How Not to Be Seen in the Cloud: A Progressive Privacy Solution for Desktop-as-a-Service

In public clouds, where data are provided to an infrastructure hosted outside user’s premises, privacy issues come to the forefront. The right to act without observation becomes even more important in Desktop-as-a-Service (DaaS) environments. This paper describes the design, implementation and preliminary experimental evaluation of a progressive privacy solution for a DaaS system. Progressive privacy is a privacy preserving model which can be configurable (possibly on-demand) by a user not only quantitatively but rather qualitatively, i.e., the user is allowed to discriminate what type of information must be preserved and to what extent, according to her/his desired profiles of privacy. To this end, a lightweight client-side proxy named Hedge Proxy has been designed such that non-intelligible user contents and non-traceable user actions are guaranteed by enabling homomorphic encryption, oblivious transfer and query obfuscation schemes in the proxy. The paper also proposes an implementation and evaluation of the Hedge Proxy based on a specific DaaS environment developed at the University of Rome and called Virtual Distro Dispatcher (VDD). Preliminary results of such evaluation are presented and aim at assessing the performances experienced by users of VDD against the progressive privacy achievements that can be obtained. As expected, the perceived client performances when using VDD highly decrease when augmenting the level of privacy protection (e.g., using large key encryption size, high obfuscation density). Nevertheless, experiments show that for light encrypted data streams the system can reach fair level of privacy with small keys without significantly deteriorating user experienced performances.

[1]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[2]  Cheng-Kok Koh,et al.  Performance Analysis of Arithmetic Operations in Homomorphic Encryption , 2010 .

[3]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[4]  Hui Gao,et al.  Parallel and Distributed Processing and Applications , 2005 .

[5]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[6]  Brian Hayes,et al.  What Is Cloud Computing? , 2019, Cloud Technologies.

[7]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[8]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[9]  Ravi Kumar,et al.  Vanity fair: privacy in querylog bundles , 2008, CIKM '08.

[10]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[11]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[12]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[13]  L. Jean Camp,et al.  Designing for Trust , 2002, Trust, Reputation, and Security.

[14]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[15]  Ben Adida,et al.  How to Shuffle in Public , 2007, TCC.

[16]  Roberto Baldoni,et al.  Virtual Distro Dispatcher: A Costless Distributed Virtual Environment from Trashware , 2007, ISPA.

[17]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[18]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[19]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[20]  Siani Pearson,et al.  A client-based privacy manager for cloud computing , 2009, COMSWARE '09.

[21]  Giuseppe Antonio Di Luna,et al.  Oblivious Assignment with m Slots , 2012, SSS.

[22]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[23]  Osmar R. Zaïane,et al.  Achieving Privacy Preservation when Sharing Data for Clustering , 2004, Secure Data Management.

[24]  Michele Colajanni,et al.  Defending financial infrastructures through early warning systems: the intelligence cloud approach , 2009, CSIIRW '09.

[25]  Ann Cavoukian,et al.  Privacy in the clouds , 2008 .

[26]  Bharat K. Bhargava,et al.  Trust-based privacy preservation for peer-to-peer data sharing , 2006, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[27]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[28]  Caroline Fontaine,et al.  A Survey of Homomorphic Encryption for Nonspecialists , 2007, EURASIP J. Inf. Secur..

[29]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[30]  Roberto Baldoni,et al.  Virtual Distro Dispatcher: A Light-Weight Desktop-as-a-Service Solution , 2009, CloudComp.

[31]  Elisa Bertino,et al.  Privacy-preserving Digital Identity Management for Cloud Computing , 2009, IEEE Data Eng. Bull..