Privacy and access control for outsourced personal records

Maffei M, Malavolta G, Reinert M, Schröder D, Malavolta G (2015)


Publication Language: English

Publication Status: Published

Publication Type: Conference contribution, Conference Contribution

Publication year: 2015

Publisher: Institute of Electrical and Electronics Engineers Inc.

Pages Range: 341-358

Article Number: 7163035

ISBN: 9781467369497

DOI: 10.1109/SP.2015.28

Abstract

Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems. To tackle this problem, we present GORAM, a cryptographic system that protects the secrecy and integrity of outsourced data with respect to both an untrusted server and malicious clients, guarantees the anonymity and unlink ability of accesses to such data, and allows the data owner to share outsourced data with other clients, selectively granting them read and write permissions. GORAM is the first system to achieve such a wide range of security and privacy properties for outsourced storage. In the process of designing an efficient construction, we developed two new, generally applicable cryptographic schemes, namely, batched zero-knowledge proofs of shuffle and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented GORAM in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction.

Authors with CRIS profile

How to cite

APA:

Maffei, M., Malavolta, G., Reinert, M., Schröder, D., & Malavolta, G. (2015). Privacy and access control for outsourced personal records. In Proceedings of the 36th IEEE Symposium on Security and Privacy, SP 2015 (pp. 341-358). Institute of Electrical and Electronics Engineers Inc..

MLA:

Maffei, Matteo, et al. "Privacy and access control for outsourced personal records." Proceedings of the 36th IEEE Symposium on Security and Privacy, SP 2015 Institute of Electrical and Electronics Engineers Inc., 2015. 341-358.

BibTeX: Download