Privacy and anonymity in untrusted data stores
Trevathan, Jarrod, Read, Wayne, Ghodosi, Hossein, and Atkinson, Ian (2011) Privacy and anonymity in untrusted data stores. In: Conferences in Research and Practice in Information Technology (115), pp. 75-84. From: ADC 2011 22nd Australasian Database Conference, January 17 - 20 2011, Perth, WA, Australia.
PDF (Published Version)
- Published Version
Restricted to Repository staff only
This paper describes a security problem involving an online data repository, which acts as a proxy for multiple companies allowing their customers to perform online services (e.g., pay invoices). The repository's host is trusted to honestly fulfil its duties in maintaining the data in a manner consistent with each companies' required services. However, the information stored by the repository remains private in that the repository's host cannot openly read any companies' operational data, nor does it learn the identities of any companies' customers. We contrast several approaches describing their viability for web deployment using existing technologies. This is a fundamentally new security problem with no established literature or clearly defined cryptographic solution. The project originated from a commercial attempt to design a secure online data archive. A sample implementation of the system is presented that allows a customer to pay and view invoices online via the data repository using a popular and widely available small business accountancy application.
|Item Type:||Conference Item (Refereed Research Paper - E1)|
|Keywords:||privacy, security, authentication, encryption, web hosting, e-commerce|
|Date Deposited:||27 Jun 2011 05:04|
|FoR Codes:||08 INFORMATION AND COMPUTING SCIENCES > 0803 Computer Software > 080303 Computer System Security @ 100%|
|SEO Codes:||89 INFORMATION AND COMMUNICATION SERVICES > 8901 Communication Networks and Services > 890199 Communication Networks and Services not elsewhere classified @ 100%|