Security and Privacy in the Cloud

Private information would be much more secure if individuals moved away from cloud-based storage towards peer-to-peer systems, where data is stored in a variety of ways and across a variety of sites, argues a University of Cambridge researcher.

 In an article published in the Proceedings of the Royal Society A, Professor Jon Crowcroft argues that by parcelling and spreading data across multiple sites, and weaving it together like a tapestry, not only would our information be safer, it would be quicker to access, and could potentially be stored at lower overall cost.

The internet is a vast, decentralised communications system, with minimal administrative or governmental oversight. However, we increasingly access our information through cloud-based services, such as Google Drive, iCloud and Dropbox, which are very large centralised storage and processing systems. Cloud-based services offer convenience to the user, as their data can be accessed from anywhere with an internet connection, but their centralised nature can make them vulnerable to attack, such as when personal photos of mostly young and female celebrities were leaked last summer after their iCloud accounts were hacked.

Storing information on the cloud makes it easily accessible to users, while removing the burden of managing it; and the cloud’s highly centralised nature keeps costs low for the companies providing the storage. However, centralised systems can lack resilience, meaning that service can be lost when any one part of the network access path fails.

Centralised systems also give a specific point to attack for those who may want to access them illegally. Even if data is copied many times, if all the copies have the same flaw, they are all vulnerable. Just as a small gene pool places a population at risk from a change in the environment, such as a disease, the lack of variety in centralised storage systems places information at greater risk of theft.

The alternative is a decentralised system, also known as a peer-to-peer system, where resources from many potential locations in the network are mixed, rather than putting all one’s eggs in one basket.

The strength of a peer-to-peer system is that its value grows as the number of users increases: all producers are also potential consumers, so each added node gives the new producer as many customers as are already on the network.

“Since all the members of a peer-to-peer network are giving as well as consuming resources, it quickly overtakes a centralised network in terms of its strength,” said Crowcroft, of the University’s Computer Laboratory.

The higher reliability and performance of fibre to the home, the availability of 4G networks, and IPv6 (Internet Protocol version 6) are all helping to make decentralised networks viable. In practice, a user would carry most of the data they need to access immediately with them on their mobile device, with their home computer acting as the ‘master’ point of contact.

“Essentially, data is encoded redundantly, but rather than making many copies, we weave a tapestry using the bits that represent data, so that threads making up particular pieces of information are repeated but meshed together with threads making up different pieces of information,” said Crowcroft. “Then to dis-entangle a particular piece of information, we need to unpick several threads.”

Varying the ways that our information is stored or distributed is normally done to protect against faults in the network, but it can also improve the privacy of our data. In a decentralised system where data is partitioned across several sites, any attacker attempting to access that data has a much more complex target – the attacker has to know where all bits of the information are, as opposed to using brute force at one point to access everything. “The more diversity we use in a peer-to-peer system, the closer we get to an ideal in terms of resilience and privacy,” said Crowcroft.

A peer-to-peer system could also be built at a lower overall cost than a centralised system, argues Crowcroft, since no ‘cache’ is needed in order to store data near the user. To the end user, costs could be as low as a pound per month, or even free, much lower than monthly internet access costs or mobile tariffs.

“We haven’t seen massive take-up of decentralised networks yet, but perhaps that’s just premature,” said Crowcroft. “We’ve only had these massive centralised systems for about a decade, and like many other utilities, the internet will most likely move away from centralisation and towards decentralisation over time, especially as developments in technology make these systems attractive for customers.”

More information: “On the duality of resilience and privacy.” DOI: 10.1098/rspa.2014.0862 . Published 21 January 2015

66th Indian Republic Day parade with US President Barack Obama as chief guest Live Telecast starts at 09:00hrs IST (Indian Standard Time)

Below given is the Official Live Feed from National Informatics Centre (NIC) webcast channel


Box.com_

None could forget mid-year 2014 when critics were reporting on depreciation of value of Box. Sproutmoney even declared that Box is in danger zone.

But in its initial public offering, the first technical IPO of 2015, shares in online file storage company Box were trading at $24.24 on Friday afternoon, 73 percent higher than its IPO price of $14 a share. With that impressive opening morning, the start-up company caught up to the $2.4 billion valuation that it garnered in its most recent private financing round last summer, possibly allaying concerns among investors that the company had been overvalued.

In a video presentation to investors Friday, Box co-founder and CEO, Aaron Levie, said that his company was at the forefront of “a once-in-a-generation shift” in storage. Among the company’s clients are General Electric and the drug maker AstraZeneca.

Launched in 2005, Box (formerly Box.net), has adopted a freemium business model, and offers 5 GB of free storage for personal accounts. But it has also gone after business clients, focusing on enterprise collaboration and workflows. Competitors such as Dropbox, on the other hand, have concentrated on the business-to-consumer market.

Aimed at Companies

Box has set itself apart by its variety of deployments of API (application program interface) technology. For instance, its Box View feature is an API that converts Microsoft Office and PDF documents to embeddable HTML5, allowing developers to create custom experiences around content.

The company defines its flagship product as a cloud platform that helps companies securely store, share and manage all their files. Box’ selling points are secure confidential business information, development of custom mobile applications and simplification of paper-based office processes.

Box had planned to go public last spring, then postponed that event as the tech IPO market softened and questions began surfacing about the company’s financial health. What’s more, its original core product, online file storage and sharing, faces loads of competition from companies, including Google and Microsoft, offering cloud storage services for little or no cost.

Challenges

The challenge for Box has been separating itself from the pack by offering services other than simple data storage. It has done so by developing tools targeted at the needs of specific industries, such as health care, media, and retail. Box has also tried to make itself a destination for collaborating on documents, using software such as its Notes app, a cross between instant messaging and Google Docs.

Another factor that makes Box’ successful IPO interesting is that while it competes with Microsoft, the company also depends on Microsoft to an extent. To go head-to-head with Microsoft as the software platform of choice for business, Box and similar storage companies must integrate with the tools businesses are already using, including Microsoft Office. One way Box has done that is by offering such products as Box for Office.

Other providers of cloud-based storage are in a similar fix. Dropbox said 35 billion of the files stored on its service are Office files.