Cloud data does the shuffle

A computer algorithm called the Melbourne Shuffle could keep data secure in the cloud.
By Gregory Hale, ISSSource August 1, 2014

A computer algorithm called the Melbourne Shuffle could keep data secure in the cloud. While it is named after a dance, the algorithm can hide patterns that may emerge as users access data on cloud servers. Patterns of access could provide important information about a data set, which contains information users don’t necessarily want others to know, even if the data files themselves have undergone encryption. Encrypting data is an important security measure. However, privacy leaks can occur even when accessing encrypted data. The purpose of this algorithm is to provide a higher level of privacy guarantees, beyond what encryption alone can achieve.

Ohrimenko, who just received her Ph.D. from Brown University and now works at Microsoft Research, co-authored the algorithm with Roberto Tamassia and Eli Upfal, professors of computer science at Brown, and Michael Goodrich from the University of California-Irvine. Cloud computing is increasing in popularity as more individuals use services like Google Drive and more companies outsource their data to companies like Amazon Web Services. As the amount of data on the cloud grows, so do concerns about keeping it secure. Most cloud service providers encrypt the data they store. Larger companies generally encrypt their own data before sending it to the cloud to protect it not only from hackers but also to keep cloud providers themselves from snooping around in it.

But while encryption renders data files unreadable, it can’t hide patterns of data access. Those patterns can be a serious security issue. If a service provider, or someone eavesdropping on that provider, might be able to figure out that after accessing files at certain locations on the cloud server, a company tends to come out with a negative earnings report the following week. Eavesdroppers may have no idea what’s in those particular files, but they know it correlates to negative earnings.

That’s not the only potential security issue.

The pattern of accessing data could give away some information about what kind of computation is performing or what kind of program is running on the data. Some programs have very particular ways in which they access data. By observing those patterns, someone might be able to deduce that a company seems to be running a program that processes bankruptcy proceedings.

The Melbourne Shuffle aims to hide those patterns by shuffling the location of data on cloud servers. Ohrimenko named it after a dance that originated in Australia, where she did her undergraduate work.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. Edited by Joy Chang, Digital Project Manager, CFE Media, jchang@cfemedia.com