On the (Im)Practicality of Securing Untrusted Computing Clouds with Cryptography

In a recent interview, Whitfield Diffie argued that “the whole point of cloud computing is economy” and while it is possible in principle for “computation to be done on encrypted data, [...] current techniques would more than undo the economy gained by the outsourcing and show little sign of becoming practical”. In this paper we aim to understand whether this is truly the case and quantify just how expensive it is to secure data processing in untrusted, potentially curious clouds. We start by looking at the economics of computing in general and clouds in particular. Specifically, we derive the end-to-end cost of a CPU cycle in various environments and show that its cost lies between 0.58 picocents in efficient clouds and 26.02 picocents for small business deployment scenarios (1 picocent = $1 × 10), values validated against current cloud pricing. We then evaluate the cost of networking and show that, in order to offset the costs of networking, cloud computing makes economical sense only for compute intensive applications requiring at least 3800 compute cycles per each 32 bits of transferred input. Finally, we explore the cost of common cryptography primitives as well as the viability of their deployment for cloud security purposes. We conclude that Diffie was correct. Securing outsourced data and computation against untrusted clouds is indeed costlier than the associated savings, with outsourcing mechanisms up to 5+ orders of magnitudes costlier than their non-outsourced locally run alternatives. This is simply because today’s cryptography does not allow for efficient oblivious processing of complex enough functions on encrypted data. And outsourcing simple operations – such as existing research in querying encrypted data, keyword searches, selections, projections, and simple aggregates – is simply not profitable (too few compute cycles / input word to offset the client’s distance from the cloud). Thus, while traditional security mechanisms allow the elegant handling of inter-client and outside adversaries, today it is still too costly to secure against cloud insiders with cryptography.