How can we protect our information in the era of cloud computing?

January 26, 2015, University of Cambridge
Credit: g4ll4is

Private information would be much more secure if individuals moved away from cloud-based storage towards peer-to-peer systems, where data is stored in a variety of ways and across a variety of sites, argues a University of Cambridge researcher.

In an article published in the Proceedings of the Royal Society A, Professor Jon Crowcroft argues that by parcelling and spreading data across multiple sites, and weaving it together like a tapestry, not only would our be safer, it would be quicker to access, and could potentially be stored at lower overall cost.

The internet is a vast, decentralised communications system, with minimal administrative or governmental oversight. However, we increasingly access our information through cloud-based services, such as Google Drive, iCloud and Dropbox, which are very large centralised storage and processing systems. Cloud-based services offer convenience to the user, as their data can be accessed from anywhere with an internet connection, but their centralised nature can make them vulnerable to attack, such as when personal photos of mostly young and female celebrities were leaked last summer after their iCloud accounts were hacked.

Storing information on the cloud makes it easily accessible to users, while removing the burden of managing it; and the cloud's highly centralised nature keeps costs low for the companies providing the storage. However, centralised systems can lack resilience, meaning that service can be lost when any one part of the network access path fails.

Centralised systems also give a specific point to attack for those who may want to access them illegally. Even if data is copied many times, if all the copies have the same flaw, they are all vulnerable. Just as a small gene pool places a population at risk from a change in the environment, such as a disease, the lack of variety in centralised storage systems places information at greater risk of theft.

The alternative is a decentralised system, also known as a peer-to-peer system, where resources from many potential locations in the network are mixed, rather than putting all one's eggs in one basket.

The strength of a peer-to-peer system is that its value grows as the number of users increases: all producers are also potential consumers, so each added node gives the new producer as many customers as are already on the network.

"Since all the members of a peer-to-peer network are giving as well as consuming resources, it quickly overtakes a centralised network in terms of its strength," said Crowcroft, of the University's Computer Laboratory.

The higher reliability and performance of fibre to the home, the availability of 4G networks, and IPv6 (Internet Protocol version 6) are all helping to make decentralised networks viable. In practice, a user would carry most of the data they need to access immediately with them on their mobile device, with their home computer acting as the 'master' point of contact.

"Essentially, data is encoded redundantly, but rather than making many copies, we weave a tapestry using the bits that represent data, so that threads making up particular pieces of information are repeated but meshed together with threads making up different pieces of information," said Crowcroft. "Then to dis-entangle a particular piece of information, we need to unpick several threads."

Varying the ways that our information is stored or distributed is normally done to protect against faults in the network, but it can also improve the privacy of our data. In a decentralised system where data is partitioned across several sites, any attacker attempting to access that data has a much more complex target – the attacker has to know where all bits of the information are, as opposed to using brute force at one point to access everything. "The more diversity we use in a peer-to-peer system, the closer we get to an ideal in terms of resilience and privacy," said Crowcroft.

A peer-to-peer system could also be built at a lower overall cost than a centralised system, argues Crowcroft, since no 'cache' is needed in order to store near the user. To the end user, costs could be as low as a pound per month, or even free, much lower than monthly internet access costs or mobile tariffs.

"We haven't seen massive take-up of decentralised networks yet, but perhaps that's just premature," said Crowcroft. "We've only had these massive centralised systems for about a decade, and like many other utilities, the internet will most likely move away from centralisation and towards decentralisation over time, especially as developments in technology make these systems attractive for customers."

Explore further: The cloud within us

More information: "On the duality of resilience and privacy." DOI: 10.1098/rspa.2014.0862 . Published 21 January 2015

Related Stories

The cloud within us

March 27, 2013

The first tentative steps towards a peer-to-peer approach to cloud computing that enables users and removes the risks and costs of relying on industry giants to offer services are being taken by an international team of researchers.

In light of celebrity hacks, how to protect data (Update)

September 2, 2014

The circulation of nude photographs stolen from celebrities' online accounts has thrown a spotlight on the security of cloud computing, a system used by a growing number of Americans to store personal information over the ...

3Qs: Password and cloud security

September 8, 2014

The recent news that hackers accessed celebrities' cloud accounts and released their intimate photos online has prompted many to question the security of sensitive data stored on people's own smartphones and in the cloud. ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

3 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

luke_w_bradley
3 / 5 (1) Jan 26, 2015
P2P Cloud, with redundant distribution of encrypted data would be a great project to take on. Especially as a platform, with things like apps and aggregated statistics from users from the apps - the sort of stuff stored in the cloud already. Just the math of making it solid, private, and feasible would really be interesting.
Doug_Huffman
4 / 5 (1) Jan 26, 2015
LOL A secret shared is a secret bared - even with another pseudonymous server passing as cloud.
rp142
not rated yet Jan 26, 2015
Anyone storing data the cloud storage systems mentioned in the article (or the crap from M$) should assume that it can be compromised. Storing sensitive personal information or confidential data in simple cloud services is insane. They are designed for ease of access, and somewhat open access, not security.

If you want to use them more security, encrypt everything you upload and accept that increasing security will cost some ease of use. Compromised login details now only get access to encrypted files. There are some applications around to do this now.

The limiting factor will always be the human component of the system. There will always be idiots with easily guessed passwords or are stupid enough to hand over login details to anyone random person that sends then an email...

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.