Detecting program-tampering in the cloud

A new version of 'zero-knowledge proofs' allows cloud customers to verify the proper execution of their software with a single packet of data. For small and midsize organizations, the outsourcing of demanding computational tasks to the cloud - huge banks of computers accessible over the Internet - can be much more cost-effective than buying their own hardware. But it also poses a security risk: A malicious hacker could rent space on a cloud server and use it to launch programs that hijack legitimate applications, interfering with their execution. In August, at the International Cryptology Conference, researchers from MIT and Israel's Technion and Tel Aviv University presented a new system that can quickly verify that a program running on the cloud is executing properly. That amounts to a guarantee that no malicious code is interfering with the program's execution. The same system also protects the data used by applications running in the cloud, cryptographically ensuring that the user won't learn anything other than the immediate results of the requested computation. If, for instance, hospitals were pooling medical data in a huge database hosted on the cloud, researchers could look for patterns in the data without compromising patient privacy.