If you use any online social networks, e-mail programs, data storage service or music platforms, you are almost certainly using cloud computing.
Cloud computing is a way of giving access to shared resources such as computer networks, servers, storage, applications and services. Individuals and organisations can place their data in the cloud and enjoy unlimited storage free or at a relatively low cost. Cloud Computing allows services such as email to be offloaded, reducing companies' development and maintenance costs.
Despite all the advantages that cloud computing has to offer, the security and privacy of data are probably the biggest concerns that individuals and organisational users have. Current efforts to protect users' data include measurements such as firewall, virtualisation – running multiple operating systems, or applications simultaneously – and even regulatory policies, yet, often users are required to provide information to service providers. Cloud computing software and hardware are anything but bug-free, so sensitive information might be exposed to other users, applications and third parties. In fact, cloud data breaches happen every day.
In a research project that is run by Robert Deng, the Axa Chair of Cybersecurity, and his team, are aiming to provide cloud data security and privacy protection under a new threat model that more accurately reflects the open, heterogeneous and distributed nature of the cloud environment.
This model assumes that cloud servers, which store and process users data, are not to be trusted to keep users data and the processing results confidential, or even enforce access limitation correctly. It is a radical departure from the traditional threat model for closed enterprise IT systems, which assume that servers can be trusted.
The approach of the research project is to embed protection mechanisms, such as encryption and authentication, into the data itself. In this way, data security and privacy remain, so when the cloud itself is compromised, the data will be safe.
The research project has also created a suite of techniques for scalable access control and computation of encrypted data in the cloud. The research team also built an attribute-based secure messaging system as a proof-of-concept prototype.
The system is designed to provide end-to-end confidentiality for enterprise users and is built on the assumption that the cloud itself doesn't necessarily keep users' messages confidential.
To understand how it works, imagine that you’re depositing valuables in a house to which you have a key and that, from time to time, you want to move these valuables to other friends’ houses where unknown people may come and go. Each of your friends keeps his or her key, but not all have the same access privileges: their keys can only open certain houses based on the access they have. Such privileges and key sets are managed by a key master who stays elsewhere.
Every user in the system has a set of attributes that specify the user's privileges to receive and decrypt messages. For example, Bob’s set of attributes could be “student, school of business” while Jacqueline’s are “student, school of information systems”. At the user registration stage, the key master issues each person a decryption code based his or her attributes.
The system is highly efficient, and the research team is hopeful that it can help people using cloud storage and computing in a more secure manner.