MimoSecco: A Middleware for Secure Cloud Storage
The biggest impediment for the adoption of cloud computing practices is the lack of trust in the confidentiality of one’s data in the cloud. The prevalent threat in the cloud computing model are so-called insider attacks. Full data encryption can only solve the problem in the trivial case of backups. Any sophisticated service provided on data requires insight into the structure of that data. One purpose of encryption is to prevent such insights. We introduce the MimoSecco project. In MimoSecco, we are investigating reasonable compromises. We employ two techniques, separation of duties and secure hardware. With separation of duties, we fragment a database and separate the fragments geographically. The goal is to make it infeasible to reconstruct the database from one fragment alone. The secure hardware tokens we employ are hard-to-copy devices which offer encryption, decryption and cryptographically signing of data. The keys used are stored in the tamper-proof hardware device and never leave it. We are in the process of developing a prototypical database adapter that behaves like a SQL database, but stores data securely.
KeywordsCloud Computing Advance Encryption Standard Database Scheme Index Table Efficient Execution
Unable to display preview. Download preview PDF.
- 1.Advanced encryption standard (AES). Tech. rep., NIST (2001)Google Scholar
- 2.Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. CIDR 2005 http://ilpubs.stanford.edu:8090/659/
- 3.Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the nineteenth annual ACM symposium on Theory of computing. pp. 218–229. ACM, New York, NY, USA (1987)Google Scholar
- 4.Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD international conference on Management of data. pp. 216–227. ACM (2002)Google Scholar
- 5.Huber, M.: Towards secure services in an untrusted environment. In: Bühnová, B., Reussner, R.H., Szyperski, C., Weck, W. (eds.) Proceedings of the Fifteenth International Workshop on Component-Oriented Programming (WCOP) 2010. Interne Berichte, vol. 2010-14, pp. 39–46. Karlsruhe Institue of Technology, Faculty of Informatics, Karlsruhe, Germany (June 2010), http://digbib.ubka.uni-karlsruhe.de/volltexte/1000018464
- 6.Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, FOCS’82. pp. 160–164. IEEE Computer Society (1982)Google Scholar