Privacy and access control for outsourced personal records

Conference contribution
(Conference Contribution)


Publication Details

Author(s): Maffei M, Malavolta G, Reinert M, Schröder D, Malavolta G
Publisher: Institute of Electrical and Electronics Engineers Inc.
Publication year: 2015
Pages range: 341-358
ISBN: 9781467369497
Language: English


Abstract


Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems. To tackle this problem, we present GORAM, a cryptographic system that protects the secrecy and integrity of outsourced data with respect to both an untrusted server and malicious clients, guarantees the anonymity and unlink ability of accesses to such data, and allows the data owner to share outsourced data with other clients, selectively granting them read and write permissions. GORAM is the first system to achieve such a wide range of security and privacy properties for outsourced storage. In the process of designing an efficient construction, we developed two new, generally applicable cryptographic schemes, namely, batched zero-knowledge proofs of shuffle and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented GORAM in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction.



FAU Authors / FAU Editors

Malavolta, Giulio
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)
Schröder, Dominique Prof. Dr.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)


How to cite

APA:
Maffei, M., Malavolta, G., Reinert, M., Schröder, D., & Malavolta, G. (2015). Privacy and access control for outsourced personal records. (pp. 341-358). Institute of Electrical and Electronics Engineers Inc..

MLA:
Maffei, Matteo, et al. "Privacy and access control for outsourced personal records." Proceedings of the 36th IEEE Symposium on Security and Privacy, SP 2015 Institute of Electrical and Electronics Engineers Inc., 2015. 341-358.

BibTeX: 

Last updated on 2018-22-11 at 20:50