ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience

D. A. Rodríguez-Silva, F. J. González-Castaño, L. Adkinson-Orellana, A. Fernández-Cordeiro, J. R. Troncoso-Pastoriza, D. González-Martínez

2011

Abstract

Cloud security comprises access control and end-to-end security based on flow or message-level privacy. In some applications, in which all processing takes place at the client side and the Cloud simply handles data storage (e.g. Google Docs), on-line data encryption/decryption guarantees privacy. However, when a service requires server processing (e.g. spreadsheets), privacy must necessarily rely on a dependable entity according to local regulations. Summing up, full Cloud privacy has not been achieved so far. In this paper we take a step towards that goal. We propose executing server side operations in the encrypted domain, so that both the operands and the results are opaque to the server, yet clear to the user. We evaluate this concept with a real Google Apps implementation of basic arithmetic operations.

References

  1. Adkinson-Orellana, L., Rodríguez-Silva, Gil-Castin˜eira, F. and Burguillo-Rial J. C. (2010). Privacy for Google Docs: Implementing a transparent encryption layer. In Proc. CloudViews 2010, p. 21-22, Porto, Portugal.
  2. Adkinson-Orellana, L., Rodríguez-Silva, Gil-Castin˜eira, F. and Burguillo-Rial J. C. (2010). Privacy for Google Docs: Implementing a transparent encryption layer. In Proc. CloudViews 2010, p. 21-22, Porto, Portugal.
  3. Ahituv, N., Lapid, Y., and Neumann, S. (1987). Processing encrypted data. Communications of the ACM, 30(9):777-780.
  4. Ahituv, N., Lapid, Y., and Neumann, S. (1987). Processing encrypted data. Communications of the ACM, 30(9):777-780.
  5. Anderson, R., Bond, M., Clulow, J. and Skorobogatov, S. (2006). Cryptographic processors - a survey. Proceedings of the IEEE 94 (2): p. 357-369.
  6. Anderson, R., Bond, M., Clulow, J. and Skorobogatov, S. (2006). Cryptographic processors - a survey. Proceedings of the IEEE 94 (2): p. 357-369.
  7. Brickell, E. F. and Yacobi, Y. (1987). On privacy homomorphisms (extended abstract). In Proc. EUROCRYPT 87, LNCS 304, p. 117-125.
  8. Brickell, E. F. and Yacobi, Y. (1987). On privacy homomorphisms (extended abstract). In Proc. EUROCRYPT 87, LNCS 304, p. 117-125.
  9. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., and Molina, J. (2009). Controlling data in the Cloud: outsourcing computation without outsourcing control. In Proc. CCSW 7809, p. 85-90, NY, USA.
  10. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., and Molina, J. (2009). Controlling data in the Cloud: outsourcing computation without outsourcing control. In Proc. CCSW 7809, p. 85-90, NY, USA.
  11. (2010). Top Threats to Cloud Comput-
  12. (2010). Top Threats to Cloud Comput-
  13. ing V1.0. Retrieved August 16, 2010 from
  14. ing V1.0. Retrieved August 16, 2010 from
  15. csathreats.v1.0.pdf.
  16. csathreats.v1.0.pdf.
  17. Doelitzscher, F., Reich, C. and Sulistio, A. (2010). Designing Cloud services adhering to government privacy laws. In Proc. TSP'10, Bradford, UK.
  18. Doelitzscher, F., Reich, C. and Sulistio, A. (2010). Designing Cloud services adhering to government privacy laws. In Proc. TSP'10, Bradford, UK.
  19. Europasur (2008). Gmail, el correo espía de Google, ilegal en Europa. Retrieved August 16, 2010 from http://www.europasur.es/article/sociedad/38601/gmail /correo/espia/google/ilegal/europa.html.
  20. Europasur (2008). Gmail, el correo espía de Google, ilegal en Europa. Retrieved August 16, 2010 from http://www.europasur.es/article/sociedad/38601/gmail /correo/espia/google/ilegal/europa.html.
  21. Google (2010). Google App engine. Retrieved July 7, 2010 from http://code.google.com/appengine.
  22. Google (2010). Google App engine. Retrieved July 7, 2010 from http://code.google.com/appengine.
  23. Itani, W., Kayssi, A. and Chehab, A. (2009). Privacy as a service: Privacy-aware data storage and processing in Cloud Computing architectures. In Proc. Int. Workshop on SCC'09, p. 12-14, Chengdu, China.
  24. Itani, W., Kayssi, A. and Chehab, A. (2009). Privacy as a service: Privacy-aware data storage and processing in Cloud Computing architectures. In Proc. Int. Workshop on SCC'09, p. 12-14, Chengdu, China.
  25. Jensen, M., Schwenk, J., Gruschka, N. and Lo Iacono, L. (2009). On technical security issues in Cloud Computing. In Proc. CLOUD 7809, p. 109-116, Bangalore, India.
  26. Jensen, M., Schwenk, J., Gruschka, N. and Lo Iacono, L. (2009). On technical security issues in Cloud Computing. In Proc. CLOUD 7809, p. 109-116, Bangalore, India.
  27. Kamara, S. and Lauter, K. (2010). Cryptographic Cloud storage. In Workshop on Real-Life Cryptographic Protocols and Standardization 2010.
  28. Kamara, S. and Lauter, K. (2010). Cryptographic Cloud storage. In Workshop on Real-Life Cryptographic Protocols and Standardization 2010.
  29. Pearson, S., Shen, Y., and Mowbray, M. (2009). A privacy manager for Cloud Computing. In Cloud Computing, LNCS 5931, p. 90-106..
  30. Pearson, S., Shen, Y., and Mowbray, M. (2009). A privacy manager for Cloud Computing. In Cloud Computing, LNCS 5931, p. 90-106..
  31. Rivest, R., Adleman, L. and Dertouzos, M. (1978). On data banks and privacy homomorphisms. In Foundations of Secure Computation, p. 169-177. Academic Press.
  32. Rivest, R., Adleman, L. and Dertouzos, M. (1978). On data banks and privacy homomorphisms. In Foundations of Secure Computation, p. 169-177. Academic Press.
  33. Sartor, G. and Viola de Azevedo Cunha, M. (2010). The Italian Google-Case: Privacy, Freedom of Speech and Responsibility of Providers for User-Generated Contents. Oxford University Press.
  34. Sartor, G. and Viola de Azevedo Cunha, M. (2010). The Italian Google-Case: Privacy, Freedom of Speech and Responsibility of Providers for User-Generated Contents. Oxford University Press.
  35. Tian, X., Wang, X. and Zhou, A. (2009). DSP reencryption: A flexible mechanism for access control enforcement management in DaaS. In Proc. CLOUD 7809, p. 25-32, Bangalore, India.
  36. Tian, X., Wang, X. and Zhou, A. (2009). DSP reencryption: A flexible mechanism for access control enforcement management in DaaS. In Proc. CLOUD 7809, p. 25-32, Bangalore, India.
  37. Troncoso-Pastoriza, J. R., Comesan˜a, P., and PérezGonzález, F. (2009). Secure direct and iterative protocols for solving systems of linear equations. In Proc. SPEED Workshop 2009, p. 122-141, Lausanne, Switzerland.
  38. Troncoso-Pastoriza, J. R., Comesan˜a, P., and PérezGonzález, F. (2009). Secure direct and iterative protocols for solving systems of linear equations. In Proc. SPEED Workshop 2009, p. 122-141, Lausanne, Switzerland.
  39. Troncoso-Pastoriza, J. R., Katzenbeisser, S., and Celik, M. (2007). Privacy preserving error resilient DNA searching through oblivious automata. In Proc. 14th ACM Conference on Computer and Communications Security, p. 519-528, Alexandria, Virginia, USA.
  40. Troncoso-Pastoriza, J. R., Katzenbeisser, S., and Celik, M. (2007). Privacy preserving error resilient DNA searching through oblivious automata. In Proc. 14th ACM Conference on Computer and Communications Security, p. 519-528, Alexandria, Virginia, USA.
  41. Troncoso-Pastoriza, J. R., Pérez-González, F. (2010). CryptoDSPs for Cloud Privacy. In Proc. Int. Workshop on CISE 2010, LNCS, Hong Kong, China.
  42. Troncoso-Pastoriza, J. R., Pérez-González, F. (2010). CryptoDSPs for Cloud Privacy. In Proc. Int. Workshop on CISE 2010, LNCS, Hong Kong, China.
  43. Yao, A. C. (1982). Protocols for secure computations. In Proc. IEEE Symposium on Foundations of Computer Science, p. 160-164.
  44. Yao, A. C. (1982). Protocols for secure computations. In Proc. IEEE Symposium on Foundations of Computer Science, p. 160-164.
Download


