable information (PII), customer data, intelligence insight, or other forms of information. Privacy and data security become achievable goals with FHE, allowing for a wide range of services to become accessible while maintaining full confidentiality of the data, the application, and service results.

How is FHE applicable to banking, data sharing and crime prevention?

FHE enables data sharing and secure collaboration across highly regulated industries. Using FHE to support AI models allows financial institutions to leverage intelligent insights from data assets to deliver better products, and policies to support services across credit card partners, loans, and even mergers and acquisitions without disclosing confidential information.

In addition, FHE allows for secure data sharing across borders to detect fraud and money laundering while remaining compliant with regulations.

Banking and financial data is highly sensitive, proprietary, and needs to be kept secure and private. As a result, it is currently not possible for financial institutions to share these sensitive data sets for valuable insights without exposing the underlying confidential data.

This is where FHE comes in.

To fight current and prevent future financial crimes, institutions, organizations, and jurisdictions need to share data securely.

Financial crime prevention/prosecution requires multiple parties and organizations communicating and collaborating, and there is a currently a trend in this direction. FHE will increase the efficacy of these collaborations and secure data sharing.

According to the U.S. Patriot Act, section 314(b), two or more financial institutions, and any association of financial institutions, can “share information with one another regarding individuals, entities, organizations, and countries suspected of possible terrorist or money laundering activities.” Thankfully, there is a growing trend of cooperation, collaboration, and communication between these entities, which will continue to expand as data security improves, thereby mitigating exposure risks. Fully Homomorphic Encryption is a key component of these efforts and allows for early detection and warnings without exposing confidential data, and WITHOUT the need to invoke the US Patriot Act.

According to the US Treasury Financial Crimes Enforcement Network, approximately 40%1 of U.S. depository institutions are currently registered to participate in business-to-business information sharing through the 314(b) program. In addition, the three largest Dutch banks recently stated they would establish an agency to monitor all their transactions2. Eight Nordic and Baltic countries have also signed up to share money laundering information3.The EU and UK have also passed several anti-money laundering regulations and directives to enable data sharing between organizations, jurisdictions, and institutions.

The reason Fully Homomorphic Encryption is so critical to the sharing and security of finance and banking data is simple: The only person or entity who can access the encrypted data is its owner. In this scenario, other financial data security schemes become unnecessary. All of the information is always encrypted, even when it’s being used. The results of all data manipulation are also encrypted. The impact this can have on tracking financial transactions, exposing money laundering and identifying financial fraud on a global scale is staggering.

Fully Homomorphic Encryption secures data and models while using that data to perform computations and analysis. This is vastly different from other encryption schemes as it’s the only model to protect data, at rest, in transit, and in use. Since the underlying raw data is never exposed, this opens opportunities to extract both intelligent insights and monetary value from secure data sets, especially with the cooperation of other entities while remaining compliant.

Fully Homomorphic Encryption enables financial institutions to share data internally, across organizations, across jurisdictions, and around the globe.

FHE provides financial crimes investigators and security experts an opportunity to detect patterns associated with money laundering and financial crimes by performing analysis of the encrypted data, while obscuring the underlying plaintext sensitive customer and account information. This approach ensures privacy, faster fraud detection supporting more strenuous investigations and prosecutions of financial crimes.

The current challenge with FHE is its massive computational load4, making it a slow and laborious task on current commercially available computing processors. With the advent of next generation post Von-Neumann architectures5, these FHE workloads can be processed in real-time. This allows financial institutions to keep the data encrypted during use, preventing costly cybercrimes while meeting privacy regulations. The methodology of tracking patterns on encrypted datasets can assist investigators in detecting financial crimes, more rapidly expediting investigations.

  1. (https://www.fincen.gov/news/speeches/prepared-remarks-fincen-deputy-director-jamal-el-hindi-delivered-sifma-20th-anti )
  2. (https://www.reuters.com/article/us-netherlands-banks-money-laundering/dutch-banks-join-forces-in-fight-against-money-laundering-idUSKBN2492Q9)
  3. (https://www.wsj.com/articles/nordic-baltic-regulators-agree-to-share-info-on-money-laundering-threats-11557874253)
  4. https://www.globalsecuritymag.com/Security-and-Performance-of,20210601,112333.html
  5. https://semiengineering.com/von-neumann-is-struggling/

Latest