Privacy and access control for outsourced personal records

Beitrag bei einer Tagung

Details zur Publikation

Autorinnen und Autoren: Maffei M, Malavolta G, Reinert M, Schröder D, Malavolta G
Verlag: Institute of Electrical and Electronics Engineers Inc.
Jahr der Veröffentlichung: 2015
Seitenbereich: 341-358
ISBN: 9781467369497
Sprache: Englisch


Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems. To tackle this problem, we present GORAM, a cryptographic system that protects the secrecy and integrity of outsourced data with respect to both an untrusted server and malicious clients, guarantees the anonymity and unlink ability of accesses to such data, and allows the data owner to share outsourced data with other clients, selectively granting them read and write permissions. GORAM is the first system to achieve such a wide range of security and privacy properties for outsourced storage. In the process of designing an efficient construction, we developed two new, generally applicable cryptographic schemes, namely, batched zero-knowledge proofs of shuffle and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented GORAM in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction.

FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Malavolta, Giulio
Schröder, Dominique Prof. Dr.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)


Maffei, M., Malavolta, G., Reinert, M., Schröder, D., & Malavolta, G. (2015). Privacy and access control for outsourced personal records. (pp. 341-358). Institute of Electrical and Electronics Engineers Inc..

Maffei, Matteo, et al. "Privacy and access control for outsourced personal records." Proceedings of the 36th IEEE Symposium on Security and Privacy, SP 2015 Institute of Electrical and Electronics Engineers Inc., 2015. 341-358.


Zuletzt aktualisiert 2018-22-11 um 20:50