tutorial

Client-Controlled Cloud Encryption

Author:

Florian KerschbaumAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 1542 - 1543

https://doi.org/10.1145/2660267.2660577

Published: 03 November 2014 Publication History

Abstract

Customers of cloud service demand control over their data. Next to threats to intellectual property, legal requirements and risks, such as data protection compliance or the possibility of a subpoena of the cloud service provider, also pose restrictions. A commonly proposed and implemented solution is to encrypt the data on the client and retain the key at the client. In this tutorial we will review: - the available encryption methods, such deterministic, order-preserving, homomorphic, searchable (functional) encryption and secure multi-party computation, - possible attacks on currently deployed systems like dictionary and frequency attacks, - architectures integrating these solutions into SaaS and PaaS (DBaaS) applications.

References

[1]

Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu. Order preserving encryption for numeric data. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2004.

Digital Library

[2]

Mihir Bellare, Alexandra Boldyreva, and Adam O'Neill. Deterministic and efficiently searchable encryption. In Advances in Cryptology, CRYPTO, 2007.

Digital Library

[3]

Alexandra Boldyreva, Nathan Chenette, Younho Lee, and Adam O'Neill. Order-preserving symmetric encryption. In Proceedings of the 28th International Conference on Advances in Cryptology, EUROCRYPT, 2009.

Digital Library

[4]

Alexandra Boldyreva, Nathan Chenette, and Adam O'Neill. Order-preserving encryption revisited: improved security analysis and alternative solutions. In Proceedings of the 31st International Conference on Advances in Cryptology, CRYPTO, 2011.

Digital Library

[5]

Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 19(5), 2011.

Digital Library

[6]

Jannik Dreier and Florian Kerschbaum. Practical privacy-preserving multiparty linear programming based on problem transformation. In Proceedings of the 3rd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT, 2011.

[7]

Craig Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the Symposium on Theory of Computing, STOC, 2009.

Digital Library

[8]

Marek Jawurek and Florian Kerschbaum. Fault-tolerant privacy-preserving statistics. In Proceedings of the 12th International Symposium on Privacy Enhancing Technologies, PETS, 2012.

Digital Library

[9]

Florian Kerschbaum. Building a privacy-preserving benchmarking enterprise system. Enterprise IS, 2(4):421--441, 2008.

Digital Library

[10]

Florian Kerschbaum, Axel Schröpfer, Antonio Zilli, Richard Pibernik, Octavian Catrina, Sebastiaan de Hoogh, Berry Schoenmakers, Stelvio Cimato, and Ernesto Damiani. Secure collaborative supply-chain management. IEEE Computer, 44(9):38--43, 2011.

Digital Library

[11]

Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 18th International Conference on Advances in Cryptology, EUROCRYPT, 1999.

Digital Library

[12]

Richard Pibernik, Yingying Zhang, Florian Kerschbaum, and Axel Schröpfer. Secure collaborative supply chain planning and inverse optimization - the jels model. European Journal of Operational Research, 208(1):75--85, 2011.

[13]

Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich. An ideal-security protocol for order-preserving encoding. In 34th IEEE Symposium on Security and Privacy, S&P, 2013.

Digital Library

[14]

Dawn Xiaodong Song, David Wagner, and Adrian Perrig. Practical techniques for searches on encrypted data. In Proceedings of the 21st IEEE Symposium on Security and Privacy, S&P, 2000.

Digital Library

[15]

Andrew Chi-Chih Yao. Protocols for secure computations (extended abstract). In FOCS, pages 160--164. IEEE Computer Society, 1982.

Cited By

Bacis EDe Capitani di Vimercati SForesti SGuttadoro DParaboschi SRosa MSamarati PSaullo AKatzenbeisser SWeippl EBlass EKerschbaum F(2016)Managing Data Sharing in OpenStack Swift with Over-EncryptionProceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security10.1145/2994539.2994549(39-48)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2994539.2994549

Index Terms

Client-Controlled Cloud Encryption
1. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data

Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but ...
Is your cloud elastic enough?: performance modelling the elasticity of infrastructure as a service (IaaS) cloud applications
ICPE '12: Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering

Elasticity, the ability to rapidly scale resources up and down on demand, is an essential feature of public cloud platforms. However, it is difficult to understand the elasticity requirements of a given application and workload, and if the elasticity ...
Secure and efficient online data storage and sharing over cloud environment using probabilistic with homomorphic encryption

Cloud computing is one of the great tasks in the business world nowadays, which provides shared processing resources. In cloud area network, security is the main challenge faced by cloud providers and their customers. The advantage of cloud computing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Check for updates

Author Tags

Qualifiers

Tutorial

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
428
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bacis EDe Capitani di Vimercati SForesti SGuttadoro DParaboschi SRosa MSamarati PSaullo AKatzenbeisser SWeippl EBlass EKerschbaum F(2016)Managing Data Sharing in OpenStack Swift with Over-EncryptionProceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security10.1145/2994539.2994549(39-48)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2994539.2994549

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten