martes, 18 de septiembre de 2018

Ficha del recurso:


Vínculo original en TechnologyReview (Web)
David Talbot

Fecha de publicación:

miércoles, 11 de noviembre de 2009

Última actualización:

jueves, 12 de noviembre de 2009

Entrada en el observatorio:

jueves, 12 de noviembre de 2009



Archivado en:

Searching an Encrypted Cloud

Researchers are working on ways to make encrypted data easier to find.

Recent advances in cryptography could mean that future cloud computingservices will not only be able to encrypt documents to keep them safein the cloud--but also make it possible to search and retrieve thisinformation without first decrypting it, researchers say.

\This will be a challenging endeavor,\" says Dawn Song,a computer scientist at the University of California, Berkeley, who hasmade fundamental research contributions to using encrypted searchstrings to find encrypted documents. \"However, some of these recentadvances are very powerful and, if cleverly engineered and deployed,could lead to significant advances,\" in adding security and privacy tocloud computing over the next few years.

At the ACM Cloud Computing Security Workshop in Chicago tomorrow, Microsoft Research will propose a theoreticalarchitecture that would stitch together several cryptographictechnologies in various stages of development to make the encryptedcloud more searchable. The basic idea is that cloud users coulddownload software that would encrypt their data before it\'s sent intothe cloud. In addition, the software would issue encrypted strings,called tokens, which can be used to check that documents are intactand--crucially--to search their contents without first having todecrypt them.

While the underlying technologies weren\'t developed by Microsoft,\"we want to show how existing and emerging cryptographic techniques canbe combined to make data in the cloud more secure,\" says Kristin Lauter, head of the Cryptography Group at Microsoft Research, who will describe the proposal tomorrow.

Story continues below


While cloudcomputing has exploded in popularity in recent years thanks to thepotential efficiency and cost savings of outsourcing the management ofdata and applications, a few high-profile glitches and hacks have leftmany potential users worried, and prompted experts to suggest that newtechnologies may be needed.

For example, early this year, a hacker who guessed the correctanswer to a Twitter employee\'s security question was able to extractall of the documents stored in Twitter\'s \"Google Apps\" account. And, inMarch this year, a software bug led to a foul-up in the sharingprivileges of Google Docs. As a result, for a small number of users (afraction of 1 percent), choosing to share a single document instantlygave that contact access to all other shared documents, too.

Encrypted search architectures and tools have been developed bygroups at several universities and companies. Though there are avariety of different approaches, most technologies encrypt data in afile--as well as tags called metadata that describe the contents ofthose files--and issue a master key to the user. The token used tosearch through encrypted data contains functions that are able to findmatches to metadata attached to certain files, and then return theencrypted files to the user. Once the user has the file, he can use hismaster decryption \"key\" to decrypt it.

While some parts of these encryption processes are already mature,the technologies needed to execute encrypted search are still painfullyslow because of the heavy computation involved. Unless limits areimposed on the extent of the search, conducting a general search evenwith a single word could take \"tens of seconds\" to complete, says Radu Sion,a computer scientist at Stony Brook University in New York, who isco-chairing the cloud security workshop tomorrow. Performing searcheswith two or more words, if possible at all, could increase the neededcomputation exponentially, he adds.

Microsoft\'s report is an architecture proposal, and does notdescribe a new advance in the underlying encryption technologies. But,along with other research groups, the company\'s research team isworking on next-generation search using more computationally efficientversions of cryptography.

\"Cryptographic storage and key management are interesting areas, andwe are exploring some of the technologies that are discussed on atheoretical basis in this [Microsoft] report,\" says Eran Feigenbaum,director of security for Google Apps. But Feigenbaum notes that it\'snot clear how such techniques could be used while still allowing cloudusers to collaborate on documents in real-time. \"There are significantimplementation challenges that would need to be addressed,\" he added.

Still, Sion says that the new technologies and architectureproposals are badly needed. \"This would be a first step to providingtechnologies that address the new liabilities the cloud brings,\" hesays. \"You don\'t want the cloud having access to your data, number one,and being subpoenaed for your data, number two. The cloud hosts allyour stuff--but you don\'t want to shift all your liability to a lawyerin the cloud.\"