Due to their low cost and simplicity of use, public cloud services are gaining popularity among both public and private sector organisations. However, there are many threats to the cloud, including data breaches, data loss, account hijacking, denial of service, and malicious insiders. One of the solutions for addressing these threats is the use of secure computing techniques such as homomorphic encryption and secure multiparty computation, which allow for processing of encrypted data stored in untrusted cloud environments without ever having the decryption key. The performance of these techniques is a limiting factor in the adoption of cloud-based applications. Both public and private sector organisations with strong requirements for data security and privacy are reluctant to push their data to the cloud. In particular, mission-critical defense applications used by governments do not tolerate any leakage of sensitive data. In this chapter, we present Nomad, a framework for developing mission-critical cloud-based applications. The framework is comprised of: (1) a homomorphic encryption-based service for processing encrypted data directly within the untrusted cloud infrastructure, and (2) a client service for encrypting and decrypting data within the trusted environment, and storing and retrieving these data to and from the cloud. In order to accelerate the expensive homomorphic encryption operations, we equipped both services with a Graphics Processing Unit (GPU)-based parallelisation mechanism. To evaluate the Nomad framework, we developed CallForFire, a Geographic Information System (GIS)-based mission-critical defense application that can be deployed in the cloud. CallForFire enables secure computation of enemy target locations and selection of firing assets. Due to the nature of the mission, this application requires guaranteed security. The experimental results show that the performance of homomorphic encryption can be enhanced by using a GPU-based acceleration mechanism. In addition, the performance of the CallForFire application demonstrates the feasibility of using the Nomad framework to develop mission-critical cloud-based applications.

Chapter Contents:

• Abstract
• 2.1 Introduction
• 2.2 Nomad framework overview
• 2.2.1 Client management service
• 2.2.2 Cloud storage service
• 2.2.3 Operational overview
• 2.3 Homomorphic encryption background
• 2.3.1 BGV scheme
• 2.3.2 HElib
• 2.4 GPU-based acceleration of BGV FHE
• 2.5 Application: CallForFire
• 2.5.1 CallForFire operational workflow
• 2.6 Implementation
• 2.7 Experiments
• 2.7.1 Performance of the GPU-based parallelisation
• 2.7.2 CallForFire performance
• 2.8 Related work
• 2.9 Conclusion
• 2.10 Future research challenges
• References

Inspec keywords: cryptography; graphics processing units; data privacy; geographic information systems; cloud computing; computer network security

Other keywords: data loss; CallForFire; malicious insiders; sensitive data leakage; GIS-based mission-critical defense application; account hijacking; cloud environments; data breaches; secure multiparty computation; homomorphic encryption-based service; graphics processing unit; GPU-based acceleration mechanism; Nomad framework; enemy target locations; denial of service; data privacy; GPU-based parallelisation mechanism; mission-critical cloud-based applications; governments; client service; untrusted cloud infrastructure; public sector organisations; public cloud services; geographic information system; private sector organisations; data security; mission-critical defense applications; data confidentiality; encrypted data processing; decryption key

Subjects: Microprocessor chips; Data security; Internet software; Microprocessors and microcomputers