|
As higher education institutions consider moving services to the cloud to save costs and improve collaboration, significant challenges to successful large-scale adoption still exist. Institutions are unwilling to risk cloud deployment because provable technological defenses have thus far been lacking. Control over sensitive data is relinquished without the institution's knowledge, liability is shifted and data breach risks are significantly increased. Further, regulatory-sensitive data has become an increasingly attractive target. Recent history shows one major breach every few weeks, with an alarming increase in frequency. This project directly addresses this significant challenge by transitioning to practice -- through an educational campus pilot -- searchable cloud storage and collaboration tools with full in-cloud privacy, at-runtime security and no shift in liability for educators and students. The pilot provides secure cloud storage to 24,500 students and 2,500 educators. It constitutes a testbed for deploying secure protocols in a live environment via the participation of researchers and students in its operation. Extensive data dissemination for academic research purposes is an integral part of the pilot. Collected data points serve as significant knowledge repositories not only in the security community but also in the storage and cloud research communities. The project will result in the creation of a significant number of trust and security-related information technology jobs which must remain stateside to maintain the economic and political security of the United States. The project trains students and contributes to the creation of a skilled cyber-security domestic workforce available to fulfill our nation's needs. The project provides new course material and involves underrepresented groups, including at least one female PhD student.
The technical underpinnings of the work rely on new mechanisms that ensure data is strongly encrypted before leaving trusted client premises while allowing users to still securely collaborate, query, share, synchronize, search, backup etc. Contrary to conventional wisdom, the project constructs a secure design that is also truly practical, but would not have been feasible with a server-centric approach in which search operations are performed server-side on encrypted data and are computationally expensive and necessarily limited in expressiveness. Instead, the pilot is based on an efficient design in which operations are distributed to client-side logic in a scalable, efficient manner, operating orders of magnitude faster than the equivalent server code on encrypted data. To further optimize processing, the system enables clients to leverage each other's work (such as indexing) in a distributed secure manner, through cloud-mediated conduits and mechanisms. Overall, the system ensures the cloud cannot ever access user data or see user search queries. Ultimately, clients receive all cloud benefits while ensuring full regulatory compliance. Even if the cloud provider is breached, data is fully protected.
|
TTP: Medium: A Campus Pilot For A Privacy-Enabled Cloud Storage, Search, and Collaboration Portal for Education