Data files shared in the cloud are usually kept within a trusted perimeter, on a network protected from hackers. Cybersecurity company Scille's Parsec solution is designed to lower operating expenses and provide greater flexibility. Built on a metadata server that synchronizes data packets that are signed and encrypted using personal, local keys, this "zero trust" solution makes it possible to share sensitive data in the cloud securely.
Here, Scille and CEA-List focused on making metadata servers hosted in "less trusted" clouds more resilient. CEA-List's researchers leveraged their theoretical and practical knowledge of blockchain technology to come up with a solution that strikes an excellent balance between transaction security and data security. Specifically, they used UC Berkeley's "shadow blockchain" theory, which involves saving fingerprints of the metadata server at regular intervals and storing them on a blockchain.
These fingerprints function like codes associated with the state of the data at a given point in time—without ever allowing access to the actual data. Users can check the fingerprints at regular intervals to ensure that the last one is coherent with their own exchanges with the metadata server. Any differences between the fingerprints and actual activity could indicate an attack, in which case the user can revert to a previous "safe" version of the data.
The research resulted in a state-of-the-art solution that is now in the hands of CEA-List partner Scille. Future research could focus on improving the prototype developed for Scille's use case—to not only detect and repair attacks, but also prevent them.