Interesting People mailing list archives
re Homomorphic encryption cannot redeem SaaS
From: Dave Farber <dave () farber net>
Date: Wed, 14 Jul 2010 12:40:49 -0400
Begin forwarded message:
From: "David P. Reed" <dpreed () reed com> Date: July 14, 2010 12:03:35 PM EDT To: krulwich () yahoo com Cc: dave () farber net, ip <ip () v2 listbox com> Subject: Re: [IP] re Homomorphic encryption cannot redeem SaaS
Bruce - my comments were about homomorphic cryptography as a "solution" to *processing* "in the cloud", aka "Software as a Service". You are arguing against an argument that I did not make. The structure of your argument is that "storage as a service" is not very dangerous. I agree that crypto, where I keep the key to myself, provides a good safety solution for "storage as a service". But that *isn't* "software as a service" or a "thin client", which Stallman's point was about. Similarly, "sharing as a service" - putting pictures up for others to access, or using Dropbox - is, by definition, pretty public. If you limit the service to "public sharing" (everyone on the planet gets access), then the only risk is the same one as "storage as a service" - denial of service by the provider. Regarding "auditing of the provider" - why yes, I personally think that is a good pragmatic solution. Here I may differ from Stallman a bit, because I do think it can be a good thing to contract out services to others, rather than owning an entire data center in my home. I trust other humans, if I have substantial recourse against them. But coming back to my point, and this is CRUCIAL, homomorphic encryption does not "fix the cloud". Auditing and accountability is probably better. Caveat emptor, and don't believe the cryptographers' claims of "perfect security" anymore than you believe Obama when he says Deep Ocean Drilling is very safe because BP is a very tech savvy company and has a high stock price. On 07/14/2010 03:28 AM, Krulwich wrote:Dave, First, it depends on what the application is. Cloud-based file storage, photo/video storage, and contact and calendar synchronization are all cloud-based applications that can work in this way because the cloud service does not need to do much processing. The bigger point, however, is that this lack of "trustability" is in practice true in almost every sphere. Anyone who installs applications on their cellphones is almost surely trusting even more to applications that cannot be proven not to compromise data. Virtually noone limits the rights granted to applications before clicking "OK." At least with cloud services most often the companies are better known and have some sort of auditing process in place, which doesn't exist for mobile apps. There is work underway to add OS-level security to mobile platforms, but it's a long way off. Anyone who trusts mobile apps has no reason to question cloud services. --Bruce --- On Tue, 7/13/10, Dave Farber <dave () farber net> wrote: From: Dave Farber <dave () farber net> Subject: [IP] re Homomorphic encryption cannot redeem SaaS To: "ip" <ip () v2 listbox com> Date: Tuesday, July 13, 2010, 5:23 AM Begin forwarded message:From: "David P. Reed" <dpreed () reed com> Date: July 12, 2010 1:49:53 PM EDT To: dave () farber net Cc: ip <ip () v2 listbox com> Subject: Re: [IP] Homomorphic encryption cannot redeem SaaSRichard makes a very good point, and his meta-point about words that are vague leading to poor quality discussion is also very good. Let me clarify the distinction that Richard is making by a simple example. Let's suppose I want to run a program really fast. I have the source code of the program in my hands, and I have the data in my hands. I don't want to share the data with anyone, and I want the "right" answer, just faster than I can get on my personal resources. So I decide to use a virtual resource out in the Internet - which I rent by the minute. (Amazon EC2?) Homomorphic encryption suggests that I can take the source code P and "compile" it into a program Ph that is specially organized so that it works on data in encrypted form, never revealing the actual values in the data during the computation. So what I do is load Ph into the Amazon EC2 system, then take the data D and encrypt it to create Enc(D), which I send to be processed by Ph. The result Ph(Enc(D)) is then sent back to me, whereupon I decrypt it getting Dec(Ph(Enc(D))), which is the same thing as P(D), if homomorphic cryptographic computation is demonstrated to work. Here's what I think is Richard's objection, though. If P (the program) is offered as "Software as a Service", then I don't know what the program does or how it works. I gain no more control or knowledge of that program by running a version Ph that works on encrypted data. In fact, because I cannot understand anything about P by looking at Ph, the only thing I can check about the service P provides is by checking certain things by testing known inputs and outputs. This means that I cannot prove that P doesn't (for example) save my data and share it with a bad guy (whether that bad guy is a competitor, the government, or a crook). Merely validating a few sample test cases or even verifying that the result is a "valid" result is not sufficient to bound the sort of "evil" that can be carried out "in the cloud". So homomorphic encryption doesn't help very much with "cloud services" and any claims to the contrary are very likely snake oil. However, a more limited claim - one that says that one can virtualize one's OWN program, to which one has the complete source code and the ability to compile and modify it to be run on a "homomorphic cryptographic" engine - that LIMITED claim has some significant potential value. But it may not have such value - because the execution unit executing Ph (the encrypted version of the code) may, by watching Ph interact with the data Enc(D), be able to learn enough about the computation to significantly harm the user, despite the two transformations - the one on the code and the Enc operation. We DON'T know. This is good research, I am sure. But it is NOT a good reason to believe that SaaS doesn't have important risks. Ameliorating those risks (IMO) probably requires that the operator of a virtualized service be held accountable for liability to his/her users. This cannot be accomplished by pure crypto in itself. On 07/12/2010 12:22 PM, David Farber wrote:Begin forwarded message: From: Richard Stallman <rms () gnu org> Date: July 12, 2010 8:36:58 AM EDT To: David Farber <dave () farber net> Subject: Homomorphic encryption cannot redeem SaaS Reply-To: rms () gnu org Would you like to forward this to your list? The goal is to create practical implementations of an idea that only recently has been shown to be possible in theory. That a computation could be performed over data that remains in encrypted form throughout the entire computation. In effect, the computer would execute a program without ever being able to discern any of the computed values. The possible applications of this are far reaching. For example, you could let a cloud facility do all of your computing work without any possibility that any of your private information would be divulged. " The term "cloud computing" is so vague it only means "using the internet somehow". There are many ways to use the internet and they raise different issues. If a server is doing "your computing work", that means it is Software as a Service. SaaS with homomorphic encryption would giving the server operator unlimited access to your data, but that doesn't eliminate the fundamental problem of SaaS. SaaS is always bad for you because it means you lose control of your computing. It is just like running a proprietary program. For more explanation, see http://gnu.org/philosophy/who-does-that-server-really-serve.html. For server activities that are not SaaS, where the control of your data is the main issue, homorphic encryption could be a good solution. I've concluded that the term "cloud computing" is vague to the point of impeding clear thinking, so I never use it. See http://www.gnu.org/philosophy/words-to-avoid.html for explanation. ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.comArchives
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- re Homomorphic encryption cannot redeem SaaS Dave Farber (Jul 12)
- <Possible follow-ups>
- re Homomorphic encryption cannot redeem SaaS Dave Farber (Jul 14)