Cloud computing, with its estimated market size of 150 billion USD annual turnover, is one of the major growth areas in information and communication technologies today. As a paradigm building on outsourcing of storage and processing, cloud computing suffers from intrinsic security and privacy problems. However, cryptographic research has made substantial progress over the last years and today provides a portfolio of mature cryptographic primitives and protocols suitable for addressing several of these problems in an effective and efficient way. Nevertheless, today’s reality shows that there exists a gap between what is possible and what is actually available in the cloud. We will present a detailed analysis of inhibitors and roadblocks standing in the way of an extensive deployment of cryptographic protection to cloud services, and how organizational and procedural measures may support the practical deployment of cryptography. We conclude our article with an overview of novel cryptographic schemes and their potential for protection of end-user data during storage and processing in the cloud, once they will become widely available.ZusammenfassungMit einem Jahresumsatz im Bereich von 150 Milliarden US Dollar ist Cloud Computing heute der am schnellsten wachsende Sektor im Bereich Informationstechnologien. Doch die Grundlage von Cloud Computing, welches auf dem Outsourcing von Daten und Verarbeitungen beruht, bringt naturgemäß Probleme für die Informationssicherheit und Privatsphäre mit sich. Obwohl die kryptografische Forschung in den letzten Jahren signifikante Fortschritte gemacht hat und im Bereich Cloud Computing eine ganze Reihe von innovativen, anwendbaren Verfahren zur Verfügung stellt, werden diese nicht in nennenswertem Umfang praktisch eingesetzt. Wir werden in dem vorliegenden Artikel die größten Hindernisse analysieren, die einer weiten Verbreitung von kryptografischen Verfahren in Cloud Services im Wege stehen, und aufzeigen, wie dem mittels organisationeller und prozeduraler Methoden entgegengewirkt werden kann. Zum Abschluss möchten wir einige dieser neuartigen Verfahren vorstellen und aufzeigen, was deren Einsatz zu einem wirkungsvollen Schutz von End-User-Daten beitragen kann.
[1]
Adi Shamir,et al.
How to share a secret
,
1979,
CACM.
[2]
Brent Waters,et al.
Attribute-based encryption for fine-grained access control of encrypted data
,
2006,
CCS '06.
[3]
Matt Blaze,et al.
Divertible Protocols and Atomic Proxy Cryptography
,
1998,
EUROCRYPT.
[4]
Gene Tsudik,et al.
Sanitizable Signatures
,
2005,
ESORICS.
[5]
Phillip Rogaway,et al.
The Moral Character of Cryptographic Work
,
2015,
IACR Cryptol. ePrint Arch..
[6]
Stephan Krenn,et al.
Batch-verifiable Secret Sharing with Unconditional Privacy
,
2017,
ICISSP.
[7]
Dawn Xiaodong Song,et al.
Homomorphic Signature Schemes
,
2002,
CT-RSA.
[8]
Gilles Barthe,et al.
Full proof cryptography: verifiable compilation of efficient zero-knowledge protocols
,
2012,
IACR Cryptol. ePrint Arch..
[9]
Daniel Slamanig,et al.
PRISMACLOUD Tools: A Cryptographic Toolbox for Increasing Security in Cloud Services
,
2016,
2016 11th International Conference on Availability, Reliability and Security (ARES).
[10]
Jan Camenisch,et al.
Formal Treatment of Privacy-Enhancing Credential Systems
,
2015,
SAC.
[11]
Vinod Vaikuntanathan,et al.
Attribute-based encryption for circuits
,
2013,
STOC '13.
[12]
Henrich Christopher Pöhls,et al.
Selected Cloud Security Patterns to Improve End User Security and Privacy in Public Clouds
,
2016,
APF.
[13]
Daniel Slamanig,et al.
ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing
,
2015,
2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).
[14]
G. R. Blakley,et al.
Safeguarding cryptographic keys
,
1899,
1979 International Workshop on Managing Requirements Knowledge (MARK).
[15]
Ahmad-Reza Sadeghi,et al.
A Certifying Compiler for Zero-Knowledge Proofs of Knowledge Based on Sigma-Protocols
,
2010,
IACR Cryptol. ePrint Arch..