Secure and Sustainable Benchmarking in Clouds - A Multi-Party Cloud Application with an Untrusted Service Provider

Cloud computing entails a novel security threat: The cloud service provider is entrusted with all of the data of all its customers and may accidentally or maliciously disclose it to third parties. While the service provider may take the necessary precautions in order to protect the confidentiality of the data from outsiders or other customers, the service provider usually inadvertently learns the data and a new trust relationship between customer and service provider is inherent to cloud computing. For some applications this trust may not be sustainable. Consider, for example, highly confidential data about a company’s operation. In order for the customer to engage and sustain cloud computing for applications operating on such data confidentiality even against the service provider is necessary. A longterm and sustainable relationship between cloud service provider and customer should be based on minimal trust assumptions and this includes the trust of the customer in the service provider. Therefore, it would be advantageous for the sustainability of cloud computing, if the service provider could ensure the customer of the confidentiality of his data. Assurance and preventive security measures are essential for confidentiality. Contracts and fines or other detective measures of protection require the ability to prove a confidentiality breach which can be difficult. The technical means to provide assurance of data confidentiality without a reference monitor or policy enforcement point is encryption. Standard publickey or symmetric encryption as commonly used to secure data communications is inapplicable to sustainable cloud computing, since it cannot be modified once encrypted. Homomorphic encryption (Damgard and Jurik 2001; Gentry 2009; Paillier 1999) allows such modifications of encrypted data. Nevertheless it is too inefficient for large-scale cloud applications. Secure Multi-Party Computation (Ben-Or et al. 1988; Cramer et al. 2001; Goldreich et al. 1987), an alternative cryptographic technique, is computationally more efficient, but requires significant communication resources. The research questions addressed in this paper are the design choices for a sustainable cloud information system based on these techniques. The designer has several options in the choice of encryption scheme, key distribution and security model as well as the application’s functions and features. He has to balance the conflicting objectives of functionality, security and performance. We will explore these design options using the case study of a confidentialitypreserving cloud application we have built. We have implemented a collaborative business application for benchmarking. Benchmarking is the comparison of key performance indicators (KPI) to their statistics within a peer group. Our cloud application computes these statistics without disclosing the KPIs of any individual company. Benchmarking is an important process for companies to stay competitive in today’s markets. It allows them to evaluate their performance against the statistics of their peers and implement targeted improvement measures. Benchmarking services have been proposed and implemented before (Bogetoft and Nielsen 2005; Crotts et al. 2006), but none implements sustainable security against the service provider. The positive impact of confidentiality protection on the willingness of companies to share data has been established in related studies (Eurich et al. 2010). We have designed, implemented and evaluated a prototype for collaborative benchmarking on encrypted data in the cloud. To the best of our knowledge this is the first cloud application that operates on encrypted data. We will use a combination of homomorphic encryption and