Skip to main content
SpringerLink
Log in

Practical Techniques Building on Encryption for Protecting and Managing Data in the Cloud

  • Chapter
  • First Online:
The New Codebreakers

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9100))

Abstract

Companies as well as individual users are adopting cloud solutions at an over-increasing rate for storing data and making them accessible to others. While migrating data to the cloud brings undeniable benefits in terms of data availability, scalability, and reliability, data protection is still one of the biggest concerns faced by data owners. Guaranteeing data protection means ensuring confidentiality and integrity of data and computations over them, and ensuring data availability to legitimate users. In this chapter, we survey some approaches for protecting data in the cloud that apply basic cryptographic techniques, possibly complementing them with additional controls, to the aim of producing efficient and effective solutions that can be used in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceeding of SIGMOD 2004, Paris (2004)

    Google Scholar 

  2. Akl, S., Taylor, P.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)

    Article  Google Scholar 

  3. Atallah, M., Blanton, M., Fazio, N., Frikken, K.: Dynamic and efficient key management for access hierarchies. ACM TISSEC 12(3), 18:1–18:43 (2009)

    Article  Google Scholar 

  4. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceeding of CCS 2007 (2007)

    Google Scholar 

  5. Barni, M., Bianchi, T., Catalano, D., Raimondo, M.D., Labati, R.D., Failla, P., Fiore, D., Lazzeretti, R., Piuri, V., Scotti, F., Piva, A.: A privacy-compliant fingerprint recognition system based on homomorphic encryption and fingercode templates. In: Proceeding of BTAS 2010, Washington, D.C (2010)

    Google Scholar 

  6. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Proceeding of EUROCRYpPT 2003, Warsaw, May 2003

    Google Scholar 

  7. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput. 43(2), 831–871 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  8. Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Proceeding of EUROCRYpPT 1999. Prague, May 1999

    Google Scholar 

  9. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM TISSEC 13(3), 22:1–22:3 (2010)

    Article  Google Scholar 

  12. Coron, J.-S., Mandal, A., Naccache, D., Tibouchi, M.: Fully homomorphic encryption over the integers with shorter public keys. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 487–504. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  13. Coron, J.S., Naccache, D., Tibouchi, M.: Public key compression and modulus switching for fully homomorphic encryption over the integers. In: Proceeding of EUROCRYPT 2012, Cambridge, April 2012

    Google Scholar 

  14. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. In: Proceeding of VODCA 2006, Bertinoro, September 2006

    Google Scholar 

  15. Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proceeding of ACM CCS 2003, Washington, DC, October 2003

    Google Scholar 

  16. Damiani, E., De Capitani di Vimercati, S., Samarati, P.: New paradigms for access control in open environments. In: Proceeding of ISSPPI 2005, Athens, December 2005

    Google Scholar 

  17. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Enforcing dynamic write privileges in data outsourcing. Computers & Security, November 2013

    Google Scholar 

  18. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE TDSC 11(6), 510–523 (2014)

    MATH  Google Scholar 

  19. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Integrity for distributed queries. In: Proceeding of CNS 2014, San Francisco, October 2014

    Google Scholar 

  20. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., Samarati, P.: Preserving confidentiality of security policies in data outsourcing. In: Proceeding of WPES 2008, Alexandria, October 2008

    Google Scholar 

  21. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM TODS 35(2), 12:1–12:46 (2010)

    Google Scholar 

  22. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Integrity for join queries in the cloud. IEEE TCC 1(2), 187–200 (2013)

    Google Scholar 

  23. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Optimizing integrity checks for join queries in the cloud. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 33–48. Springer, Heidelberg (2014)

    Google Scholar 

  24. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access control policies and languages in open environments. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems, pp. 21–58. Springer, New York (2007)

    Chapter  Google Scholar 

  25. De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: Proceeding of ICDCS 2011, Minneapolis, June 2011

    Google Scholar 

  26. De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Distributed shuffling for preserving access confidentiality. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 628–645. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  27. De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Supporting concurrency and multiple indexes in private access to outsourced data. JCS 21(3), 425–461 (2013)

    Article  Google Scholar 

  28. De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Protecting access confidentiality with data distribution and swapping. In: Proceeding of BDCloud 2014, Sydney, December 2014

    Google Scholar 

  29. De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Managing and accessing data in the cloud: privacy risks and approaches. In: Proceeding of CRiSIS 2012, Cork, October 2012

    Google Scholar 

  30. De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol. 3433, pp. 225–237. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  31. Delerue Arriaga, A., Tang, Q., Ryan, P.: Trapdoor privacy in asymmetric searchable encryption schemes. In: Proceeding of AFRICACRYPT 2014, Marrakesh, May 2014

