re Homomorphic encryption cannot redeem SaaS

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: "David P. Reed" <dpreed () reed com>
> Date: July 14, 2010 12:03:35 PM EDT
> To: krulwich () yahoo com
> Cc: dave () farber net, ip <ip () v2 listbox com>
> Subject: Re: [IP] re Homomorphic encryption cannot redeem SaaS

> Bruce - my comments were about homomorphic cryptography as a "solution" to *processing* "in the cloud", aka "Software 
> as a Service".  You are arguing against an argument that I did not make.
>
> The structure of your argument is that "storage as a service" is not very dangerous.  I agree that crypto, where I 
> keep the key to myself, provides a good safety solution for "storage as a service".  But that *isn't* "software as a 
> service" or a "thin client", which Stallman's point was about.
>
> Similarly, "sharing as a service" - putting pictures up for others to access, or using Dropbox - is, by definition, 
> pretty public.  If you limit the service to "public sharing" (everyone on the planet gets access), then the only risk 
> is the same one as "storage as a service" - denial of service by the provider.
>
> Regarding "auditing of the provider" - why yes, I personally think that is a good pragmatic solution.  Here I may 
> differ from Stallman a bit, because I do think it can be a good thing to contract out services to others, rather than 
> owning an entire data center in my home.  I trust other humans, if I have substantial recourse against them.
>
> But coming back to my point, and this is CRUCIAL, homomorphic encryption does not "fix the cloud".  Auditing and 
> accountability is probably better.  Caveat emptor, and don't believe the cryptographers' claims of "perfect security" 
> anymore than you believe Obama when he says Deep Ocean Drilling is very safe because BP is a very tech savvy company 
> and has a high stock price.
>
> On 07/14/2010 03:28 AM, Krulwich wrote:
> > Dave,
> >  
> > First, it depends on what the application is.  Cloud-based file storage, photo/video storage, and contact and 
> > calendar synchronization are all cloud-based applications that can work in this way because the cloud service does 
> > not need to do much processing.
> >  
> > The bigger point, however, is that this lack of "trustability" is in practice true in almost every sphere.  Anyone 
> > who installs applications on their cellphones is almost surely trusting even more to applications that cannot be 
> > proven not to compromise data.  Virtually noone limits the rights granted to applications before clicking "OK."  At 
> > least with cloud services most often the companies are better known and have some sort of auditing process in place, 
> > which doesn't exist for mobile apps.  There is work underway to add OS-level security to mobile platforms, but it's 
> > a long way off.  Anyone who trusts mobile apps has no reason to question cloud services.
> >  
> > --Bruce
> >  
> >
> >
> > --- On Tue, 7/13/10, Dave Farber <dave () farber net> wrote:
> >
> > From: Dave Farber <dave () farber net>
> > Subject: [IP] re Homomorphic encryption cannot redeem SaaS
> > To: "ip" <ip () v2 listbox com>
> > Date: Tuesday, July 13, 2010, 5:23 AM
> >
> >
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: "David P. Reed" <dpreed () reed com>
> > > Date: July 12, 2010 1:49:53 PM EDT
> > > To: dave () farber net
> > > Cc: ip <ip () v2 listbox com>
> > > Subject: Re: [IP] Homomorphic encryption cannot redeem SaaS
> >
> > > Richard makes a very good point, and his meta-point about words that are vague leading to poor  quality discussion 
> > > is also very good.
> > >
> > > Let me clarify the distinction that Richard is making by a simple example.   Let's suppose I want to run a program 
> > > really fast.  I have the source code of the program in my hands, and I have the data in my hands.  I don't want to 
> > > share the data with anyone, and I want the "right" answer, just faster than I can get on my personal resources.
> > >
> > > So I decide to use a virtual resource out in the Internet - which I rent by the minute.  (Amazon EC2?)   
> > >
> > > Homomorphic encryption suggests that I can take the source code P and "compile" it into a program Ph that is 
> > > specially organized so that it works on data in encrypted form, never revealing the actual values in the data 
> > > during the computation.
> > >
> > > So what I do is load Ph into the Amazon EC2 system, then take the data D and encrypt it to create Enc(D), which I 
> > > send to be processed by Ph.   The result Ph(Enc(D)) is then sent back to me, whereupon I decrypt it getting 
