Towards Client -Side Encryption and Secure Computation in Cloud Computing Robert Deng

The current landscape of data breaches in the cloud involves huge costs to organizations

The landscape of data breaches in the cloud is increasingly complex and costly, as organizations face growing challenges in securing their cloud environments. Cloud computing, while indispensable for modern business operations, has also become a significant target for cyberattacks due to the large amount of sensitive data stored online. Currently, over 90% of organizations rely on cloud services for critical operations, and there are over 3.6 billion actively cloud users globally. This translates to 47% of the world’s population utilizing cloud services, underscoring the widespread dependency on the cloud.

Unfortunately, this reliance on cloud computing comes with heightened risks. Data breaches are escalating in both frequency and severity. According to the 2024 Thales Cloud Security Study, 44% of businesses reported experiencing a breach in their cloud environments, and 14% of them reported suffering breaches within the past 12 months alone. As organizations migrate more sensitive data to the cloud - nearly half of all cloud-stored data is classified as sensitive - the attack surface for cybercriminals expands. This makes breaches not only more common but also more damaging, as the loss of sensitive information can have far-reaching consequences, including significant financial and reputational harm. IBM’s 2024 Cost of a Data Breach Report revealed that the global average cost of a data breach climbed to USD 4.88 million, up from USD 4.45 million in 2023. This 10% increase marks the largest cost jump since the COVID-19 pandemic, largely due to lost business, operational disruptions, and more stringent post-breach requirements. Companies must now invest more in customer retention efforts, regulatory compliance, and operational recovery after a breach, further exacerbating the financial strain. In addition, rising cyber insurance premiums and legal fees related to data breaches are becoming more significant burdens, as organizations grapple with the complexities of securing data in increasingly hybrid and multi-cloud environments.

The root causes of data breaches

User authentication and access control are among the most critical mechanisms to deter data breaches. User authentication, the first line of defence, is the process of verifying the identity of users trying to access cloud resources.  However, user authentication is widely regarded as the weakest link in the chain of security. In fact, according to the Verizon Data Breach Report, 81% of hacking-related breaches leveraged either stolen or weak passwords. Though user authentication has evolved a lot in recent years, so are the attacks to compromise user authentication. It is still a difficult act to balance security, cost, and usability

Access control, as the next line of defence, is the process of regulating who can view, use, or interact with cloud resources such as data, applications, or services. Effective access control ensures that only authorized users or devices have the appropriate permissions to access certain resources, thereby minimizing security risks and preventing unauthorized access or misuse of cloud assets. In today’s cloud computing environments, cloud servers are fully responsible to correctly enforce access control policies. As a result, misconfigurations of the server due to human error or software bugs or compromise of the servers due to malicious attacks can result in serious breaches. In fact, the NSA considers cloud misconfiguration a leading vulnerability in a cloud environment.

Our research contributions to protecting data security and privacy in the cloud

Client-side encryption refers to the practice of encrypting data and decrypting data on end users’ devices before uploading it to and downloading it from the cloud. This approach ensures that data is encrypted during transit and storage, making data inaccessible to anyone without the decryption keys, including service providers and other potential attackers. As long as the decryption keys are kept secure by end users, security and privacy of data can be ensured even if both user’s cloud account and the cloud server are compromised.

Existing client-side encryption solutions in cloud computing can be either symmetric key encryption based or public key encryption based. Google Workspace Client-Side encryption solution employs an on-line key distribution server for key distribution between authorized users for the purpose of data encryption and sharing. However, the on-line key distribution server can be both a security and performance bottleneck. MEGA is another client-side encryption service which uses public key encryption and hence does not require an on-line key distribution server but requires sophisticated public key certificate management and the number of public key encryptions is in proportional to the number of potential data users to share a document.

Attribute-based encryption (ABE) is a new type of one-to-many public key encryption technique that allows users to encrypt and decrypt data based on an access policy expressed in terms of user attributes. Suppose that a hospital wants to outsource the storage of its patients’ electronic medical records (EMRs) to the cloud and wants to establish specific access policies on who can access the EMRs. Before outsourcing an EMR, the hospital may specify that the EMR can only be accessed by cardiologists in the University Hospital or by scientists in the Life Science Institute. Let CT denotes the encrypted EMR and AP = (Cardiologist AND University Hospital) OR (Scientist AND Life Science Institute) be the access policy. CT and AP are cryptographically bound together and are uploaded to the cloud for storage. Then only users whose attributes satisfy AP can decrypt CT to get the plaintext EMR. ABE is a scalable encryption system because its access policy does not need to list each and every authorized users who can access the data, but just the attributes of the potential users. Access control (i. e., decryption) of encrypted data in ABE is not enforced by the cloud server but enforced by mathematics through the encryption and decryption algorithms which are theoretically proved secure.

