Skip to main content
SpringerLink
Log in
Book cover

International School on Foundations of Security Analysis and Design

International School on Foundations of Security Analysis and Design

FOSAD 2013, FOSAD 2012: Foundations of Security Analysis and Design VII pp 212–243Cite as

Encryption and Fragmentation for Data Confidentiality in the Cloud

  • Chapter

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8604))

Abstract

Cloud computing has emerged as a successful paradigm allowing individual users as well as companies to resort to external providers for storing/processing data or making them available to others. Together with the many benefits, cloud computing introduces however new security and privacy risks. A major issue is that the data owner, storing data at external providers, loses control over them, leaving them potentially exposed to improper access, use, or dissemination. In this chapter, we consider the problem of protecting confidentiality of sensitive information when relying on external cloud providers for storing and processing data. We introduce confidentiality requirements and then illustrate encryption and data fragmentation as possible protection techniques. In particular, we discuss different approaches that have been proposed using encryption (with indexing) and fragmentation, either by themselves or in combination, to satisfy confidentiality requirements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: Proc. of CIDR 2005, Asilomar, CA, USA (January 2005)

    Google Scholar 

  2. Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proc. of SIGMOD 2004, Paris, France (June 2004)

    Google Scholar 

  3. Benedikt, M., Bourhis, P., Ley, C.: Querying schemas with access restrictions. Proc. of VLDB Endowment 5(7), 634–645 (2012)

    Article  Google Scholar 

  4. Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 246–261. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM TISSEC 8(1), 119–152 (2005)

    Article  Google Scholar 

  6. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation design for efficient query execution over sensitive distributed databases. In: Proc. of ICDCS 2009, Montreal, Canada (June 2009)

    Google Scholar 

  9. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM TISSEC 13(3), 22:1–22:33 (2010)

    Google Scholar 

  11. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data outsourcing for enforcing privacy. JCS 19(3), 531–566 (2011)

    Article  Google Scholar 

  12. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: An OBDD approach to enforce confidentiality and visibility constraints in data publishing. JCS 20(5), 463–508 (2012)

    Article  Google Scholar 

  13. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. In: Proc. of CCS 2006, Alexandria, VA, USA (October-November 2006)

    Google Scholar 

  14. Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of CCS 2003, Washington, DC, USA (October 2003)

    Google Scholar 

  15. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Enforcing dynamic write privileges in data outsourcing. Computers & Security 39, 47–63 (2013)

    Article  Google Scholar 

  16. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE TDSC (to appear, 2014)

    Google Scholar 

  17. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM TODS 35(2), 12:1–12:46 (2010)

    Google Scholar 

  18. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Integrity for join queries in the cloud. IEEE TCC 1(2), 187–200 (2013)

    Google Scholar 

  19. De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: Proc. of ICDCS 2011, Minneapolis, MN, USA (June 2011)

    Google Scholar 

  20. De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Managing and accessing data in the cloud: Privacy risks and approaches. In: Proc. of CRiSIS 2012, Cork, Ireland (October 2012)

    Google Scholar 

  21. De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Protecting data in outsourcing scenarios. In: Das, S., Kant, K., Zhang, N. (eds.) Handbook on Securing Cyber-Physical Critical Infrastructure. Morgan Kaufmann (2012)

    Google Scholar 

  22. De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Selective and fine-grained access to data in the cloud. In: Jajodia, S., Kant, K., Samarati, P., Swarup, V., Wang, C. (eds.) Secure Cloud Computing. Springer (2014)

    Google Scholar 

  23. Gamassi, M., Piuri, V., Sana, D., Scotti, F.: Robust fingerprint detection for access control. In: Proc. of RoboCare Workshop 2005, Rome, Italy (May 2005)

    Google Scholar 

  24. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proc. of STOC 2009, Bethesda, MA, USA (May 2009)

    Google Scholar 

  25. Goh, E.J.: Secure indexes. Tech. Rep. 2003/216, Cryptology ePrint Archive (2003), http://eprint.iacr.org/

  26. Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of ICDE 2002, San Jose, CA, USA (February 2002)

    Google Scholar 

  27. Hacıgümüş, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  28. Jhawar, R., Piuri, V.: Fault tolerance management in IaaS clouds. In: Proc. of ESTEL 2012, Rome, Italy (October 2012)

    Google Scholar 

  29. Jhawar, R., Piuri, V.: Fault tolerance and resilience in cloud computing environments. In: Vacca, J. (ed.) Computer and Information Security Handbook, 2nd edn., pp. 125–141. Morgan Kaufmann (2013)

    Google Scholar 

  30. Jhawar, R., Piuri, V., Samarati, P.: Supporting security requirements for resource management in cloud computing. In: Proc. of CSE 2012, Paphos, Cyprus (December 2012)

    Google Scholar 

  31. Özsu, M., Valduriez, P.: Principles of distributed database systems, 2nd edn. Prentice-Hall, Inc. (1999)

    Google Scholar 

  32. Samarati, P.: Data security and privacy in the cloud. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 28–41. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  33. Schneier, B.: Applied Cryptography, 2nd edn. John Wiley & Sons (1996)

    Google Scholar 

  34. Wang, C., Cao, N., Ren, K., Lou, W.: Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE TPDS 23(8), 1467–1479 (2012)

    Google Scholar 

  35. Wang, H., Lakshmanan, L.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of VLDB 2006, Seoul, Korea (September 2006)

    Google Scholar 

  36. Winkler, V.: Securing the Cloud: Cloud Computer Security Techniques and Tactics. Syngress (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy

    Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga & Pierangela Samarati

  2. U.S. Army Research Laboratory, USA, 2800 Powder Mill Road, Adelphi, MD, 20783, USA

    Robert F. Erbacher

  3. Center for Secure Information Systems, George Mason University, 4400 University Drive, Fairfax, VA, 22030-4422, USA

    Sushil Jajodia

Authors
  1. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert F. Erbacher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sara Foresti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sushil Jajodia
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Giovanni Livraga
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Scienze di Base e Fondamenti, University of Urbino "Carlo Bo", Piazza dekka Repubblica 13, 61029, Urbino, Italy

    Alessandro Aldini

  2. Department of Computer Science, Network, Information and Computer Security Laboratory, University of Malaga, Campus de Teatinos s/n, 29071, Malaga, Spain

    Javier Lopez

  3. Istituto di Informatica e Telematica - IIT, Security Group, National Research Council - CNR, Via G. Moruzzi 1, 56124, Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

De Capitani di Vimercati, S., Erbacher, R.F., Foresti, S., Jajodia, S., Livraga, G., Samarati, P. (2014). Encryption and Fragmentation for Data Confidentiality in the Cloud. In: Aldini, A., Lopez, J., Martinelli, F. (eds) Foundations of Security Analysis and Design VII. FOSAD FOSAD 2013 2012. Lecture Notes in Computer Science, vol 8604. Springer, Cham. https://doi.org/10.1007/978-3-319-10082-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10082-1_8

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10081-4

  • Online ISBN: 978-3-319-10082-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation