Ensuring data security and privacy protection in the cloud computing environment

Creating an additional security level while keeping the benefits and flexibility of cloud storage

"Cloud storage exhibits a paradox as the data storage and processing servers are not trusted to keep data confidential and yet data are stored in and processed by the servers", Prof. Robert Deng explains. "Our central idea is thus to embed protection mechanisms, such as encryption and authentication techniques into data itself, so that data security and privacy remain even if data is stored and processed in cloud servers". "The challenge being that the protected data must still be useful, amenable to access control and processing by authorized users". The AXA Chair's research programme sets out to investigate cryptographic and system security solutions to enable both the sharing of encrypted data as well as the performing of computations over the encrypted data by the untrusted servers. "An end-user may request access to encrypted data or request a computational service from a server. With the method we're are working on, the server can perform the requested computation using encrypted data as input and send an encrypted output to the end-user who then uses its secret key to recover the result of the computation", explains Prof. Robert Deng. "To be efficient for real world applications, the technique developed by the AXA Chair of Cybersecurity's research programme will meet the following four requirements: data privacy, unforgeability, secure updatability and efficiency.
80% of the research programme will be dedicated to data security and privacy protection in the cloud computing environment and the other 20% will consist in studying human behaviour and how it can cause insecurity. "90 % of the security incidences are due to user's carelessness. For instance, people can inadvertently download malware by clicking on the wrong link", Prof. Robert Deng points out. "By studying the behaviour of users, we want to investigate all the major ways in which insecurity happens, and this is no small task as there are many of them".
Every day, an average of 4.5 million data records are stolen or lost and no location, organisation or industry is immune from attack. The cost of a data breach can amount to millions of euros in loss, destroying customer trust and sharply decreasing revenues and share-holder value. But so far, existing techniques for cloud data protection do not meet all four security requirements Prof. Robert Deng considers necessary for safe and flexible real world applications. The AXA Chair of Cybersecurity aims at filling this gap by providing organisations with the means to protect themselves against cyber criminality while safely enjoying the advantages of cloud storage.