How to Deliver High-Performance Encryption to Ensure the Security and Privacy of Patient Data

President Obama recently unveiled the Precision Medicine Initiative — a bold new enterprise to revolutionize medicine and generate the scientific evidence needed to move the concept of precision medicine into every day clinical practice. The million-dollar question, or multi-million-dollar question, is how do we make this mainstream?

The emerging platform will be this amalgamation of data from payers, clinics, EHRs, images, laboratories, contract research organizations, pharma, and an analytics tool to make sense of all this data. Then to accelerate innovation and foster collaboration, we need tools to make all this valuable data we have amassed public for clinicians, researchers and bioinformatics specialists to practice their art.

Partnering with the Multiple Myeloma Research Foundation (MMRF), GenoSpace is leveraging Intel® AES-NI technology to deliver high-performance encryption to ensure the security and privacy of patient data and needed analytics MMRF requires to further its mission of  accelerating the pace of treating and curing multiple myeloma and changing the paradigm of how all cancer research is conducted.

The GenoSpace architecture is hosted on Amazon Web Services (AWS) which provides flexibility and scalability for it developers and customers. To ensure the utmost security for this public cloud implementation, GenoSpace takes a ground-up approach to encryption. Its solutions gather all of the data that will be subject to analysis and layer encryption on top of that to safeguard the confidentiality of sensitive healthcare data stored on AWS or data that travels over the Internet. This adds an important extra measure of protection to AWS built-in security features.

Recently, GenoSpace evaluated the benefits of Intel® Advanced Encryption Standard New Instructions (Intel® AESNI), a silicon-based instruction set that accelerates encryption on Intel® Xeon® processors, which GenoSpace uses to process data. Meeting its customers’ performance and usability demands was a key objective for GenoSpace, given the amount of encryption and decryption that occurs when its software is used for analytics. To determine how the query response time of its population analytics application would be affected by encryption and by the hardware encryption acceleration that Intel® AES-NI provides, GenoSpace ran a series of tests focused on measuring the performance aspects of encrypting and decrypting stored data.

The key findings of this test revealed that Intel® AES-NI-enhanced encryption had a markedly positive influence on the performance of the GenoSpace Population Analytics application.

  1. Provider library choice significantly impacts results. The choice of encryption provider library and AES mode had the largest impact on performance. While Bouncy Castle showed no appreciable improvement with respect to Intel® AES-NI, the NSS library with Intel® AES-NI enabled performed more than 78% faster than Bouncy Castle and is the obvious choice for encryption. For decryption, NSS was approximately 96 percent faster than Bouncy Castle and 90 percent faster than SunJCE. With respect to AES modes, ECB, which is the simplest algorithm, outperformed other modes. However, because ECB is less secure than the other modes, and given the sensitivity of healthcare data, it is generally not appropriate for healthcare applications. For best performance and security, test results implied that the combination of CBC and the NSS provider library should be used, as it has the shortest routine time.
  2. Intel® AES-NI significantly decreases the impact of increasing key length. Typically, increasing the length of the AES encryption key (which functions much like a password) to strengthen security also increases encryption/decryption time. As key length increases, one expects a near linear increase in encrypt/decrypt times. But the study showed that by using NSS with Intel® AES-NI, the impact of doubling key length was reduced twenty-fold.
  3. The benefits of Intel® AES-NI increase with the size of data sets. In Phase 2 of the study, where sample genomic data was used, GenoSpace found that enabling Intel® AES-NI improves request times by nearly 9 percent. In fact as the size of the data sets scales up, there are even greater performance gains—an almost 14 percent improvement.
  4. Intel® AES-NI had less impact on the application’s overall performance. GenoSpace concluded that with Intel® AES-NI, encryption can scale more efficiently than other operations, such as data serialization, sorting, and filtering.

Intel® AES-NI-enhanced encryption significantly enhances the performance and usability of the GenoSpace Population Analytics offering, which, in turn, results in increased user productivity and satisfaction with the overall solution. Enabling high-performance and secure solutions paves the way for healthcare organizations to embrace the use of genetic population analytics to significantly increase the effectiveness of research, healthcare, and disease treatment options.

While healthcare workers and researchers put these tools to work, they can be confident that Intel® AES-NI accelerated and hardened encryption can help mitigate serious security breaches.

What questions about encryption do you have?