Abstract
Tracking expenses is a task performed in homes and businesses worldwide; for personal finances, the practice of organizing receipts for refunds or summarizing its contents for purposes such as budget planning and tax submission, has been recently aided by different services; these allow automatic collection of receipts either at store terminals or using a photo of the receipt submitted by the user, which can be later accessed using an online interface. Given the importance of financial information and the inherent danger introduced by these services, we present in this article an architecture based on additive homomorphic cryptosystems and secret sharing schemes to store information securely while still allowing fast aggregation queries at an outsourced untrusted cloud server. The proposal was evaluated in terms of security, server load, amount of user interaction, computational load at the acquiring terminal and computational load at the untrusted server.
Similar content being viewed by others
Notes
If x is the order of g in the group \({\mathbb{Z}_{n^2}^*}\), then x is the smallest number in \({\mathbb{Z}_{n^2}^*}\) such that \(g^x \equiv 1 \mod n^2\).
The expected number of queries is the number of times one user uses the same key.
References
Amazon Web Services: Amazon web services customer agreement. http://aws.amazon.com/agreement/#10 (2011)
QuickReceipts: Quickreceipts—your easy online receipt manager. http://myquickreceipts.intuit.com/ (2011)
Alletronic: Alletronic—your paperless convienence. http://www.alletronic.com/ (2011)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Proceedings of the 14th International Conference on Financial Cryptograpy and Data Security, FC’10, pp. 136–149. Springer, Berlin, Heidelberg (2010)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD ’04, pp. 563–574. ACM, New York, NY (2004)
Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (eds.) Advances in Cryptology—EUROCRYPT 2009, Lecture Notes in Computer Science, vol. 5479, pp. 224–241. Springer, Berlin/Heidelberg (2009)
Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited. In: Rogaway, P. (eds.) Advances in Cryptology—CRYPTO, Lecture Notes in Computer Science, vol. 6841, pp. 578–595. Springer, Berlin/Heidelberg (2011)
Belazzougui, D., Boldi, P., Pagh, R., Vigna, S.: Monotone minimal perfect hashing searching a sorted table with o(1) accesses. In: SODA ’09, pp. 785–794. SIAM (2009)
Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (eds.) Advances in Cryptology—CRYPTO 2007, Lecture Notes in Computer Science, vol. 4622, pp. 535–552. Springer, Berlin/Heidelberg (2007)
Tang, Q: Privacy preserving mapping schemes supporting comparison. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW ’10). ACM (2010)
Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: Proceedings of the 20th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC’06), pp. 89–103. Springer, Berlin, Heidelberg (2006)
Hacgumus, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) Database Systems for Advanced Applications. Lecture Notes in Computer Science, vol. 2973, Ch. 10, pp. 633–650. Springer, Berlin/Heidelberg (2004)
Thompson, B., Haber, S., Horne, W., Sander, T., Yao, D.: Privacy-preserving computation and verification of aggregate queries on outsourced databases. In: Proceedings of the 9th International Symposium on Privacy Enhancing Technologies (PETS ’09), pp. 185–201. Springer, Berlin, Heidelberg (2009)
Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO, Lecture Notes in Computer Science, vol. 576, pp. 129–140. Springer, Berlin (1991)
Merkle, R.: Protocols for public key cryptosystems. In: Proceedings of the 1980 Symposium on Security and Privacy, pp. 122–133. IEEE Computer Society Press (1980)
Popa R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP ’11), pp. 85–100. ACM, New York, NY (2011)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of the 21st IEEE Symposium on Security and Privacy, Oakland, USA (2000)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Castelluccia, C., Chan, A.C.F., Mykletun, E., Tsudik, G.: Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sen. Netw. 5, 1–36 (2009)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’99, pp. 223–238. Springer, Berlin, Heidelberg (1999)
Lucks, S.: The sum of prps is a secure prf. In: Advances in Cryptology EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, pp. 470–484. Springer, Berlin/Heidelberg (2000)
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. Foundations of Computer Science, Annual IEEE Symposium on 0, 394 (1997)
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Mark, L., Vangel Mark Banks, D., Alan, H., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, NIST-National Institute of Standards and Technology (2010)
Acknowledgments
This work was supported in part by Global COE Program “High-Level Global Cooperation for Leading-Edge Platform on Access Spaces (C12).” from the Ministry of Education, Culture, Sports, Science and Technology (MEXT) of Japan.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Corena, J.C., Ohtsuki, T. Secure and Fast Aggregation of Financial Data in Cloud-Based Expense Tracking Applications. J Netw Syst Manage 20, 534–560 (2012). https://doi.org/10.1007/s10922-012-9248-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-012-9248-y