Nomad: a framework for ensuring data confidentiality in mission-critical cloud-based applications

Autor: Megan Kline, Mamadou H. Diallo, Henry Au, Scott M. Slayback, Michael August, Roger A. Hallman
Rok vydání: 2017
Předmět:
Zdroj: Data Security in Cloud Computing ISBN: 9781785612206
DOI: 10.1049/pbse007e_ch2
Popis: Due to their low cost and simplicity of use, public cloud services are gaining popularity among both public and private sector organisations. However, there are many threats to the cloud, including data breaches, data loss, account hijacking, denial of service, and malicious insiders. One of the solutions for addressing these threats is the use of secure computing techniques such as homomorphic encryption and secure multiparty computation, which allow for processing of encrypted data stored in untrusted cloud environments without ever having the decryption key. The performance of these techniques is a limiting factor in the adoption of cloud-based applications. Both public and private sector organisations with strong requirements for data security and privacy are reluctant to push their data to the cloud. In particular, mission-critical defense applications used by governments do not tolerate any leakage of sensitive data. In this chapter, we present Nomad, a framework for developing mission-critical cloud-based applications. The framework is comprised of: (1) a homomorphic encryption-based service for processing encrypted data directly within the untrusted cloud infrastructure, and (2) a client service for encrypting and decrypting data within the trusted environment, and storing and retrieving these data to and from the cloud. In order to accelerate the expensive homomorphic encryption operations, we equipped both services with a Graphics Processing Unit (GPU)-based parallelisation mechanism. To evaluate the Nomad framework, we developed CallForFire, a Geographic Information System (GIS)-based mission-critical defense application that can be deployed in the cloud. CallForFire enables secure computation of enemy target locations and selection of firing assets. Due to the nature of the mission, this application requires guaranteed security. The experimental results show that the performance of homomorphic encryption can be enhanced by using a GPU-based acceleration mechanism. In addition, the performance of the CallForFire application demonstrates the feasibility of using the Nomad framework to develop mission-critical cloud-based applications.
Databáze: OpenAIRE