Abstract
Cloud computing, with its estimated market size of 150 billion USD annual turnover, is one of the major growth areas in information and communication technologies today. As a paradigm building on outsourcing of storage and processing, cloud computing suffers from intrinsic security and privacy problems. However, cryptographic research has made substantial progress over the last years and today provides a portfolio of mature cryptographic primitives and protocols suitable for addressing several of these problems in an effective and efficient way. Nevertheless, today’s reality shows that there exists a gap between what is possible and what is actually available in the cloud. We will present a detailed analysis of inhibitors and roadblocks standing in the way of an extensive deployment of cryptographic protection to cloud services, and how organizational and procedural measures may support the practical deployment of cryptography. We conclude our article with an overview of novel cryptographic schemes and their potential for protection of end-user data during storage and processing in the cloud, once they will become widely available.
Zusammenfassung
Mit einem Jahresumsatz im Bereich von 150 Milliarden US Dollar ist Cloud Computing heute der am schnellsten wachsende Sektor im Bereich Informationstechnologien. Doch die Grundlage von Cloud Computing, welches auf dem Outsourcing von Daten und Verarbeitungen beruht, bringt naturgemäß Probleme für die Informationssicherheit und Privatsphäre mit sich. Obwohl die kryptografische Forschung in den letzten Jahren signifikante Fortschritte gemacht hat und im Bereich Cloud Computing eine ganze Reihe von innovativen, anwendbaren Verfahren zur Verfügung stellt, werden diese nicht in nennenswertem Umfang praktisch eingesetzt. Wir werden in dem vorliegenden Artikel die größten Hindernisse analysieren, die einer weiten Verbreitung von kryptografischen Verfahren in Cloud Services im Wege stehen, und aufzeigen, wie dem mittels organisationeller und prozeduraler Methoden entgegengewirkt werden kann. Zum Abschluss möchten wir einige dieser neuartigen Verfahren vorstellen und aufzeigen, was deren Einsatz zu einem wirkungsvollen Schutz von End-User-Daten beitragen kann.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
https://prismacloud.eu; https://credential.eu (both accessed 1.8.2017).
References
Almeida, J. B., Bangerter, E., Barbosa, M., Krenn, S., Sadeghi, A.-R., Schneider, T. (2010): A certifying compiler for zero-knowledge proofs of knowledge based on sigma-protocols. In ESORICS (pp. 151–167).
Almeida, J. B., Barbosa, M., Bangerter, E., Barthe, G., Krenn, S., Zanella Béguelin, S. (2012): Full proof cryptography: verifiable compilation of efficient zero-knowledge protocols. In ACM CCS (pp. 488–500).
Ateniese, G., Chou, D. H., de Medeiros, B., Tsudik, G. (2005): Sanitizable signatures. In ESORICS (pp. 159–177).
Blakley, G. R. (1979): Safeguarding cryptographic keys. In Proceedings of the national computer conference (Vol. 48, pp. 313–317).
Blaze, M., Bleumer, G., Strauss, M. (1998): Divertible protocols and atomic proxy cryptography. In EUROCRYPT (pp. 127–144).
Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G. L., Neven, G., Pedersen, M. Ø. (2015): Formal treatment of privacy-enhancing credential systems. In SAC (pp. 3–24).
Fischer-Hübner, S., Köffel, C., Pettersson, J.-S., Wolkerstorfer, P., Graf, C., Holtz, L.-E., König, U., Hedbom, H., Kellermann, B. FP7 project PrimeLife D4. 1.3 – HCI pattern collection. version 2. Available at http://primelife.ercim.eu/results/documents/ (accessed 1.8.2017), 2010.
Goyal, V., Pandey, O., Sahai, A., Waters, B. (2006): Attribute-based encryption for fine-grained access control of encrypted data. In ACM CCS (pp. 89–98).
Gorbunov, S., Vaikuntanathan, V., Wee, H. (2015): Attribute-based encryption for circuits. J. ACM, 62(6), 45:1–45:33.
Johnson, R., Molnar, D., Song, D., Wagner, D. (2002): Homomorphic signature schemes. In CT-RSA (pp. 244–262).
Krenn, S., Lorünser, T., Striecks, C. (2017) Batch-verifiable secret sharing with unconditional privacy. In ICISSP (pp. 303–311).
Lorünser, T., Slamanig, D., Länger, T., Pöhls, H. C. (2016): PRISMACLOUD tools: a cryptographic toolbox for increasing security in cloud services. In ARES (pp. 733–741).
Lorünser, T., Happe, A., Slamanig, S. (2015): ARCHISTAR: towards secure and robust cloud based data sharing. In: CloudCom (pp. 371–378).
Länger, T., Pöhls, H. C., Ghernaouti, S. (2016): Selected cloud security patterns to improve end user security and privacy in public clouds. In Proceedings of the ENISA Annual Privacy Forum 2016, LNCS vol. 9858. Berlin: Springer (pp. 115–132).
Rogaway, P. The moral character of cryptographic work. Cryptology ePrint archive, report 2015/1162. 2015.
Shamir, A. (1979): How to share a secret. Commun. ACM, 22(11), 612–613.
Acknowledgement
This work has been done in projects that have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 644962 (PRISMACLOUD) and No. 653454 (CREDENTIAL).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lorünser, T., Krenn, S., Striecks, C. et al. Agile cryptographic solutions for the cloud. Elektrotech. Inftech. 134, 364–369 (2017). https://doi.org/10.1007/s00502-017-0519-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00502-017-0519-x