Paper Citation


in Harvard Style

A. Rodríguez-Silva D., J. González-Castaño F., Adkinson-Orellana L., Fernández-Cordeiro A., R. Troncoso-Pastoriza J. and González-Martínez D. (2011). ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience . In Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8425-52-2, pages 591-596. DOI: 10.5220/0003380905910596


in Harvard Style

A. Rodríguez-Silva D., J. González-Castaño F., Adkinson-Orellana L., Fernández-Cordeiro A., R. Troncoso-Pastoriza J. and González-Martínez D. (2011). ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience . In Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8425-52-2, pages 591-596. DOI: 10.5220/0003380905910596


in Bibtex Style

@conference{closer11,
author={D. A. Rodríguez-Silva and F. J. González-Castaño and L. Adkinson-Orellana and A. Fernández-Cordeiro and J. R. Troncoso-Pastoriza and D. González-Martínez},
title={ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience},
booktitle={Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2011},
pages={591-596},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003380905910596},
isbn={978-989-8425-52-2},
}


in Bibtex Style

@conference{closer11,
author={D. A. Rodríguez-Silva and F. J. González-Castaño and L. Adkinson-Orellana and A. Fernández-Cordeiro and J. R. Troncoso-Pastoriza and D. González-Martínez},
title={ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience},
booktitle={Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2011},
pages={591-596},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003380905910596},
isbn={978-989-8425-52-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience
SN - 978-989-8425-52-2
AU - A. Rodríguez-Silva D.
AU - J. González-Castaño F.
AU - Adkinson-Orellana L.
AU - Fernández-Cordeiro A.
AU - R. Troncoso-Pastoriza J.
AU - González-Martínez D.
PY - 2011
SP - 591
EP - 596
DO - 10.5220/0003380905910596


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - ENCRYPTED DOMAIN PROCESSING FOR CLOUD PRIVACY - Concept and Practical Experience
SN - 978-989-8425-52-2
AU - A. Rodríguez-Silva D.
AU - J. González-Castaño F.
AU - Adkinson-Orellana L.
AU - Fernández-Cordeiro A.
AU - R. Troncoso-Pastoriza J.
AU - González-Martínez D.
PY - 2011
SP - 591
EP - 596
DO - 10.5220/0003380905910596