Skip to main content
SpringerLink
Log in

Private Cloud Storage: Client-Side Encryption and Usable Secure Utility Functions

  • Conference paper
  • First Online:
Book cover HCI for Cybersecurity, Privacy and Trust (HCII 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12210))

Included in the following conference series:

  • 2833 Accesses

Abstract

With the development of cloud environments and smartphones, and increasing awareness of security and privacy, client-side encryption, represented by end-to-end encryption (E2E Encryption), has made rapid progress over the last 10 years. When client-side encryption is adopted, a wide variety of utility functions such as search and sorting provided by the cloud side, utilization on multiple terminals, and data sharing with other users are restricted. To solve this problem, there has been a great deal of interest in technologies such as searchable encryption and order preserving encryption, which allow data to be processed while being encrypted. However, there are few examples in which the effectiveness was discussed by applying these actually to the application. In particular, these technologies were rarely discussed from the viewpoint of usability. Therefore, we focus on cloud storage and propose an application that combines multiple encryption technologies on the client side to realize secure and usable cloud storage that can be closely linked with existing cloud storage services. The proposed application is then evaluated to demonstrate its usability. The application we proposed provides file encryption on the client side, secure retrieval, sorting, and folder sharing with other users. As a result of the user study, it was shown that the usability of the prototype application did not differ from that of the unencrypted application developed for comparison, and the usability of the proposed application was high. Furthermore, implementation and user experiments have revealed a number of new challenges in securely implementing utility functions while providing client-side encryption for contents, and have newly demonstrated the need for applied research in this field.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Apache lucene - index file formats. https://lucene.apache.org/core/3_0_3/fileformats.html

  2. Architecture - dropbox business. https://www.dropbox.com/business/trust/security/architecture

  3. Cryptomator: free cloud encryption for dropbox & others. https://cryptomator.org/

  4. Encryption software to secure cloud files — boxcryptor. https://www.boxcryptor.com/en/

  5. End-to-end encrypted cloud storage for businesses — tresorit. https://tresorit.com/

  6. Evernote revisits privacy policy change — evernote — evernote blog. https://evernote.com/blog/evernote-revisits-privacy-policy-change/

  7. Security - google cloud help. https://support.google.com/googlecloud/answer/6056693?hl=en

  8. Spideroak secure software — spideroak. https://spideroak.com/

  9. Acar, A., Aksu, H., Uluagac, A.S., Conti, M.: A survey on homomorphic encryption schemes: theory and implementation. ACM Comput. Surv. 51(4), 79:1–79:35 (2018). https://doi.org/10.1145/3214303. http://doi.acm.org/10.1145/3214303

    Article  Google Scholar 

  10. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD 2004, pp. 563–574. ACM, New York (2004). https://doi.org/10.1145/1007568.1007632. http://doi.acm.org/10.1145/1007568.1007632

  11. Bai, W., Namara, M., Qian, Y., Kelley, P.G., Mazurek, M.L., Kim, D.: An inconvenient trust: user attitudes toward security and usability tradeoffs for key-directory encryption systems. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pp. 113–130. USENIX Association, Denver (2016). https://www.usenix.org/conference/soups2016/technical-sessions/presentation/bai

  12. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13

    Chapter  Google Scholar 

  13. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_30

    Chapter  Google Scholar 

  14. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  15. Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014). https://doi.org/10.1145/2636328. http://doi.acm.org/10.1145/2636328

    Article  Google Scholar 

  16. Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014). https://doi.org/10.1109/TPDS.2013.45

    Article  Google Scholar 

  17. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 79–88. ACM, New York (2006). https://doi.org/10.1145/1180405.1180417. http://doi.acm.org/10.1145/1180405.1180417

  18. Erway, C.C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. ACM Trans. Inf. Syst. Secur. 17(4), 15:1–15:29 (2015). https://doi.org/10.1145/2699909. http://doi.acm.org/10.1145/2699909

    Article  Google Scholar 

  19. Fahl, S., Harbach, M., Muders, T., Smith, M.: Confidentiality as a service - usable security for the cloud. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 153–162, June 2012. https://doi.org/10.1109/TrustCom.2012.112

  20. Fahl, S., Harbach, M., Muders, T., Smith, M., Sander, U.: Helping Johnny 2.0 to encrypt his Facebook conversations. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 11:1–11:17. ACM, New York (2012). https://doi.org/10.1145/2335356.2335371. http://doi.acm.org/10.1145/2335356.2335371

  21. Garfinkel, S.L.: Enabling email confidentiality through the use of opportunistic encryption. In: Proceedings of the 2003 Annual National Conference on Digital Government Research, dg.o 2003, pp. 1–4. Digital Government Society of North America (2003). http://dl.acm.org/citation.cfm?id=1123196.1123245

