Cloud and software-as-a-service applications such as Google Docs, Evernote, iCloud and Dropbox are very convenient for users, but problematic from a security point of view. As these services process data in unencrypted form on their servers, users must blindly trust the cloud provider to prevent unauthorised access and to maintain integrity of the data. A security breach of the cloud provider could have disastrous consequences.
Many professions deal with highly sensitive data. For example:
- doctors deal with electronic medical records,
- legal advisors communicate with their clients under legal privilege,
- journalists collaborate on stories and communicate with their sources,
- engineers work on designs for power stations and chemical plants,
- financial services handle sensitive client details,
- diplomats privately negotiate solutions to international disagreements; and
- law enforcement services share details of ongoing investigations.
In such environments, blindly entrusting the data to a cloud service is difficult or impossible to justify, as these professions are often subject to strict compliance regulations and confidentiality obligations.
In this project, we are exploring techniques for Trust-Reducing Verifiable Exchange of data (TRVE Data, pronounced "true data"). Our goal is to create the foundations for applications that are as usable and convenient as today's cloud services, while reducing the amount of trust that is placed in third parties.
In particular, we are exploring cryptographic techniques for improving confidentiality, preventing unauthorised access to sensitive data; integrity, ensuring data items cannot be tampered with; and availability, ensuring continued access to data in the face of malice.
This project touches on many areas of computer security, distributed systems and human-computer interaction. We are applying end-to-end encryption and integrity proof techniques to the domain of databases and real-time collaborative applications. We are designing user interfaces to encourage safe user behaviour. We are building upon a long history of distributed systems research to create data synchronisation mechanisms that are robust to both malicious and accidental network interference.
In the following demo we show an example of a distributed text editor which supports offline editing and does not require the server to modify any messages sent between clients. This is implemented using Operation-Based Conflict-Free Replicated Data Types. The next step is to support end-to-end encryption!
The software being developed as part of this project is open source, and is available from our Github page under the Apache 2.0 license. Please note that at present, the software is highly experimental and should not be used for any important purposes.
|Alastair Beresford||Martin Kleppmann||Stephan Kollmann||Diana Vasile|
Alastair and Martin are supported by Boeing, Stephan is supported by Microsoft Research Cambridge, and Diana is supported by EPSRC.