CRJun 19, 2015
Towards a New Paradigm for Privacy and Security in Cloud ServicesThomas Loruenser, Charles Bastos Rodriguez, Denise Demirel et al.
The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015-7/2018) addresses these challenges and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security with the strongest notion possible, namely by means of cryptography. We present a new approach towards a next generation of security and privacy enabled services to be deployed in only partially trusted cloud infrastructures.
CRJun 12, 2015
Practical Solutions For Format-Preserving EncryptionMor Weiss, Boris Rozenberg, Muhammad Barham
Format Preserving Encryption (FPE) schemes encrypt a plaintext into a ciphertext while preserving its format (e.g., a valid social-security number is encrypted into a valid social-security number), thus allowing encrypted data to be stored and used in the same manner as unencrypted data. Motivated by the always-increasing use of cloud-computing and memory delegation, which require preserving both plaintext format and privacy, several FPE schemes for general formats have been previously suggested. However, current solutions are both insecure and inefficient in practice. We propose an efficient FPE scheme with optimal security. Our scheme includes an efficient method of representing general (complex) formats, and provides efficient encryption and decryption algorithms that do not require an expensive set-up. During encryption, only format-specific properties are preserved, while all message-specific properties remain hidden, thus guaranteeing data privacy. As experimental results show that in many cases large formats domains cannot be encrypted efficiently, we extend our scheme to support large formats, by imposing a user-defined bound on the maximal format size, thus obtaining a flexible security-efficiency tradeoff and the best possible security (under the size limitation).