  22. Garfinkel, S.L., Margrave, D., Schiller, J.I., Nordlander, E., Miller, R.C.: How to make secure email easier to use. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2005, pp. 701–710. ACM, New York (2005). https://doi.org/10.1145/1054972.1055069. http://doi.acm.org/10.1145/1054972.1055069

  23. Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of key continuity management with s/mime and outlook express. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS 2005, pp. 13–24. ACM, New York (2005). https://doi.org/10.1145/1073001.1073003. http://doi.acm.org/10.1145/1073001.1073003

  24. Garfinkel, S.L., Schiller, J.I., Nordlander, E., Margrave, D., Miller, R.C.: Views, reactions and impact of digitally-signed mail in e-commerce. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 188–202. Springer, Heidelberg (2005). https://doi.org/10.1007/11507840_18

    Chapter  MATH  Google Scholar 

  25. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178. ACM, New York (2009). https://doi.org/10.1145/1536414.1536440. http://doi.acm.org/10.1145/1536414.1536440

  26. Han, F., Qin, J., Hu, J.: Secure searches in the cloud: a survey. Future Gener. Comput. Syst. 62, 66–75 (2016). https://doi.org/10.1016/j.future.2016.01.007. http://www.sciencedirect.com/science/article/pii/S0167739X16000091

    Article  Google Scholar 

  27. Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., et al. (eds.) FC 2010. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14992-4_13

    Chapter  Google Scholar 

  28. Midorikawa, T., Tachikawa, A., Kanaoka, A.: Helping johnny to search: encrypted search on webmail system. In: 2018 13th Asia Joint Conference on Information Security (AsiaJCIS), pp. 47–53, August 2018. https://doi.org/10.1109/AsiaJCIS.2018.00017. http://doi.ieeecomputersociety.org/10.1109/AsiaJCIS.2018.00017

  29. Nielsen, J., Landauer, T.K.: A mathematical model of the finding of usability problems. In: Proceedings of the INTERACT 1993 and CHI 1993 Conference on Human Factors in Computing Systems, CHI 1993, pp. 206–213. ACM, New York (1993). https://doi.org/10.1145/169059.169166. http://doi.acm.org/10.1145/169059.169166

  30. Ogata, W., Koiwa, K., Kanaoka, A., Matsuo, S.: Toward practical searchable symmetric encryption. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 151–167. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41383-4_10

    Chapter  Google Scholar 

  31. Poh, G.S., Chin, J.J., Yau, W.C., Choo, K.K.R., Mohamad, M.S.: Searchable symmetric encryption: designs and challenges. ACM Comput. Surv. 50(3), 40:1–40:37 (2017). https://doi.org/10.1145/3064005. http://doi.acm.org/10.1145/3064005

    Article  Google Scholar 

  32. Ruoti, S., et al.: “we’re on the same page”: a usability study of secure email using pairs of novice users. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI 2016, pp. 4298–4308. ACM, New York (2016). https://doi.org/10.1145/2858036.2858400. http://doi.acm.org/10.1145/2858036.2858400

  33. Ruoti, S., Andersen, J., Hendershot, T., Zappala, D., Seamons, K.: Private webmail 2.0: simple and easy-to-use secure email. In: Proceedings of the 29th Annual Symposium on User Interface Software and Technology, UIST 2016, pp. 461–472. ACM, New York (2016). https://doi.org/10.1145/2984511.2984580. http://doi.acm.org/10.1145/2984511.2984580

  34. Ruoti, S., Kim, N., Burgon, B., van der Horst, T., Seamons, K.: Confused johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 5:1–5:12. ACM, New York (2013). https://doi.org/10.1145/2501604.2501609. http://doi.acm.org/10.1145/2501604.2501609

  35. Sheng, S., Broderick, L., Koranda, C.A., Hyland, J.J.: Why johnny still can’t encrypt: evaluating the usability of email encryption software. In: Symposium On Usable Privacy and Security, pp. 3–4 (2006)

    Google Scholar 

  36. Whitten, A., Tygar, J.D.: Why johnny can’t encrypt: a usability evaluation of PGP 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8, SSYM 1999, p. 14. USENIX Association, Berkeley (1999). http://dl.acm.org/citation.cfm?id=1251421.1251435

  37. Xia, Z., Wang, X., Sun, X., Wang, Q.: A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 27(2), 340–352 (2016). https://doi.org/10.1109/TPDS.2015.2401003

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Toho University, Miyama 2-2-1, Funabashi, Chiba, 274-8510, Japan

    Akihiro Tachikawa & Akira Kanaoka

Authors
  1. Akihiro Tachikawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akira Kanaoka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Akira Kanaoka .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tachikawa, A., Kanaoka, A. (2020). Private Cloud Storage: Client-Side Encryption and Usable Secure Utility Functions. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_44

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-50309-3_44

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-50308-6

  • Online ISBN: 978-3-030-50309-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation