Microsoft devises card-shuffling inspired approach to cloud data security

Microsoft and a team of University researchers looking to instil confidence in data stored in cloud data centres have developed a new way to make cloud data private that has its roots in Las Vegas’ poker rooms.

Related: Five cloud security concerns you must address

The research, which has been carried out by the Redmond-based firm alongside the University of California and Brown University, is entitled ‘The Melbourne Shuffle: Improving Oblivious Storage in the Cloud’ and states that encryption on its own is not enough.

“The data access patterns that users exhibit can reveal information about the content of their data,” the researchers claimed, according to Cloud Pro.

The Melbourne Shuffle, as the method has been nicknamed, is based on card shuffling and can successfully disguise the nature of the data being accessed without a price that is prohibitively expensive. The Melbourne Shuffle concentrates on muddying the data coveted by storage providers and governments and it’s known in the industry as “probabilistic encryption.”

“Everything stored at the server is encrypted and every time an item is read from the server, the user decrypts it, re-encrypts it and writes it back. Since we use CPA- secure encryption, the ciphertexts produced for the same item always look different and, hence, the server, aka the adversary, cannot tell whether the ciphertexts correspond to the same item or not,” the researchers explained. “The goal of our oblivious shuffle is to reveal to the adversary only information that she would expect to see in a random permutation with very high probability.”

Another method known as data-oblivious shuffling, which makes data access patterns invisible by using a series of dummy requests and the continuous internal cycling of data within the cloud, is thought to involve algorithms that are too costly in terms of money and time.

The Melbourne Shuffle also uses dummy items that is composed of real data that have a fake key and nonce value [an arbitrary number used just once] as decoys.

Related: The 5 biggest cloud security concerns explained

Security in the cloud is something that firms are taking more seriously as time goes by and figures from Gartner reported that the market is set to grow from $2.1 billion [£1.3 billion] at the end of 2013 to $3.1 billion [£1.9 billion] by 2015.