Confidentiality & Data Processing

Confidentiality of data requires that when users outsource data, the cloud should not learn any information about the data it is storing and the operations performed over it.

Although classical encryption algorithms ensure data confidentiality, they unfortunately prevent the cloud from operating over encrypted data. The obvious approach could be to encrypt all data with a secure encryption algorithm such as AES and store it in the cloud. However, while secure, all data can no longer be processed in the cloud but has to be downloaded and decrypted on the client to execute any query on it. This makes any serious Database as a Service offering questionable and is the way many traditional DBMS like Sybase, Oracle, DB2 or solutions like Dropbox appear to work when they claim to encrypt data and provide cloud storage.

Moreover, both, the queries issued by the user and the result of the queries should remain confidential to the cloud. Existing crypto primitives such as searchable encryption or private information retrieval cannot immediately be adopted by current cloud solutions.