There are many practical problems associated with cloud computing. For a start, cloud computing is basically an infrastructure that is owned by a third party – we, the users, don’t own the hardware. Yet we entrust our data to this third party.
To me, the analogy is like having some money, or something very precious, and leaving it with your neighbour, or even your neighbour’s pet, to look after.
You might think your neighbour is actually a nice person – surely they wouldn’t ever touch it? So you just leave your valuable things on their kitchen table for them to look after.
Obviously, when you leave your precious things with them, you can never know what they might do with it, right? They might try to play with it, or exploit it. Maybe they aren’t so trustworthy after all. Perhaps they leave their front door wide open when they go out?
We have seen in the last 2 years in Australia several examples of massive data loss. A number of banks and even Medibank lost their data because it was not well protected. These are the kinds of things that are happening every day in practice, and it is precisely due to the cloud computing scenario that we have now. I’m not saying that there is no security that’s provided – that’s not entirely true. But the protections are not adequate.
The current situation that has been created puts a lot of pressure on the user. When the user wants to store their data and upload it to the cloud, they first need to encrypt it. The reality is that if you do this, and encrypt your data prior to uploading to the cloud, you will lose a lot of capabilities. For example, if you want to search through the data, you have to download the data first to your local computer, and then decrypt it, and then search through it. This actually defeats the purpose of having Cloud computing.
We have seen in the last 2 years in Australia several examples of massive data loss.
Ever since I was a kid I’ve been interested in new technologies – the bright new sparkling idea, the latest advance that could make a difference. I’ve always enjoyed mathematical problems – I taught myself programming at quite a young age so I could solve some of these problems with the help of a computer.
Cloud computing was one of those interesting, sparkling new ideas. But with these inherent problems, we need a new paradigm for it, and I’m working on the solution. I was recently awarded an Australian Laureate Fellowship, which recognises when someone has tried to formulate something which is groundbreaking at the international level. I’m the only one to be awarded a Laureate Fellowship in the area of cybersecurity to date.
What I will be trying to do with my research is essentially invent another sort of technology that will work seamlessly from the user’s point of view. All the encryption will be done in the background for the user, but it will still look like a normal operation in the Cloud.
My research proposes a paradigm shift through the establishment of a new pragmatic cryptography framework, allowing concrete cryptography solutions to be readily adopted in practice, reducing Cloud vulnerability, and safeguarding the data of individuals, businesses and government. Hopefully it will contribute to the widespread uptake of Cloud computing across all sectors.
This should have many benefits: by reducing reliance on local data storage, we should also reduce carbon emissions and improve business efficiency.
My work will proceed in several stages. First, I need to build some sort of theoretical foundation. I’ve already got some of the theory. I received a Fellowship from the Institute of Electrical and Electronics Engineers (IEEE) in 2021 for my contributions in this field – I was able to show that the theoretical basis for my research was feasible.
By reducing reliance on local data storage, we should also reduce carbon emissions and improve business efficiency.
I usually just use pen and paper to introduce how this approach will be done. Then, I put the concept into the computer and try to run some sort of simple computer programming to test the prototype to see whether it works. When it is working fine, we can upgrade it to a larger scale and then adopt it in the real-life scenario.
This project is a significant opportunity for Australia to lead the world in this vital technology to protect critical infrastructure and systems. Furthermore, this project will train the next generation of cyber security specialists in Australia.
As told to Graem Sims.