Friday, 24 July 2009

Securing data in the cloud?

One of the big concerns for would-be users of cloud services at the moment is around the protection of their private or sensitive data from other users of the service or the providers of the service. Data can hang around for a long time once it's in the cloud or even just on the Web. There have been some interesting developments in this space, albeit of an academic nature i.e. stuff to take a look at but not necessarily to use in real life!

Firstly, back at Cloud Camp London 4, Miranda Mowbray of HP presented a mechanism for obfuscating data on-premise and then processing only that obfuscated data within the cloud. The unobfuscated data is then only available within the secure (*cough*) on-premise location. There are some problems with Miranda’s approach from the point of view of an enterprise whereby the cost of a data compromise could outweigh the cost of a frequency analysis (or even better a chosen plaintext) attack, however it may have some value for the more casual user or for less sensitive data. It was stated that Miranda hoped to open source the project but I don’t believe that’s happened yet – an abstract of the HP Labs technical report can be found at http://www.hpl.hp.com/techreports/2009/HPL-2009-156.html but no link to the full paper unfortunately.

Secondly, there’s the Vanish project of the University of Washington - http://vanish.cs.washington.edu/index.html. It’s an interesting method for ensuring the inaccessibility of data after a set period of time that utilises the churn of peer to peer hash tables to ‘lose’ elements of a distributed encryption key over time. Once the key is no longer available, the data is no longer accessible. I can see how this may be of value to individuals looking to ensure their individual privacy – I’m really not as convinced that this is acceptable in the corporate or government worlds given their discovery and reporting requirements. But I’m no lawyer – take a look for yourselves!

Hmmm… it’s going to be an interesting space – at least until someone can come up with a practical mechanism implementing homomorphic encryption. I’m not holding my breath :0)

(http://www.schneier.com/blog/archives/2009/07/homomorphic_enc.html)
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)