    Google Scholar 

  32. Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.: Authentic third-party data publication. In: Proceeding of DBSec 2000, Schoorl, August 2000

    Google Scholar 

  33. Di Battista, G., Palazzi, B.: Authenticated relational tables and authenticated skip lists. In: Proceding of DBSec 2007, Redondo Beach, July 2007

    Google Scholar 

  34. Ding, X., Yang, Y., Deng, R.: Database access pattern protection without full-shuffles. IEEE Trans. Inf. Forensics Secur. 6(1), 189–201 (2011)

    Article  Google Scholar 

  35. Zhao, F., Nishide, T., Sakurai, K.: Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 83–97. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  36. Foresti, S.: Preserving Privacy in Data Outsourcing. Springer, New York (2011)

    Book  MATH  Google Scholar 

  37. Gamassi, M., Piuri, V., Sana, D., Scotti, F.: Robust fingerprint detection for access control. In: Proceeding of RoboCare Workshop 2005, Rome, May 2005

    Google Scholar 

  38. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceeding of STOC 2009, Bethesda, May 2009

    Google Scholar 

  39. Goh, E.J.: Secure indexes. Technical report. 2003/216, Cryptology ePrint Archive (2003)

    Google Scholar 

  40. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  41. Goodrich, M., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Practical oblivious storage. In: Proceeding of CODASPY 2012, San Antonio, February 2012

    Google Scholar 

  42. Goodrich, M., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious RAM simulation. In: Proceeding of SODA 2012, Kyoto, January 2012

    Google Scholar 

  43. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceeding of ACM CCS, Alexandria (2006)

    Google Scholar 

  44. Hacigümüs, H., Iyer, B., Mehrotra, S.: Ensuring integrity of encrypted databases in database as a service model. In: Proceeding of DBSec 2003, Estes Park, August 2003

    Google Scholar 

  45. Hacıgümüş, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y.J., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  46. Hacigümüs, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proceeding of SIGMOD 2002, Madison, June 2002

    Google Scholar 

  47. Jhawar, R., Piuri, V., Samarati, P.: Supporting security requirements for resource management in cloud computing. In: Proceeding of CSE 2012, Paphos, December 2012

    Google Scholar 

  48. Jhawar, R., Piuri, V., Santambrogio, M.: A comprehensive conceptual system-level approach to fault tolerance in cloud computing. In: Proceeding of SysCon 2012, Vancouver, March 2012

    Google Scholar 

  49. Jhawar, R., Piuri, V., Santambrogio, M.: Fault tolerance management in cloud computing: a system-level perspective. IEEE Syst. J. 7(2), 288–297 (2013)

    Article  Google Scholar 

  50. Juels, A., Kaliski Jr., B.S.: PORs: proofs of retrievability for large files. In: Proc. of ACM CCS, Alexandria (2007)

    Google Scholar 

  51. Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: Proceeding of SIGMOD 2006, Chicago, June 2006

    Google Scholar 

  52. Lin, P., Candan, K.: Hiding traversal of tree structured data from untrusted data stores. In: Proceeding of WOSIS 2004, Porto, April 2004

    Google Scholar 

  53. Liu, R., Wang, H.: Integrity verification of outsourced XML databases. In: Proceeding of CSE 2009, Vancouver, August 2009

    Google Scholar 

  54. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  55. Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. ACM TOS 2(2), 107–138 (2006)

    Article  Google Scholar 

  56. Ostrovsky, R., Skeith III., W.E.: A survey of single-database private information retrieval: techniques and applications. In: Proceeding of PKC 2007, Beijing, April 2007

    Google Scholar 

  57. Pang, H., Jain, A., Ramamritham, K., Tan, K.: Verifying completeness of relational query results in data publishing. In: Proceeding of SIGMOD 2005, Baltimore, June 2005

    Google Scholar 

  58. Pang, H., Tan, K.: Authenticating query results in edge computing. In: Proceeding of ICDE 2004, Boston, April 2004

    Google Scholar 

  59. Pang, H., Zhang, J., Mouratidis, K.: Enhancing access privacy of range retrievals over \(B+\)-trees. IEEE TKDE 25(7), 1533–1547 (2013)

    Google Scholar 

  60. Popa, R., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: Protecting confidentiality with encrypted query processing. In: Proceeding of SOSP 2011, Cascais, October 2011

    Google Scholar 

  61. Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: DeMillo, R., Lipton, R., Jones, A. (eds.) Foundation of Secure Computations. Academic Press (1978)

    Google Scholar 

  62. Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: Proceeding of CCGrid 2012, Ottawa, May 2012

    Google Scholar 

  63. Samarati, P.: Data security and privacy in the cloud. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 28–41. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  64. Samarati, P., De Capitani di Vimercati, S.: Data protection in outsourcing scenarios: Issues and directions. In: Proceeding of ASIACCS 2010, Beijing, April 2010

