Comment by gohrt
12 years ago
I hope that this finally convinces everyone that it doesn't matter whether Google is "Evil" or Yahoo is more evil or whatever. What matters is that large cloud systems are fundamentally incapable of protecting data.
Even the most goodhearted and the most talented teams can't reliably defend against a massively funded adversary.
Secrets are for keeping, not sharing.
> What matters is that large cloud systems are fundamentally incapable of protecting data.
I don't believe that's true.
1. Google (and others?) is already aggressively increasing the amount of encryption it does on traffic between its datacenters. So they have been addressing this problem before it was even brought to light.
2. We easily have the encryption abilities to do many more things than we do with secure cloud data; we'd just have to pay more for it. For instance, I can encrypt everything the minute it leaves my laptop, store it in the cloud, and not decrypt until it hits my laptop again. Nobody but me ever gets the secret key (heck, it could be a one-time-pad and thus unbreakable). If I trust the cloud computers themselves, then I can store different secret keys on each and use strong public-key encryption to protect all traffic between different machines in the cloud, and between my machine. Breaking the system requires compromising a machine, and even then you only get the key for that machine.
3. In theory, fully homomorphic encryption could allow the best of both worlds above. I completely encrypt my data on my machine --- nobody else has the key --- then send it into the cloud where cloud companies can do operations for me like searching, sorting, filtering, etc, all without ever decrypting the data or learning what it is. They send me back the results (securely), then I decrypt. Of course, right now this would be massively slow and expensive, but progress is being made.
Naturally all of the above are subject to the "5-dollar wrench" rule or the "secret court/FISA/warrants" rule. You cannot protect your data from the people making a law that says "give up your data". But it is technologically possible and even feasible to secure data from the NSA's snooping. The tradeoff is cost and time.
If you would use one-time-pad before storing to the cloud you'd either need to store the very same pad on the cloud, then effectively not needing encryption, or you wouldn't need the cloud, as the amount of the encrypted data would match the amount of the pad data one to one.
And homomorphic encryption is still far from being practical.
Sure, one would more realistically use any standard encryption scheme. Agreed on homomorphic encryption as mentioned in my previous comment. But "impractical" is a far cry from "fundamentally impossible".
4 replies →
>In theory, fully homomorphic encryption could allow the best of both worlds above. I completely encrypt my data on my machine --- nobody else has the key --- then send it into the cloud where cloud companies can do operations for me like searching, sorting, filtering, etc, all without ever decrypting the data or learning what it is.
Can you explain this to me? I don't understand how you can search encrypted data.
It's mind-boggling, but possible. Here's the wikipedia link: http://en.wikipedia.org/wiki/Homomorphic_encryption
The idea is this: I encrypt my data and give it to the cloud. I also encrypt the algorithm I want the cloud to use. In this case, it could be a search algorithm with the search query hardcoded. Right now, it would have to be encoded as a circuit and then encrpyted from there into a different circuit.
The cloud runs my encrypted data through this "transformed" circuit, yielding some encrypted output. The cloud tells me the output. I then decrypt it with my original key.
It's crazy that this works (longstanding open problem solved in 2005 or 06 I think). The name "homomorphic" comes from functions f, like homomorphisms, in which "order doesn't matter":
Hope that makes some sense.
1 reply →
You don't need full homomorphic encryption to do encrypted search, look up PKES systems, there's tons of papers on it now (http://crypto.stanford.edu/~dabo/abstracts/encsearch.html). It's possible to encrypted keyword search with trapdoor functions in such a way that the server can't learn anything about what you're searching on, nor what is stored.
2 replies →
Well, I don't think it's that easy.
If the NSA wanted your data, they could get into your network probably easier than they could get into Google's networks. Companies like Google have way smarter people (and working full time) securing data than most businesses.
For us to secure our networks as much as someone like Google would, we'd have to have a team of the best hackers around.
And by definition, the best hackers around are scarce. They're already working for Google, etc, and X Y Z security company.
Google may have better security, but they're also a much, much larger target. Wiretapping Google gives you access to the private data of Google's millions and millions of users, whereas gaining access to my network gets you access to… me. As long as there's a non-trivial fixed cost to attacking a host or a network, there's an advantage to hosting your own data.
While it's possible that the NSA has a system to automatically detect and wiretap hosts and private networks connected to the internet, it seems unlikely to not have been detected so far. I've taken to assuming that every packet send and received from my servers is being monitored, but that, barring specific interest in me by the NSA, the servers themselves are reasonably private.
Not exactly. Think of this analogy: the NSA built an enormously expensive sieve net to fish the entire Pacific Ocean (Google). While the Pacific may be deeper and wider than your innocuous little lagoon, that lagoon probably hasn't attracted the attention of the NSA. If you think the attention of the NSA is going to be a problem for your dealings, hiring very expensive security talent is necessary to your business plan.
Sure, but in that cat and mouse game between Google and the NSA, Google might actually have a chance. From what tptacek has said above about the kind of stuff Google's been doing (SSL with EC and perfect forward secrecy, etc), they're actually able to make it difficult for the NSA.
Plus, in the world of "I can sift through terabytes of data in seconds" even a little lagoon isn't too little.
You'd think that but that's not actually true. Google's infrastructure is way too big to be completely secure. There are several ways to penetrate Google's network.
I know some of the people in the security team and they are pretty good, but arrogance will be their undoing.
Google has an internal team called the Orange Team that performs security audits and, so far, they have always been successful in penetrating Google's network. If they can, what makes you think the NSA hasn't done that already?
.. and then google gets a letter with a request from the government, opens its data-centers and lies to its customers. It's not that easy your way, either..
"They're already working for Google, etc, and X Y Z security company."
And the NSA, apparently.