An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Practical multi-candidate election system
Proceedings of the twentieth annual ACM symposium on Principles of distributed computing
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking
Proceedings of the 11th USENIX Security Symposium
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Coercion-resistant electronic elections
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Privacy enhancing identity management: protection against re-identification and profiling
Proceedings of the 2005 workshop on Digital identity management
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Breaking and fixing public-key Kerberos
Information and Computation
NOYB: privacy in online social networks
Proceedings of the first workshop on Online social networks
Helios: web-based open-audit voting
SS'08 Proceedings of the 17th conference on Security symposium
Future Generation Computer Systems
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Verifying privacy-type properties of electronic voting protocols
Journal of Computer Security
Persona: an online social network with user-defined privacy
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
A Privacy Manager for Cloud Computing
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
On the security of a popular web submission and review software (WSaR) for cryptology conferences
WISA'07 Proceedings of the 8th international conference on Information security applications
Attacking and fixing PKCS#11 security tokens
Proceedings of the 17th ACM conference on Computer and communications security
Cloud computing privacy concerns on our doorstep
Communications of the ACM
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Modelling dynamic access control policies for web-based collaborative systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Collusion resistant broadcast encryption with short ciphertexts and private keys
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
A traceability attack against e-passports
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
P3ERS: Privacy-Preserving PEer Review System
Transactions on Data Privacy
Keys to the cloud: formal analysis and concrete attacks on encrypted web storage
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Cloud computing security: The scientific challenge, and a survey of solutions
Journal of Systems and Software
Privacy-supporting cloud computing by in-browser key translation
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
Cloud computing means entrusting data to information systems that are managed by external parties on remote servers, in the "cloud", raising new privacy and confidentiality concerns. We propose a general technique for designing cloud services that allows the cloud to see only encrypted data, while still allowing it to perform data-dependent computations. The technique is based on key translations and mixes in web browsers. We focus on the particular cloud computing application of conference management. We identify the specific security and privacy risks that existing systems like EasyChair and EDAS pose, and address them with a protocol underlying ConfiChair, a novel cloud-based conference management system that offers strong security and privacy guarantees. In ConfiChair, authors, reviewers, and the conference chair interact through their browsers with the cloud, to perform the usual tasks of uploading and downloading papers and reviews. In contrast with current systems, in ConfiChair the cloud provider does not have access to the content of papers and reviews and the scores given by reviewers, and moreover is unable to link authors with reviewers of their paper. We express the ConfiChair protocol and its properties in the language of ProVerif, and prove that it does provide the intended properties.