4

I'm wondering whether it would be theoretically possible for a cloud hosting provider to run an application for a customer where the customer doesn't trust the hosting provider with the data in the application. The customer would upload a virtual machine image (or similar), and the host would run it, but wouldn't be able to read any of its data.

This seems impossible, because the guest has to decrypt the data in memory in order to use it, and the host could directly read the memory of the virtual machine whenever it wanted to.

Is there some trick to get around that problem? Or any kind of partial solution that makes it harder for the host to access the data inside the virtual machine?

EDIT: I realize that the guest can easily store encrypted data that it never decrypts, like an encrypted email being passed along from one user to another. I'm wondering about whether data that the guest can read can be unreadable to the host.

gesgsklw
  • 41
  • 2
  • 1
    If you can't trust the hardware/hypervisor you're running on then you shouldn't be running it there at all. – Sammitch May 05 '16 at 22:16

2 Answers2

1

In short, no.

By definition, the host has access to all of the data that the guest has access to. That includes memory, disk, network buffers, CPU cache, etc.

The guest needs to keep the decryption key available so it can read encrypted blocks (typically in RAM), where it could be easily read by the host.

To echo the comment above, if you don't trust the host, find another host that you do trust or just host things yourself.

EEAA
  • 108,414
  • 18
  • 172
  • 242
0

This is not quite as impossible as it appears. Homomorphic encryption systems allow computational operations to be performed on encrypted data without decrypting it first.

However, it doesn't seem to be particularly practical (at least so far) for general usage. For one thing, even the "fully" homomorphic cryptosystems that've been developed so far only compute the output of binary circuits rather than e.g. computer programs -- and while binary circuits are sort-of fully general, you have to rephrase whatever computation you want into that form in order to perform it. And even then, it's not very efficient: according to the Wikipedia article, "In late-2014, a re-implementation of homomorphic evaluation of the AES-encryption circuit using HElib, reported evaluation time of just over four minutes on 120 inputs, bringing the amortized per-input time to about 2 seconds." Compare that to the performance reported for an Intel CPU with AES acceleration: [this paper] reports a 2.60GHz Haswell CPU cranking through 663.8 MiB/s in AES-128-CBC, which (if I've done my math right) is about 90 million times faster than the homomorphically-encrypted computation.

Gordon Davisson
  • 11,036
  • 3
  • 27
  • 33