Selective end-to-end data-sharing in the cloud

Cloud-based services, such as Google Drive, Dropbox, or Nextcloud, enable easy-to-use data-sharing between multiple parties, and, therefore, have been widely adopted over the last decade. Nevertheless, privacy challenges hamper their adoption for sensitive data: (1) rather than exposing their privat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of Banking and Financial Technology 2020-04, Vol.4 (1), p.139-157
Hauptverfasser: Hörandner, Felix, Ramacher, Sebastian, Roth, Simon
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Cloud-based services, such as Google Drive, Dropbox, or Nextcloud, enable easy-to-use data-sharing between multiple parties, and, therefore, have been widely adopted over the last decade. Nevertheless, privacy challenges hamper their adoption for sensitive data: (1) rather than exposing their private data to a cloud service, users desire end-to-end confidentiality of the shared files without sacrificing usability, e.g., without repeatedly encrypting when sharing the same data set with multiple receivers. (2) Only being able to share full (authenticated) files may force users to expose overmuch information if the data set has not been exactly tailored to the receiver’s needs at issue-time. This gap can be bridged by enabling cloud services to selectively disclose only relevant parts of a file without breaking the parts’ authenticity. While both challenges have been solved individually, it is not trivial to combine these solutions and maintain their security intentions. In this paper, we tackle this issue and introduce selective end-to-end data-sharing by combining ideas from proxy re-encryption (for end-to-end encrypted sharing) and redactable signature schemes (to selectively disclose a subset of still authenticated parts). We overcome the issues encountered when naively combining these two concepts, introduce a security model, and present a modular instantiation together with implementations based on a selection of various building blocks. We give an extensive performance evaluation of our instantiation and conclude with example applications.
ISSN:2524-7956
2524-7964
DOI:10.1007/s42786-020-00017-y