Friday, March 18, 2011

Cryptography and Security in Clouds II (Zurich March 15-16 2011)

One of the highlights of the last week in Zurich was undoubtedly Rado Sion's (http://www.cs.sunysb.edu/~sion/) talk on the economics of cloud computing in relation to security. Measuring the cost of outsourcing in the cloud as cost of a single CPU cycle in "picocents", that is 10^-14$ allows one to weigh up the real economic cost of outsourcing. In particular, one can ask how many additional cloud cycles can we spend on cryptography, before its outsourcing becomes too expensive? Most talks after this, had members of the audience asking this very question. In particular, novel encryption schemes such as functional encryption may be very cool but aren't going to come cheap!

In 2009 Craig Gentry's construction of the first fully homomorphic scheme (i.e a scheme which supports unlimited computation on encrypted data) was hailed as a major theoretical breakthrough due to its obvious implications for secure computation in untrusted clouds, but could such a scheme ever be economical for anyone to deploy? Much of Sion's research has focused on answering questions like these in a far more concrete fasion than many cryptographers and cloud advocates would normally dare. The conclusions make fascinating reading. For example, http://www.cs.sunysb.edu/~sion/research/sion2010wpes-pcost.pdf analyses the cost (again, in picocents) of a variety of cryptographic schemes for home users up to large size data centres such as those provided by the Amazon cloud. Figures are calculated using the ECRYPT benchmarking (http://bench.cr.yp.to/) for AES, RSA encryption and DSA, ECDSA signatures. The authors also give figures for transferring data into the cloud and storage costs. Armed with these results they analyse various scenarios of outsourcing, namely simple storage such as that offered by Amazon S3, searching on encrypted data and secure SQL queries in the cloud. Suppose a user wants to store (but not compute on) data held in the cloud. Based on their figures they predict outsourced storage can be upwards of 2 orders of magnitude higher than local storage, even in the absence of security assurances. Searching on encrypted data turns out to only be economical in the cloud if the returned result is less than 36 bytes per query (and this doesn't take into account the cost of TCP overheads) and similarly damning conclusions are drawn for SQL queries based on current schemes.

Perhaps ironically, this doesn't imply a highly computationally expensive crypto-scheme such as FHE is economically unviable. We can envisage a scenario where a home user simply didnt have the necessary computational power on her desktop, but required computation (say a simple private information retrieval) from the database. For example, doctors requiring information on patients from a health database held remotely. It may be cheaper for the corresponding health service to provide PIR to their doctors and paying for the extra overhead that comes with outsourcing than maintaining their own IT infrastructure and still have the security guarentees provided by cryptographic schemes.

We conclude that whilst looking at the cost of outsourcing purely in terms of CPU cycles renders it useless for the most part, there are scenario-specific cases where it is economical. Businesses and home users alike will have to take a serious look at whether this is the case for them and not simply be taken in by the frenzied marketing surrounding "the cloud".

No comments:

Post a Comment