Encrypted Domain Processing for Cloud Privacy - Concept and Practical Experience

Cloud security comprises access control and end-to-end security based on flow or message-level privacy. In some applications, in which all processing takes place at the client side and the Cloud simply handles data storage (e.g. Google Docs), on-line data encryption/decryption guarantees privacy. However, when a service requires server processing (e.g. spreadsheets), privacy must necessarily rely on a dependable entity according to local regulations. Summing up, full Cloud privacy has not been achieved so far. In this paper we take a step towards that goal. We propose executing server side operations in the encrypted domain, so that both the operands and the results are opaque to the server, yet clear to the user. We evaluate this concept with a real Google Apps implementation of basic arithmetic operations.

[1]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[2]  Anthony Sulistio,et al.  Designing Cloud Services Adhering to Government Privacy Laws , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[3]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[4]  Stefan Katzenbeisser,et al.  Privacy preserving error resilient dna searching through oblivious automata , 2007, CCS '07.

[5]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[6]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[7]  Mike Bond,et al.  Cryptographic Processors-A Survey , 2006, Proceedings of the IEEE.

[8]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[9]  Fernando Pérez-González,et al.  CryptoDSPs for Cloud Privacy , 2010, WISE Workshops.

[10]  Eugene Ciurana,et al.  Google App Engine , 2009 .

[11]  A. Zahariev Google App Engine , 2009 .

[12]  Ernest F. Brickell,et al.  On Privacy Homomorphisms (Extended Abstract) , 1987, EUROCRYPT.

[13]  Lilian Adkinson-Orellana,et al.  Privacy for Google Docs : Implementing a Transparent Encryption Layer , 2010 .

[14]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[15]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[16]  Aoying Zhou,et al.  DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS , 2009, 2009 IEEE International Conference on Cloud Computing.

[17]  Giovanni Sartor,et al.  The Italian Google-Case: Privacy, Freedom of Speech and Responsibility of Providers for User-Generated Contents , 2010, Int. J. Law Inf. Technol..

[18]  Fernando Pérez-González,et al.  Secure Direct and Iterative Protocols for Solving Systems of Linear Equations , 2009 .

[19]  Niv Ahituv,et al.  Processing encrypted data , 1987, CACM.