© Jean-Paul Bertemes (FNR) & Moast Creative Studios
“Of course, just outsource it to a cloud!” – A common practice for a lot of firms. But is that reliable? Can you trust the result?
Explaining its research in less than 90 seconds: 7 young researchers from Luxembourg took up the challenge in the new video series "My research in 90 seconds". In this episode, dive into the world of cloud computing with Balázs Pejó! More about this in the video - and further details in his article.
Author text: Balázs Pejó
Video: Jean-Paul Bertemes (FNR) & Moast Creative Studios
Outsourcing to the Cloud
If you pay someone to do something instead of doing it yourself is called outsourcing. It is one of the big buzzwords since the turn of the millennium, and its popularity is growing ever since. It helps firms to mitigate a shortage of skill or expertise and offers greater budget flexibility and control. A special form of outsourcing is cloud computing; a type of internet-based computing that provides computer processing resources on demand. Despite the numerous advantages, cloud computing poses significant risks such as privacy and data corruption. And at the end remains the question: Can I trust the results? How can I know that the calculations have really been done correctly?
Cryptography vs. Game Theory
During the last few decades, various mathematical solutions emerged to tackle these problems, however, using them on very large datasets is still inefficient and also unnecessary: Cryptographic protocols protect against malicious players. However in real life adversaries are not malicious, but rational: they will maximize their profit instead of attacking in any case. This leads to use Game Theory instead of Cryptography, which is the study of conflict and cooperation between rational decision-makers.
Protection Against Rational Servers
Scientists from Luxembourg Institute of Science (LIST) and University of Luxembourg (UNILU) developed a framework which can determine the minimal amount someone should pay to a cloud server to ensure that the calculation will be done correctly. They therefore used not cryptography, but the game-theory. The game-theoretic model formulated by Qiang Tang - an ex-researcher at the Interdisciplinary Centre of Security, Reliability and Trust (SnT) - and Balázs Pejó - a PhD candidate at the Applied Security and Information Assurance Group (ApSIA) - captures the behavior of a rational cloud service provider. In the game design, a client declares an offer to the cloud server who either rejects this offer or accepts it and executes the requested computation either correctly or with some level of manipulation.
Making Cheating Irrational
The client's goal is to declare such an offer in which case the server's best interest is to do the calculations correctly. For this reason, the payment should be sufficiently high. On the other hand, the client wants to pay as little as possible. The model helps the client to determine this sweet-spot: the payment just enough to make the rational server to do the computation honestly.