Pinocchio: Lie Detector for Cloud Computing
June 17, 2013
What if you could tell whether someone was lying over the Internet? Technology such as this would be priceless in our fast-paced technology-heavy world and the anonymity of the Internet.
Traditional lie detectors, known as polygraph tests, measure a person’s heart rate, blood pressure, and breathing. But how do you measure the vital signs of a computer system? You can’t exactly measure a hard drive’s heartbeat or the Internet’s internal temperature.
Some researchers at Microsoft and IBM are getting close, though.
According to MIT Technology Review, researchers have created a kind of lie detector for the cloud. And what better name for it than “Pinocchio?”
Benefits of Pinocchio
Concerns over privacy and security have prevented people and companies from taking full advantage of cloud computing and all its capabilities. But a system such as Pinocchio may be able to help encourage the transition to the cloud.
According to Technology Review, the only way to verify that a cloud service performed the work it was supposed to would be to perform the work again, which can be very time consuming and effectively negates the purpose of using a cloud provider. Companies can randomly check a sample of the work, or have the work done by several different providers to ensure the results are correct, but again, that doesn’t exactly shout “secure.”
Pinocchio, on the other hand, could help to efficiently improve privacy and security. It works by converting an operation in C programming language to a version that produces an embedded verification code, according to Technology Review. This code can then be used to confirm that the cloud service performed the calculations it was asked to do, eliminating the need for multiple providers and sample checking.
It can also be used to alert the company if the data being processed was somehow threatened and could produce defective results.
This Pinocchio’s Geppetto
The software was created by Microsoft researcher Bryan Parno and his colleague John Howell, with IBM researchers Craig Gentry and Mariana Raykova. Parno is part of Microsoft’s Security and Privacy Research Group, and Gentry is well known for his work with protecting encrypted data.
Parno has equated this system to smart electric meters, reports Technology Review. These meters can collect enough information to tell what appliances are in a house and how many people are using them.
But instead of the meter collecting all that data, sending it back to the company, and then turning the information into an electric bill, the meter itself could calculate how much the bill should be right on the spot, provided the electric company receives validation no one tampered with the meter causing it to produce false results. The reading would never need to be sent back to the company once the provider gave the meter the formula to calculate the bill.
Essentially Pinocchio works the same way by keeping sensitive data encrypted and turning it directly into a “bill” (or a solution to a calculation). The verification code would be the proof that the “bill” was calculated correctly, saving the company time and effort.
Not Real Quite Yet
For the time being, Pinocchio is not yet a real boy… or in this case, a real system; it is still too slow and a little too much work to be of any practical use, reports Technology Review.
But there is hope. Technology Review says that this version of the program works 100,000 times faster than earlier versions, and researchers are making improvements with every version they develop. The creators deem it “nearly practical.” Just a few more strings need to be untangled.