João Rodrigues
Bernardo Ferreira
Henrique Domingos
ABSTRACT
In this paper we present the Trusted Mail System (TMS), a dependable Email repository service that explores multiple untrusted storage clouds for storing, accessing and searching private email data. The system architecture provides security and reliability services while leveraging the heterogeneity and diversity offered by different untrusted cloud storage solutions from different service providers. To address dependability issues, TMS enforces a security model that protects confidentiality and integrity of mailboxes stored in those clouds, adding availability, reliability and intrusion-tolerance guarantees. The system uses homomorphic encryption mechanisms and indexing techniques allowing ranked multi-keyword searching operations over encrypted email messages and its contents. We illustrate TMS feasibility from an implemented prototype, evaluating its performance, design options, and services. The experimental results show that the solution is viable, offers reliability and privacy control for the users and does not aggravate conditions of data-access latency and availability.
- Box Sentry. "Email Integrity: An Emerging Business Issue". December 2009. White Paper. http://www.trustsphere.com/wp-content/uploads/2011/10/Gartner-Email-Integrity-Dec09.pdfGoogle Scholar
- I. Ion, N. Sachdeva, P. Kumaraguru, S. Capkun, Home is Safer than the Cloud: Privacy Concerns for Consumer Cloud Storage, Proc. of SOUPS 2011, Symposium on Usable Privacy and Security, Pittsburgh, 2011 Google ScholarDigital Library
- P. Verissimo, A. Bessani, M. Pasin. The TClouds architecture: Open and resilient cloud-of-clouds computing, IEEE/IFIP 42nd International Conference on Dependable Systems and Networks Workshops (DSN-W), June, 2012Google ScholarCross Ref
- A. Bessani, M. Correia, B. Quaresma, F. André, P. Sousa. DEPSKY: Dependable and Secure Storage in a Cloud-of-Clouds. EuroSys'11, April 10--13, 2011, Salzburg, Austria Google ScholarDigital Library
- A. J. Menezes, P. C. Oorschot and S. A. Vanstone, "Secret Sharing," in Handbook of Applied Cryptography, 1996, pp. 524--528Google Scholar
- A. Shamir, "How to Share a Secret," Communications of ACM, vol. 22, no. 11, 1979. Google ScholarDigital Library
- K. Bozkurt and G. Selcuk, "Threshold Cryptography Based on Blakely Secret Sharing," Information Sciences, 2008.Google Scholar
- K. Kaya, S. A. Aydin and Z. Tezcan, "Threshold Cryptography Based on Asmuth-Bloom Secret Sharing," 2007.Google Scholar
- V. Shoup, "Practical Threshold Signatures", EUROCRYPT'00, pp. 207--220, 2000. Google ScholarDigital Library
- R. Popa, C. Redfield, N. Zeldovich, H. Balakrishnan. CryptDB: Protecting Confidentiality with Encrypted Query Processing. SOSP '11, October 23--26, 2011, Portugal. Google ScholarDigital Library
- B. Ferreira and H. Domingos. 2013. Searching Private Data in a Cloud Encrypted Domain. In Proceedings of the 10th International Conference in the RIAO series (OAIR 2013). Google ScholarDigital Library
- P. Paillier. "Public - key cryptosystems based on composite degree residuosity classes". In Proceedings of EUROCRYPT'99, Prague, Czech Republic, May 1999. Google ScholarDigital Library
- Klimt, Bryan, and Yiming Yang. "Introducing the Enron Corpus." In CEAS. 2004.Google Scholar
- S. Shepler, B. Callaghan, D. Robinson, R. Thurlow, C. Beame, M. Eisler, and D. Noveck. NFS version 4 protocol. RFC 3530, April 2003.Google Scholar
- J. Howard. An Overview of the Andrew File System. Proceedings of ACM Symposium on Parallel Algorithms and Architectures (SPAA), 2002.Google Scholar
- C. Wright, J. Dave and E. Zadok. "Cryptographic file systems performance: What you don't know can hurt you." In SISW'03, pp. 47--47. IEEE, 2003. Google ScholarDigital Library
- E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing remote untrusted storage. Proceedings of Network and Distributed Systems Security (NDSS) Symposium, 2003.Google Scholar
- M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable secure file sharing on untrusted storage. Proceedings of USENIX FAST'03, 2003. Google ScholarDigital Library
- H. Hacigumus, B. Iyer, C. Li, and S. Mehrotra. Executing SQL over Encrypted Data in the Database-Service-Provider Model. ACM SIGMOD Conference on Management of Data, Jun, 2002. Google ScholarDigital Library
Index Terms
- TMS: a trusted mail repository service using public storage clouds
Recommendations
Mis-operation Resistant Searchable Homomorphic Encryption
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityLet us consider a scenario that a data holder (e.g., a hospital) encrypts a data (e.g., a medical record) which relates a keyword (e.g., a disease name), and sends its ciphertext to a server. We here suppose not only the data but also the keyword should ...
Witness-based searchable encryption with optimal overhead for cloud-edge computing
AbstractThe security and utilization of cloud storage are well-known open issues. Public key encryption with keyword search (PEKS) provides an important primitive to discuss applications in the field of cloud storage, where the receiver can ...
Highlights- The proposed witness-based searchable encryption scheme is secure against the internal attacks.
Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results
The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and ...
Comments