Use of the Cloud has boomed in recent years. The most familiar reason for this is as a storage solution with the Cloud’s main selling points being accessibility from anywhere and representing a convenient backup for files.
Unfortunately, Cloud service providers can’t always be trusted to prioritise security for users. For example, in 2011 Dropbox was caught out with inconsistencies – simultaneously claiming that it could not decrypt user files whilst claiming that it could detect duplicate files. After this was pointed out, Dropbox changed its website information to say that instead of Dropbox being unable to access files, Dropbox employees are ‘prohibited from’ accessing files. This difference of ‘can’t’ and ‘won’t’ is an important one.
Another real-world reason for not trusting the Cloud is the possibility of the Cloud being hacked, as happened with the infamous Sony Pictures hack. Companies which handle personal data can face legal liability if that data is stored in the Cloud and subsequently leaked. These examples show that contracts alone cannot be relied upon for security.
The Cloud is by definition a third party. Security looks at making sure that control ultimately lies with the end user. The question becomes: How do we keep control of our data even when that data is stored by someone else?
Thankfully, cryptography provides users a means for taking security into their own hands. Encrypting files prior to storage means that the Cloud will not be able to access your files, even if they wanted to. Authenticated encryption additionally allows users to make sure that the file has not been changed. If the Cloud were used for storage alone with one user accessing one account, we could end the discussion there. However, Cloud service providers today offer much more than storage alone.
Unfortunately, this trend of outsourcing functionality makes security much harder to achieve. Perhaps more worryingly, this outsourcing to untrusted servers has led to the creation of some new, ‘secure’, technologies which do not stand up to scrutiny.
One example of this is order-preserving encryption. Order-preserving encryption was created to make database queries possible even when the database is encrypted. Each entry is encrypted, and when a user wants to query a range of the data, they can send a request which returns this range without decrypting the data. Whilst this is a useful idea in theory, in practice, order-preserving encryption schemes do not meet even the minimal security expected from cryptographic algorithms. It was designed by database practitioners as opposed to cryptographers and this lack of expertise shows as soon as the principles behind it are scrutinised. Arguably, the illusion of security is worse than having no security at all. We need to be careful when we consider Cloud functionality and security and make sure that the secure technologies we use are trustworthy.
Modern cryptography is taking steps towards better security in untrusted environments. In recent years there have been significant advances in fully-homomorphic encryption, which allows processing over encrypted data without that data being decrypted. Whilst many consider this to be the ‘holy grail’ of cryptography, it’s still worth bearing in mind that even when fully-homomorphic encryption is ready for commercial use, we will still face challenges of how the Cloud might be able to abuse this power.
So, what are the take-home messages? First, remember that the Cloud is ultimately a third party and consider the risks of using it. I am not saying that no one should ever use the Cloud (such an assertion would fail to consider the many reasonable advantages of using the Cloud), merely that there are inherent risks involved. Secondly, functionality and security are a trade-off in Cloud settings. This is something we need to remember moving forward as the Cloud is used for increasingly bigger and better things. Ideally, Cloud service providers should be more open with regard to how they use data so users can get a better sense of what the security trade-offs are. Finally, whether or not the technology exists which can guarantee security depends entirely on the application. Some security problems can be solved using cryptography, but there is still a long way to go before cryptography can give users complete control over outsourced data.