Privacy-Preserving Cloud Storage
The focus of this project was the confidentiality of storage that was outsourced to cloud providers. Companies and end-users store confidential data on third-party services like Amazon AWS and Dropbox. Whereas one may think that encrypting the entries of the database gives already the “best-possible” notion of privacy, this is indeed not the case: A lot of information can be inferred not only by the content of a certain database entry but also on which entry is accessed. As an example, accessing a folder related to medical data may leak that the client is undergoing some medical treatment that he would like to keep confidential.
This becomes especially problematic when outsourcing large parts of our data to the cloud. Observing the patterns used to access outsourced data, e.g., by monitoring the clients’ queries, allows a curious service provider to learn sensitive information, even if data are encrypted. While the cloud architecture provides benefits in terms of convenience and reliability, it effectively poses a threat to users’ privacy. Ideally, we would like to achieve the best of both worlds where the client is relieved from the burden of maintaining its database but at the same time, no information is leaked to the eyes of an external observer.
Before this project, existing solutions for secure data outsourcing fell short of providing adequate privacy and functionality. On the one side of the spectrum, we had classical cryptographic solutions (ORAM) that provided strong security with little usability and without the possibility of sharing data with other clients. On the opposite side, we had solutions developed by the industry that offered great usability but where the privacy guarantees were poorly understood. In particular, a privacy-preserving solution (that hides data as well as access patterns) with the flexibility of selectively granting read/write accesses to peer clients was missing. The objective of this project was to design, analyze, and implement a cryptographic infrastructure that covers a range security and privacy properties while at the same time offering support for standard database queries, the possibility to grant selective permissions on the database, and the possibility to let everyone verify that the database performed the correct computation. The working plan built on an extension of the ORAM model to the multi-client setting, and further extensions to provide for the verifiability of queries, for fine-grained access control and for database queries like range queries and join. Finally, we investigated the minimal cryptographic assumptions needed for constructing ORAM schemes. We managed to realize the foundational extension of ORAM to the multi-client setting. This extension, called anonymous RAM, provides privacy and integrity guarantees, including the privacy of content, access patterns and user’s identity from curious servers. We also investigated the minimal communication complexity of verifiable computation and on the minimal cryptographic assumptions needed to achieve privacy in outsourced databases.
Role Within the Collaborative Research Center