Program Summary
Cloud computing provides computing capabilities as a service rather than a product. Advantages to this include reduced costs and maintenance, and increased flexibility, availability and scalability. Cloud computing, however, also presents some potentially significant security issues. In particular, vulnerabilities could include compromise of data security and loss of key information. Any computer or web-friendly device connected to the Internet could gain unauthorized access to pools of computing power, applications, or files – compromising information security in cloud-computing environments.
DARPA’s Programming Computation on Encrypted Data (PROCEED) program is a research effort that seeks to develop methods that allow computing with encrypted data without first decrypting it, making it more difficult for malware programmers to write viruses.
One strategy, fully homomorphic encryption (FHE) seeks to address this issue by requiring a client to encrypt data before sending it to the cloud. This client would then provide the cloud with executable code to allow it to work on that data without decrypting it. Results are returned to the client still encrypted. Since only the client controls the decryption key, no one else is able to decrypt either data or results, ensuring the security of that information. Research has shown that while computation on encrypted data is theoretically possible, that computation slows by nearly 10 orders of magnitude, making it infeasible. A related research area is secure multiparty computation (SMC), in which multiple entities can jointly perform computations while maintaining the privacy of each entity’s data. As with FHE, SMC protocols incur significant overhead, typically at least two orders of magnitude.
The PROCEED program seeks to make computation on encrypted data practical. It plans to support research in mathematical foundations of FHE, secure multiparty computation, optimized hardware and software implementation, and programming languages, algorithms and data types. If successful, PROCEED could fundamentally change how computations are made in untrusted environments. Potential implications for security of cloud-computing architectures are significant.