Skip to main content
SpringerLink
Log in

Secure and Fast Aggregation of Financial Data in Cloud-Based Expense Tracking Applications

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Tracking expenses is a task performed in homes and businesses worldwide; for personal finances, the practice of organizing receipts for refunds or summarizing its contents for purposes such as budget planning and tax submission, has been recently aided by different services; these allow automatic collection of receipts either at store terminals or using a photo of the receipt submitted by the user, which can be later accessed using an online interface. Given the importance of financial information and the inherent danger introduced by these services, we present in this article an architecture based on additive homomorphic cryptosystems and secret sharing schemes to store information securely while still allowing fast aggregation queries at an outsourced untrusted cloud server. The proposal was evaluated in terms of security, server load, amount of user interaction, computational load at the acquiring terminal and computational load at the untrusted server.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. If x is the order of g in the group \({\mathbb{Z}_{n^2}^*}\), then x is the smallest number in \({\mathbb{Z}_{n^2}^*}\) such that \(g^x \equiv 1 \mod n^2\).

  2. The expected number of queries is the number of times one user uses the same key.

References

  1. Amazon Web Services: Amazon web services customer agreement. http://aws.amazon.com/agreement/#10 (2011)

  2. QuickReceipts: Quickreceipts—your easy online receipt manager. http://myquickreceipts.intuit.com/ (2011)

  3. Alletronic: Alletronic—your paperless convienence. http://www.alletronic.com/ (2011)

  4. Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Proceedings of the 14th International Conference on Financial Cryptograpy and Data Security, FC’10, pp. 136–149. Springer, Berlin, Heidelberg (2010)

  5. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD ’04, pp. 563–574. ACM, New York, NY (2004)

  6. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (eds.) Advances in Cryptology—EUROCRYPT 2009, Lecture Notes in Computer Science, vol. 5479, pp. 224–241. Springer, Berlin/Heidelberg (2009)

    Google Scholar 

  7. Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited. In: Rogaway, P. (eds.) Advances in Cryptology—CRYPTO, Lecture Notes in Computer Science, vol. 6841, pp. 578–595. Springer, Berlin/Heidelberg (2011)

    Google Scholar 

  8. Belazzougui, D., Boldi, P., Pagh, R., Vigna, S.: Monotone minimal perfect hashing searching a sorted table with o(1) accesses. In: SODA ’09, pp. 785–794. SIAM (2009)

  9. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (eds.) Advances in Cryptology—CRYPTO 2007, Lecture Notes in Computer Science, vol. 4622, pp. 535–552. Springer, Berlin/Heidelberg (2007)

    Google Scholar 

  10. Tang, Q: Privacy preserving mapping schemes supporting comparison. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW ’10). ACM (2010)

  11. Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: Proceedings of the 20th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC’06), pp. 89–103. Springer, Berlin, Heidelberg (2006)

  12. Hacgumus, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) Database Systems for Advanced Applications. Lecture Notes in Computer Science, vol. 2973, Ch. 10, pp. 633–650. Springer, Berlin/Heidelberg (2004)

    Google Scholar 

  13. Thompson, B., Haber, S., Horne, W., Sander, T., Yao, D.: Privacy-preserving computation and verification of aggregate queries on outsourced databases. In: Proceedings of the 9th International Symposium on Privacy Enhancing Technologies (PETS ’09), pp. 185–201. Springer, Berlin, Heidelberg (2009)

  14. Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO, Lecture Notes in Computer Science, vol. 576, pp. 129–140. Springer, Berlin (1991)

  15. Merkle, R.: Protocols for public key cryptosystems. In: Proceedings of the 1980 Symposium on Security and Privacy, pp. 122–133. IEEE Computer Society Press (1980)

  16. Popa R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP ’11), pp. 85–100. ACM, New York, NY (2011)

  17. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of the 21st IEEE Symposium on Security and Privacy, Oakland, USA (2000)

  18. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  19. Castelluccia, C., Chan, A.C.F., Mykletun, E., Tsudik, G.: Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sen. Netw. 5, 1–36 (2009)

    Article  Google Scholar 

  20. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’99, pp. 223–238. Springer, Berlin, Heidelberg (1999)

  21. Lucks, S.: The sum of prps is a secure prf. In: Advances in Cryptology EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, pp. 470–484. Springer, Berlin/Heidelberg (2000)

  22. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. Foundations of Computer Science, Annual IEEE Symposium on 0, 394 (1997)

  23. Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Mark, L., Vangel Mark Banks, D., Alan, H., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, NIST-National Institute of Standards and Technology (2010)

Download references

Acknowledgments

This work was supported in part by Global COE Program “High-Level Global Cooperation for Leading-Edge Platform on Access Spaces (C12).” from the Ministry of Education, Culture, Sports, Science and Technology (MEXT) of Japan.

Author information

Authors and Affiliations

  1. Graduate School of Science and Technology, Keio University, 3-14-1 Hiyoshi, Kohoku-ku, Yokohama, 223-8522, Japan

    Juan Camilo Corena & Tomoaki Ohtsuki

Authors
  1. Juan Camilo Corena
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tomoaki Ohtsuki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Juan Camilo Corena.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Corena, J.C., Ohtsuki, T. Secure and Fast Aggregation of Financial Data in Cloud-Based Expense Tracking Applications. J Netw Syst Manage 20, 534–560 (2012). https://doi.org/10.1007/s10922-012-9248-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-012-9248-y

Keywords

Search

Navigation