> > > Dec(Ph(Enc(D))), which is the same thing as P(D), if homomorphic cryptographic computation is demonstrated to work.
> > >
> > > Here's what I think is Richard's objection, though.   If P (the program) is offered as "Software as a Service", 
> > > then I don't know what the program does or how it works.   I gain no more control or knowledge of that program by 
> > > running a version Ph that works on encrypted data.   In fact, because I cannot understand anything about P by 
> > > looking at Ph,  the only thing I can check about the service P provides is by checking certain things by testing 
> > > known inputs and outputs.
> > >
> > > This means that I cannot prove that P doesn't (for example) save my data and share it with a bad guy (whether that 
> > > bad guy is a competitor, the government, or a crook).   Merely validating a few sample test cases or even verifying 
> > > that the result is a "valid" result is not sufficient to bound the sort of "evil" that can be carried out "in the 
> > > cloud".
> > >
> > > So homomorphic encryption doesn't help very much with "cloud services" and any claims to the contrary are very 
> > > likely snake oil.
> > >
> > > However, a more limited claim - one that says that one can virtualize one's OWN program, to which one has the 
> > > complete source code and the ability to compile and modify it to be run on a "homomorphic cryptographic" engine - 
> > > that LIMITED claim has some significant potential value.
> > >
> > > But it may not have such value - because the execution unit executing Ph (the encrypted version of the code) may, 
> > > by watching Ph interact with the data Enc(D), be able to learn enough about the computation to significantly harm 
> > > the user, despite the two transformations - the one on the code and the Enc operation.
> > >
> > > We DON'T know.   This is good research, I am sure.  But it is NOT a good reason to believe that SaaS doesn't have 
> > > important risks.  Ameliorating those risks (IMO) probably requires that the operator of a virtualized service be 
> > > held accountable for liability to his/her users.  This cannot be accomplished by pure crypto in itself.
> > >
> > > On 07/12/2010 12:22 PM, David Farber wrote:
> > > > Begin forwarded message:
> > > >
> > > > From: Richard Stallman <rms () gnu org>
> > > > Date: July 12, 2010 8:36:58 AM EDT
> > > > To: David Farber <dave () farber net>
> > > > Subject: Homomorphic encryption cannot redeem SaaS
> > > > Reply-To: rms () gnu org
> > > >
> > > > Would you like to forward this to your list?
> > > >
> > > >    The goal is to create practical implementations of an idea that only
> > > >    recently has been shown to be possible in theory.  That a computation
> > > >    could be performed over data that remains in encrypted form throughout
> > > >    the entire computation.  In effect, the computer would execute a
> > > >    program without ever being able to discern any of the computed values.
> > > >    The possible applications of this are far reaching.  For example, you
> > > >    could let a cloud facility do all of your computing work without any
> > > >    possibility that any of your private information would be divulged. "
> > > >
> > > > The term "cloud computing" is so vague it only means "using the
> > > > internet somehow".  There are many ways to use the internet and they
> > > > raise different issues.
> > > >
> > > > If a server is doing "your computing work", that means it is Software
> > > > as a Service.  SaaS with homomorphic encryption would giving the
> > > > server operator unlimited access to your data, but that doesn't
> > > > eliminate the fundamental problem of SaaS.  SaaS is always bad for you
> > > > because it means you lose control of your computing.  It is just like
> > > > running a proprietary program.  For more explanation, see
> > > > http://gnu.org/philosophy/who-does-that-server-really-serve.html.
> > > >
> > > > For server activities that are not SaaS, where the control of your
> > > > data is the main issue, homorphic encryption could be a good solution.
> > > >
> > > > I've concluded that the term "cloud computing" is vague to the point
> > > > of impeding clear thinking, so I never use it.  See
> > > > http://www.gnu.org/philosophy/words-to-avoid.html for explanation.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------
> > > > Archives: https://www.listbox.com/member/archive/247/=now
> > > > RSS Feed: https://www.listbox.com/member/archive/rss/247/
> > > > Powered by Listbox: http://www.listbox.com
> > > >
> > > >   
> > Archives     



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com