Encryption and Fragmentation for Data Confidentiality in the Cloud

Cloud computing has emerged as a successful paradigm allowing individual users as well as companies to resort to external providers for storing/processing data or making them available to others. Together with the many benefits, cloud computing introduces however new security and privacy risks. A major issue is that the data owner, storing data at external providers, loses control over them, leaving them potentially exposed to improper access, use, or dissemination. In this chapter, we consider the problem of protecting confidentiality of sensitive information when relying on external cloud providers for storing and processing data. We introduce confidentiality requirements and then illustrate encryption and data fragmentation as possible protection techniques. In particular, we discuss different approaches that have been proposed using encryption (with indexing) and fragmentation, either by themselves or in combination, to satisfy confidentiality requirements.

[1]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[2]  Sushil Jajodia,et al.  Secure Cloud Computing , 2014, Springer New York.

[3]  John R. Vacca Computer and Information Security Handbook , 2009 .

[4]  Vincenzo Piuri,et al.  Chapter 1 – Fault Tolerance and Resilience in Cloud Computing Environments , 2014 .

[5]  Vic Winkler Securing the Cloud: Data Security , 2011 .

[6]  Marco Gamassi,et al.  Robust fingerprint detection for access control , 2005 .

[7]  Patrick Valduriez,et al.  Principles of Distributed Database Systems , 1990 .

[8]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[9]  Patrick Valduriez,et al.  Principles of distributed database systems (2nd ed.) , 1999 .

[10]  Sushil Jajodia,et al.  Fragmentation in Presence of Data Dependencies , 2014, IEEE Transactions on Dependable and Secure Computing.

[11]  Pierangela Samarati Data Security and Privacy in the Cloud , 2014, ISPEC.

[12]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[13]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[14]  Michael Benedikt,et al.  Querying Schemas With Access Restrictions , 2012, Proc. VLDB Endow..

[15]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[16]  Sushil Jajodia,et al.  Selective data outsourcing for enforcing privacy , 2011, J. Comput. Secur..

[17]  Vincenzo Piuri,et al.  Supporting Security Requirements for Resource Management in Cloud Computing , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[18]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[19]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[20]  Sabrina De Capitani di Vimercati,et al.  Protecting Data in Outsourcing Scenarios , 2012 .

[21]  Sushil Jajodia,et al.  Integrity for join queries in the cloud , 2013, IEEE Transactions on Cloud Computing.

[22]  V. Piuri,et al.  Fault tolerance management in IaaS clouds , 2012, 2012 IEEE First AESS European Conference on Satellite Telecommunications (ESTEL).

[23]  Gerardo Pelosi,et al.  Efficient and Private Access to Outsourced Data , 2011, 2011 31st International Conference on Distributed Computing Systems.

[24]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[25]  Sushil Jajodia,et al.  Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[26]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[27]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[28]  Sajal K. Das,et al.  Handbook on Securing Cyber-Physical Critical Infrastructure , 2012 .

[29]  Sushil Jajodia,et al.  Enforcing dynamic write privileges in data outsourcing , 2013, Comput. Secur..

[30]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[31]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[32]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[33]  Sabrina De Capitani di Vimercati,et al.  Selective and Fine-Grained Access to Data in the Cloud , 2014, Secure Cloud Computing.

[34]  Sabrina De Capitani di Vimercati,et al.  Managing and accessing data in the cloud: Privacy risks and approaches , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[35]  D. M. Hutton,et al.  Securing the Cloud: Cloud Computer Security Techniques and Tactics , 2012 .

[36]  Sabrina De Capitani di Vimercati,et al.  An OBDD approach to enforce confidentiality and visibility constraints in data publishing , 2012, J. Comput. Secur..

[37]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[38]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[39]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[40]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[41]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.

[42]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[43]  Joachim Biskup,et al.  On the Inference-Proofness of Database Fragmentation Satisfying Confidentiality Constraints , 2011, ISC.