Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Principles of Security and Trust

POST 2012: Principles of Security and Trust pp 89–108Cite as

  1. Home
  2. Principles of Security and Trust
  3. Conference paper
Privacy Supporting Cloud Computing: ConfiChair, a Case Study

Privacy Supporting Cloud Computing: ConfiChair, a Case Study

  • Myrto Arapinis18,
  • Sergiu Bursuc18 &
  • Mark Ryan18 
  • Conference paper
  • 1486 Accesses

  • 18 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7215)

Abstract

Cloud computing means entrusting data to information systems that are managed by external parties on remote servers, in the “cloud”, raising new privacy and confidentiality concerns. We propose a general technique for designing cloud services that allows the cloud to see only encrypted data, while still allowing it to perform data-dependent computations. The technique is based on key translations and mixes in web browsers.

We focus on the particular cloud computing application of conference management. We identify the specific security and privacy risks that existing systems like EasyChair and EDAS pose, and address them with a protocol underlying ConfiChair, a novel cloud-based conference management system that offers strong security and privacy guarantees.

In ConfiChair, authors, reviewers, and the conference chair interact through their browsers with the cloud, to perform the usual tasks of uploading and downloading papers and reviews. In contrast with current systems, in ConfiChair the cloud provider does not have access to the content of papers and reviews and the scores given by reviewers, and moreover is unable to link authors with reviewers of their paper.

We express the ConfiChair protocol and its properties in the language of ProVerif, and prove that it does provide the intended properties.

Keywords

  • Cloud Computing
  • Cloud Service
  • Cloud Provider
  • Cloud Service Provider
  • Homomorphic Encryption

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a short version of the paper. A longer version is available on our web pages.

Download conference paper PDF

References

  1. Abadi, M.: Security protocols and their properties. In: Foundations of Secure Computation. NATO Science Series, pp. 39–60. IOS Press (2000)

    Google Scholar 

  2. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (January 2001)

    Google Scholar 

  3. Adida, B.: Helios: Web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association (2008)

    Google Scholar 

  4. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. In: Rodriguez, P., Biersack, E.W., Papagiannaki, K., Rizzo, L. (eds.) SIGCOMM, pp. 135–146. ACM (2009)

    Google Scholar 

  5. Baudron, O., Fouque, P.-A., Pointcheval, D., Stern, J., Poupard, G.: Practical multi-candidate election system. In: PODC, pp. 274–283 (2001)

    Google Scholar 

  6. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society (2007)

    Google Scholar 

  7. Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Computer Security Foundations Workshop, CSFW 2001 (2001)

    Google Scholar 

  8. Blanchet, B.: Automatic proof of strong secrecy for security protocols. In: IEEE Symposium on Security and Privacy, pp. 86–100 (2004)

    Google Scholar 

  9. Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming (2007)

    Google Scholar 

  10. Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)

    Google Scholar 

  11. Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: ACM Conference on Computer and Communications Security, pp. 260–269 (2010)

    Google Scholar 

  12. Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I.: Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems 25(6), 599–616 (2009)

    CrossRef  Google Scholar 

  13. Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key kerberos. Inf. Comput. 206, 402–424 (2008)

    CrossRef  MathSciNet  MATH  Google Scholar 

  14. Chatmon, C., van Le, T., Burmester, T.: Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida Stat University, Department of Computer Science (2006)

    Google Scholar 

  15. Chothia, T., Smirnov, V.: A Traceability Attack against e-Passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  16. Clauß, S., Kesdogan, D., Kölsch, T., Pimenidis, L., Schiffner, S., Steinbrecher, S.: Privacy enhancing identity management: Protection against re-identification and profiling. In: Proceedings of the 2005 ACM Workshop on Digital Identity Management (2005)

    Google Scholar 

  17. Cloud Security Alliance. Secure Cloud (2010), http://www.cloudsecurityalliance.org/sc2010.html

  18. Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)

    Google Scholar 

  19. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: 41st ACM Symposium on Theory of Computing, STOC (2009)

    Google Scholar 

  20. Guha, S., Tang, K., Francis, P.: NOYB: Privacy in online social networks. In: Proceedings of the First ACM SIGCOMM Workshop on Online Social Networks (2008)

    Google Scholar 

  21. Jakobsson, M., Juels, A., Rivest, R.L.: Making mix nets robust for electronic voting by randomized partial checking. In: Boneh, D. (ed.) USENIX Security Symposium, pp. 339–353. USENIX (2002)

    Google Scholar 

  22. Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Atluri, V., di Vimercati, S.D.C., Dingledine, R. (eds.) WPES, pp. 61–70. ACM (2005)

    Google Scholar 

  23. Lo, S.-W., Phan, R.C.-W., Goi, B.-M.: On the Security of a Popular Web Submission and Review Software (WSaR) for Cryptology Conferences. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 245–265. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  24. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1996)

    CrossRef  Google Scholar 

  25. Pearson, S., Shen, Y., Mowbray, M.: A Privacy Manager for Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 90–106. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  26. Phillips, J., Roberts, M.: ConfiChair - prototype privacy-supporting conference management system, https://confichair.markryan.eu

  27. Puttaswamy, K.P.N., Kruegel, C., Zhao, B.Y.: Silverline: Toward data confidentiality in third-party clouds. Technical Report 08, University of California Santa Barbara (2010)

    Google Scholar 

  28. Qunoo, H., Ryan, M.: Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy XXIV. LNCS, vol. 6166, pp. 295–302. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  29. Ryan, M.D.: Cloud computing privacy concerns on our doorstep. Communications of the ACM 54(1), 36–38 (2011)

    CrossRef  Google Scholar 

  30. Sadeghi, A.-R., Schneider, T., Winandy, M.: Token-Based Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 417–429. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  31. Schneider, S., Sidiropoulos, A.: CSP and Anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Birmingham, UK

    Myrto Arapinis, Sergiu Bursuc & Mark Ryan

Authors
  1. Myrto Arapinis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sergiu Bursuc
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark Ryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo, 3, 56127, Pisa, Italy

    Pierpaolo Degano

  2. Computer Science, Worcester Polytechnic Institute, 100 Institute Road, 01609, Worcester, MA, USA

    Joshua D. Guttman

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Arapinis, M., Bursuc, S., Ryan, M. (2012). Privacy Supporting Cloud Computing: ConfiChair, a Case Study. In: Degano, P., Guttman, J.D. (eds) Principles of Security and Trust. POST 2012. Lecture Notes in Computer Science, vol 7215. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28641-4_6

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-28641-4_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28640-7

  • Online ISBN: 978-3-642-28641-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature