The “cloud” is a term that is associated with cloud computing. In computer networking, cloud computing is a computing process that involves multiple computers connected through some form of a communication network, such as a local area network or the Internet. As can be appreciated, as with any networked computing system, with a cloud there are always security risks that must be addressed. Current cloud security approaches are based on virtualization, separation and access control. In such approaches, machines have to be manually disinfected; they cannot be recovered quickly in the face of automated attacks. A comprehensive solution must be resilient in the face of significant node corruption and must be regenerative so that lost nodes are later recovered. An attacker that compromises a node can steal data, corrupt computation and learn about cloud control execution.
Multiparty computation (MPC) allows a group of servers (sometimes called players or parties) to provide inputs to an arithmetic (or Boolean) circuit and securely evaluate the circuit in the presence of an adversary who may corrupt a fixed portion of the servers. As noted above, when the adversary corrupts a server, it learns all information stored on that server. The adversary can force corrupt servers to behave arbitrarily, irrespective of the protocol.
Although there are numerous published MPC protocols, none of the published protocols allow a set of servers to change in the middle of a computation, in what would be considered proactive. The only previous work on a proactive MPC is the work of Rafail Ostrovsky and Moti Yung in “How to withstand mobile virus attacks,” (See the List of Incorporated Cited Literature References, Literature Reference No. 9). A disadvantage of the protocol by Ostrovsky and Yung is that it is not explicit, in that it does not provide the details of each step to perform and required computations and communication (i.e., the paper only provides a high level argument and description of why it is possible to construct such a protocol). The protocol of Ostrovsky and Yung is also inefficient. The efficiency is not explicitly stated, but it is at least Ω(DCn3) (where D is the circuit depth, C is the number of gates in the circuit and in is the number of servers). While proactive secret-sharing has been used in the past, its use has so far been limited to protecting specialized computations, such as those required by a certification authority (see Literature Reference No. 12).
While there have been many secure operating systems and many operating systems that restore to a pristine state, none of them employed cryptographic techniques to use adjoining nodes for state reconstruction in a cloud architecture. Thus, a continuing need exists for a proactive secret sharing (PSS) approach that is operable for protecting control operations in a general-purpose cloud-computing architecture.