One of the main efficiency drawbacks of the existing ABE system is that decryption is expensive for resource-limited devices due to pairing operations, and the number of pairing operations required to decrypt a ciphertext grows with the complexity of the access policy. AXA Chair Professor of Cybersecurity Robert Deng and his team proposed ABE-VOD [1] which improves decryption efficiency at end users by two orders of magnitude by outsourcing most of the decryption workload to a public cloud server. Another critical problem in ABE deployment is user revocation. Whenever a user leaves the system, changes her position, or loses her existing ABE private key, the key must be revoked to prevent unauthorized access to sensitive data. Incorporating efficient user revocation method in an ABE system, called revocable ABE, has been an active research topic in the past decade. Almost all the existing revocable ABE systems incorporate a timestamp in the encryption algorithm such that revoked users cannot decrypt ciphertexts generated in future time intervals. To prevent revoked users from decrypting past ciphertexts, the storage server needs to periodically update the timestamp for all past ciphertexts. As the number of ciphertexts could be huge in a storage system, ciphertext updating could pose a huge computation overhead to the server. Motivated by the popularity of commodity Trusted Execution Environment (TEE) technologies, Professor Deng and his colleagues proposed hardware-based revocable ABE (HR-ABE) to eliminate ciphertext update and prevent collusion attacks between the storage server and revoked users [2].

Scalable access control of encrypted data is an essential requirement in cloud data security and privacy, but it only addresses part of the larger challenge. In addition to controlling access, encrypted data must also be amenable to computation and analysis. Ideally, servers should be able to perform meaningful operations on encrypted data without ever decrypting it, preserving privacy at every step. This is where fully homomorphic encryption (FHE) comes in. FHE is a cutting-edge encryption technique that enables mathematical operations, specifically, addition and multiplication, to be executed on encrypted data directly by a server, without the need for decryption. As a result, the data remains fully encrypted throughout the computational process, ensuring that even the server performing the computation cannot access the underlying sensitive information. This feature makes FHE particularly valuable in cloud computing scenarios involving client-side encryption. When users outsource both data storage and computational tasks to the cloud, FHE allows them to maintain full control over their privacy.

However, despite its potential, the current state-of-the-art FHE systems are impractical for large-scale computations due to a technical limitation known as "noise" accumulation in ciphertexts. As computations progress, the noise grows in cyphertexts, threatening the integrity of the results. To mitigate this, frequent "bootstrapping" operations are required to reduce the noise. Unfortunately, bootstrapping is computationally expensive, significantly slowing down the overall process and making FHE difficult to deploy for extensive computations, particularly in real-time applications or large datasets.

To address this challenge, Professor Deng and his co-authors introduced a novel twin-server framework for Secure Outsourced Computation over Integers (SOCI) [3, 4], which offers a groundbreaking approach to secure computing over encrypted data. This framework allows an unlimited number of arithmetic operations to be performed on ciphertexts without the need for bootstrapping, thereby eliminating the major bottleneck that limits current FHE implementations. By doing so, SOCI achieves superior performance across various secure computing tasks, for example privacy-preserving person re-identification [5].

Client-side encryption is effective in data security and privacy protection in cloud data storage. However, beyond secure storage, in order for encrypted data be useful, there is still a long way to go towards practical secure computation over encrypted data. We still face significant scalability and performance hurdles.  Research continues to explore ways to bridge this gap, making scalable, privacy-preserving computation more efficient and accessible for large-scale applications.

References

[1]   Junzuo Lai, Robert H. Deng, Chaowen Guan and Jian Weng, “Attributed-based encryption with verifiable outsourced decryption”, IEEE Transactions on Information Forensics and Security, Vol. 8, No. 8, pp. 1343-1354, August 2013.

[2]   Xiaoguo Li, Guomin Yang, Tao Xiang, Bowen Zhao, HweeHwa Pang, Robert H. Deng, “Make revocation cheaper: hardware-based revocable attribute-based encryption”, Proceedings of IEEE Symposium on Security and Privacy (S&P 2024) pp. 3109-3127, 20-22 May 2024, San Francisco, USA.

[3]   Bowen Zhao, Jiaming Yuan, Ximeng Liu, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng, “SOCI: A Toolkit for Secure Outsourced Computation on Integers”, IEEE Transactions on Information Forensics and Security, Vol. 17, pp. 3637-3648, 2022.

[4]   Bowen Zhao, Weiquan Deng, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Robert H. Deng, “SOCI+: An enhanced toolkit for secure outsourced computation on integers”, IEEE Transactions on Information Forensics Security. 19, pp. 5607-5619, 2024.

[5]         Bowen Zhao, Yingjiu Li, Ximeng Liu, Hwee Hwa Pang, Robert H. Deng, “FREED: An efficient privacy-preserving solution for person re-identification”, Proceedings of the IEEE Conference on Dependable and Secure Computing (IEEE DSC 2022), pp. 1-8, 22-24 June 2022, Edinburgh, UK, Best Paper Award

September 2024