Microsoft, universities claim optimised security techniques for cloud storage
A group of researchers from Microsoft, the University of California and Brown University have recently published details on novel techniques designed to enhance the security of cloud-based storage platforms using algorithms designed to obfuscate data sequences.
“Of course, users can encrypt data they outsource to the cloud, but this alone is not sufﬁcient to achieve privacy protection, because the data access patterns that users exhibit can reveal information about the content of their data,” the researchers claim.
The team of researchers are delving into what is known as oblivious storage, which uses unique algorithms to model how data is stored on an outsourced platform. In a recently published paper called “The Melbourne Shufﬂe: Improving Oblivious Storage in the Cloud” the team detail improvements to a method that uses these algorithms to hide data access patterns for cloud-based network data management solutions.
These typically work by obfuscating a sequence of data accesses intended by a client by simulating it with the one that appears indistinguishable from a random sequence of data accesses.
The “inner-loop” computation required here “moves a set of items to random locations in fashion that disallows the server to correlate the previous locations of items with their new locations. This inner-loop process requires putting items in new locations that are independent of their old locations while hiding the correlations between the two.”
In a nutshell, it’s a method to obfuscate and scatter data when it is stored without actually revealing the content of that data to the server (or operator) in the process, a method that makes it less susceptible to interceptors that could make sense of the data. The team also claim to have optimised memory usage for cloud contexts, given many providers charge for memory usage and IOPS.
It’s not intended as a replacement for traditional security techniques used to establish an enterprise perimeter, but if implemented it could give extra assurances to those storing files or objects on cloud platforms.