Abstract
The biggest impediment for the adoption of cloud computing practices is the lack of trust in the confidentiality of one’s data in the cloud. The prevalent threat in the cloud computing model are so-called insider attacks. Full data encryption can only solve the problem in the trivial case of backups. Any sophisticated service provided on data requires insight into the structure of that data. One purpose of encryption is to prevent such insights. We introduce the MimoSecco project. In MimoSecco, we are investigating reasonable compromises. We employ two techniques, separation of duties and secure hardware. With separation of duties, we fragment a database and separate the fragments geographically. The goal is to make it infeasible to reconstruct the database from one fragment alone. The secure hardware tokens we employ are hard-to-copy devices which offer encryption, decryption and cryptographically signing of data. The keys used are stored in the tamper-proof hardware device and never leave it. We are in the process of developing a prototypical database adapter that behaves like a SQL database, but stores data securely.
This work has been funded by the Federal Ministry of Economics and Technology, Germany (BMWi, Contract No. 01MS10002). The responsibility for the content of this article lies solely with the authors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Advanced encryption standard (AES). Tech. rep., NIST (2001)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. CIDR 2005 http://ilpubs.stanford.edu:8090/659/
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the nineteenth annual ACM symposium on Theory of computing. pp. 218–229. ACM, New York, NY, USA (1987)
Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD international conference on Management of data. pp. 216–227. ACM (2002)
Huber, M.: Towards secure services in an untrusted environment. In: Bühnová, B., Reussner, R.H., Szyperski, C., Weck, W. (eds.) Proceedings of the Fifteenth International Workshop on Component-Oriented Programming (WCOP) 2010. Interne Berichte, vol. 2010-14, pp. 39–46. Karlsruhe Institue of Technology, Faculty of Informatics, Karlsruhe, Germany (June 2010), http://digbib.ubka.uni-karlsruhe.de/volltexte/1000018464
Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, FOCS’82. pp. 160–164. IEEE Computer Society (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag London Limited
About this paper
Cite this paper
Achenbach, D., Gabel, M., Huber, M. (2011). MimoSecco: A Middleware for Secure Cloud Storage. In: Frey, D., Fukuda, S., Rock, G. (eds) Improving Complex Systems Today. Advanced Concurrent Engineering. Springer, London. https://doi.org/10.1007/978-0-85729-799-0_20
Download citation
DOI: https://doi.org/10.1007/978-0-85729-799-0_20
Published:
Publisher Name: Springer, London
Print ISBN: 978-0-85729-798-3
Online ISBN: 978-0-85729-799-0
eBook Packages: EngineeringEngineering (R0)