August 2008
« Jul   Sep »




Secure Computing

Cloud computing, remote virtual machines, web mash-ups, and anything that executes on someone else’s machine with data you (or your customers) provide is really insecure. Sure you can encrypt the traffic, but in the end that remote machine is forced to decrypt that data before it’s operated on. For example, suppose I have two numbers, which I want added together. Now, if you can add, then I can send you the numbers, and you can send me back the sum. But what if I’d really rather not reveal these numbers, and I’m incapable of adding them myself?

It should be theoretically possible for me to encrypt the numbers and send them you, and let you directly perform the addition operation in the encrypted domain, sending me back the encrypted sum. It would be really difficult, however, to find an encryption operation that would allow this for addition, multiplication, and division. Yet, even if we could, it still doesn’t solve problems related to pointer arithmetic or memory addressing. It’s entirely possible that I might have computed, and therefore not want to reveal, a memory offset that the underlying processor would need for indexing an array.

Still directly processing in the encrypted domain might be useful for certain, more limited, applications.

1 comment to Secure Computing

  • QwertyPi

    The easiest technical solution I see is for the data to reside on the machine(s) that the person owns. They system would still be interfaced with the cloud, but would not exist in the cloud unencrypted.

    Algorithms would be sent to the data instead of the data being sent to the algorithms. In a word where data is increasing it might be easier to send the algorithm than the data.

    Having said that, I doubt that this is a socially practical solution. Besides, the quickest method is to have the data and algorithms together.

Leave a Reply