    Google Scholar 

  65. Samarati, P., De Capitani di Vimercati, S.: Cloud security: Issues and concerns. In: Murugesan, S., Bojanova, I. (eds.) Encyclopedia on Cloud Computing. Wiley (2015)

    Google Scholar 

  66. Sandhu, R.: On some cryptographic solutions for access control in a tree hierarchy. In: Proceeding of the 1987 Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow, Dallas, October 1987

    Google Scholar 

  67. Sandhu, R.: Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)

    Article  Google Scholar 

  68. Shacham, H., Waters, B.: Compact proofs of retrievability. In: Proceeding of ASIACRYPT 2008, Melbourne, December 2008

    Google Scholar 

  69. Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceeding of IEEE S&P 2000, Berkeley, May 2000

    Google Scholar 

  70. Stefanov, E., van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: Proceeding of ACM CCS 2013, Berlin, November 2013

    Google Scholar 

  71. Stefanov, E., Shi, E.: ObliviStore: high performance oblivious cloud storage. In: Proceeding of IEEE S&P 2013, Berkeley, May 2013

    Google Scholar 

  72. Wan, Z., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)

    Article  Google Scholar 

  73. Wang, C., Cao, N., Ren, K., Lou, W.: Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE Trans. Parallel Distrib. Syst. 23(8), 1467–1479 (2012)

    Article  Google Scholar 

  74. Wang, C., Chow, S.S., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)

    Article  MathSciNet  Google Scholar 

  75. Wang, H., Lakshmanan, L.: Efficient secure query evaluation over encrypted XML databases. In: Proceeding of VLDB 2006, Seoul, September 2006

    Google Scholar 

  76. Wang, H., Yin, J., Perng, C., Yu, P.: Dual encryption for query integrity assurance. In: Proceeding of CIKM 2008, Napa Valley, October 2008

    Google Scholar 

  77. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Proceeding of PKC 2011, Taormina, March 2011

    Google Scholar 

  78. Williams, P., Sion, R.: Single round access privacy on outsourced storage. In: Proceeding of ACM CCS 2012, Raleigh, October 2012

    Google Scholar 

  79. Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: Proceeding of ACM CCS 2008, Alexandria, October 2008

    Google Scholar 

  80. Williams, P., Sion, R., Tomescu, A.: PrivateFS: A parallel oblivious file system. In: Proceeding of ACM CCS 2012, Raleigh, October 2012

    Google Scholar 

  81. Xie, M., Wang, H., Yin, J., Meng, X.: Integrity auditing of outsourced data. In: Proceeding of VLDB 2007, Vienna, September 2007

    Google Scholar 

  82. Yang, K., Jia, X., Ren, K.: Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: Proceeding of ASIACCS 2013, Hangzhou, May 2013

    Google Scholar 

  83. Yang, K., Zhang, J., Zhang, W., Qiao, D.: A light-weight solution to preservation of access pattern privacy in un-trusted clouds. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 528–547. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  84. Yang, Y., Papadias, D., Papadopoulos, S., Kalnis, P.: Authenticated join processing in outsourced databases. In: Proceeding of SIGMOD, Providence (2009)

    Google Scholar 

  85. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceeding of INFOCOM 2010, San Diego, March 2010

    Google Scholar 

  86. Zhu, Y., Ahn, G.J., Hu, H., Yau, S., An, H., Hu, C.J.: Dynamic audit services for outsourced storages in clouds. IEEE Trans. Serv. Comput. 6(2), 227–238 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by: the EC within the 7FP under grant agreement 312797 (ABC4EU) and within the H2020 program under grant agreement 644579 (ESCUDO-CLOUD), and the Italian Ministry of Research within PRIN project “GenData 2020” (2010RTFWBH).

Author information

Authors and Affiliations

  1. Università degli Studi di Milano, 26013, Crema, Italy

    Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga & Pierangela Samarati

Authors
  1. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sara Foresti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giovanni Livraga
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierangela Samarati .

Editor information

Editors and Affiliations

  1. Université du Luxembourg , Luxembourg, Luxembourg

    Peter Y. A. Ryan

  2. Ecole normale supérieure , Paris, France

    David Naccache

  3. Université Catholique de Louvain , Louvain-la-Neuve, Belgium

    Jean-Jacques Quisquater

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P. (2016). Practical Techniques Building on Encryption for Protecting and Managing Data in the Cloud. In: Ryan, P., Naccache, D., Quisquater, JJ. (eds) The New Codebreakers. Lecture Notes in Computer Science(), vol 9100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49301-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49301-4_15

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49300-7

  • Online ISBN: 978-3-662-49301-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation