How can computers ensure more security and safety of confidential information?
Answers
Answer:
To ensure data confidentiality, the most straightforward method is to encrypt all the sensitive data for storage, processing, and transmission. While data encryption provides a satisfying level of security protection, there are several subtle and challenging issues to be addressed
Answer:
Data confidentiality is a basic security service for data protection. In cloud computing, providing such a service is of great importance because of the following characteristics of cloud computing, which will increase the risk of data breach: remote data storage, lack of network perimeter, third-party cloud service providers, multitenancy, and massive sharing of infrastructure. In addition, because cloud computing, by its very nature, integrates many existing and new techniques, it will inevitably introduce new security risks due to both system design flaws and its implementation flaws. The challenges in providing satisfying security assurance in terms of data confidentiality exist in the following folds: data security versus usability, system scalability, and dynamics. To ensure data confidentiality, the most straightforward method is to encrypt all the sensitive data for storage, processing, and transmission. While data encryption provides a satisfying level of security protection, there are several subtle and challenging issues to be addressed, which we can list as follows:
–
How to efficiently distribute data decryption keys to authorized cloud users?
–
How to efficiently deal with user dynamics, in particular user revocation?
–
How to efficiently handle data dynamics in terms of data modification?
–
How to guarantee accountability of users?
–
How to enable computation over encrypted data?
The first three questions are related to the issue of key management. In particular, efficient key distribution is always a sophisticated issue in large-scale application scenarios. Because cloud computing provides elastic and scalable computing resources to potentially large-scale applications, it is very likely that there will be a large volume of data and a large number of users presented in the system. It is a challenge to efficiently and securely distribute the key(s) to authorized users when the users enter the system as it usually requires the data owner to stay online providing the key distribution service. User revocation is another prohibiting issue as it is in traditional cryptography. In many cases, user revocation will involve broadcasting the updated secrets/keys to all the users in the system and/or re-encryption of existing data stored in the cloud. Similarly, data dynamics would also involve data re-encryption and/or re-distribution of decryption key(s), which would represent a huge computation and communication overhead in the system. In large-scale systems, an ideal solution is to make data encryption operation independent from, or having minimal impact on, the process of key distribution in the sense that any modification/re-encryption of data will not introduce a(n) update/re-distribution of the decryption key. For this purpose, special attention should be paid to the system design as well as the choice of the underlying cryptographic primitive(s). Such an issue is particularly related to cryptography-based data access control. In Section 15.2.7, we will present detailed discussion on the issue as well as the related solutions.
For encryption-based solutions, data access privilege is granted by possession of the corresponding decryption key(s). This opens up the door for authorized but malicious users to abuse their access privilege by re-distributing data decryption keys to unauthorized users. To prevent such key abuse from happening, one way is to secure the data decryption key with tamper-resistant hardware on the user's side, so that the potentially malicious user is not able to access the key while enabling her/him to decrypt data. Tamper-resistant devices are usually designed in such a way that, when interfered with, they will zeroise the sensitive data, e.g., the decryption key, or the chip just fractures. In this way, the malicious user is able to abuse the key by sharing the physical device with others, which greatly limit the ability of attackers. Nevertheless, as the malicious attacker physically possesses the device, it is possible to launch clever attacks that can bypass the protection mechanism inside the device, e.g., chosen message attacks, and fingerprinting attacks [8]. Alternatively, people can use reactive techniques instead of proactive techniques for addressing the issue of key abuse. More specifically, one can take action on any detected event of key abuse (the detection process can be various, be it technical or non-technical). A well-accepted solution for reactively thwarting key abuse is to go through a process of data forensics and enable the authority to identify the key abuser and generate the corresponding evidence on detected key abuse. In a broadcast encryption [9–11], such techniques are usually called traitor tracing [12–16]. The main issue with this technique is its efficiency and scalability.