Abstract
Application service providers (ASPs) and web services are becoming increasingly popular despite adverse IT market conditions. New languages and protocols like XML, SOAP, and UDDI provide the technical underpinnings for a global infrastructure where anybody with a networked computer has access to a large number of digital services. Not every potential customer, however, may feel comfortable about entrusting sensitive personal or corporate data to a ser- vice provider in an unprotected manner. Even if there is a high level of trust be- tween customer and provider, there may be legal requirements that require a higher level of privacy. Customers may also want to be prepared for an unfore- seen change of control on the provider’s side. something that is not an uncom- mon occurrence especially among start-up companies. This paper reviews sev- eral solutions how customers can use a provider’s services without giving it ac- cess to any sensitive data. After discussing the relative merits of trust vs. tech- nology, we focus on privacy homomorphisms, an encryption technique origi- nally proposed by Rivest et al. that maintains the structure of the input data while obscuring the actual content. We conclude with several proposals how to integrate privacy homomorphisms into existing service architectures.
This research was supported by the Deutsche Forschungsgemeinschaft, Berlin-Brandenburg Graduate School in Distributed Information Systems (DFG grant no. GRK 316/2).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ahituv, N., Lapid, Y., and Neumann, S., Processing Encrypted Data, Communications of the ACM, Vol.20, pp.777–780, 1987.
Asonov, D. Private Information Retrieval. An Overview and Current Trends. In Proceedings ECDPvA Workshop, Informatik 2001, Vienna, Austria, September 2001.
Atallah, M.J., Pantazopoulos, K.N., Rice, J.R., and Spafford, E.H., Secure Outsourcing of Scientific Computations, Advances in Computers, 54, Chapter 6, pp. 215–272, July 2001.
Bobineau, C., Bouganim, L., Pucheral, P., and Valduriez, P., PicoDBMS: Scaling down Database Techniques for the Smartcard. In Proceedings 26th VLDB Conference, Cairo, Egypt, 2000.
Brickell, E., and Yacobi, Y., On Privacy Homomorphisms, in: D. Chaum and W.L. Price, eds., Advances in Cryptology-Eurocrypt’ 87, Springer, Berlin, 1988.
Canny, J., Collaborative Filtering with Privacy. http://www.millennium.berkeley.edu/retreat/files/Sharing0601.ppt, 2001.
Chor, B., Goldreich, O., Kushilevitz, E., and Sudan, M.: Private Information Retrieval. In Proceedings 36th IEEE FOCS Conference, pp.41–50, New York, 1995
Denning, D., Cryptography and Data Security, Addison-Wesley, 1982.
Domingo-Ferrer J., A New Privacy Homomorphism and Applications, Information Processing Letters, Vol.60, No.5, pp.277–282, December 1996.
Domingo-Ferrer, J., Multi-application Smart Cards and Encrypted Data Processing, Future Generation Computer Systems, Vol.13, pp.65–74, June 1997.
Domingo-Ferrer, J., and Herrera-Joanconmartí, A Privacy Homomorphism Allowing Field Operations on Encrypted Data, Jornades de Matemàtica Discreta i Algorísmica, Barcelona 1998.
Hacigumus, H., Mehrotra, S., Iyer, B., and Li, C., Executing SQL over Encrypted Data in the Database Service Provider Model, In Proceedings ACM SIGMOD Conference, June 2002.
Jacobsen, H.-A., G. Riessen, and Günther, O., MMM-Middleware for Method Management on the WWW, In Proceedings WWW8 Conference, 1999.
Leymann, F., Roller, D., and Schmidt, M.-T., Web services and Business Process Management. IBM Systems Journal, Vol.41, No.2, 2002.
Rivest, R., Adleman, L., and Dertouzos, M.L., On Data Banks and Privacy Homomorphisms. In Foundations of Secure Computations. Academic Press, New York, 1978.
Rivest, R., Shamir, A., and Adleman, L. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of the ACM, Vol.21, No.2, 1978.
Sander, T., and Tschudin, C., On Software Protection Via Function Hiding, In Proceedings 2nd Workshop on Information Hiding, LNCS Springer, 1998.
Schurig, S., Geheimhaltung in Statistischen Datenbanken, Shaker, 1998.
Smith, S.W., and Weingart, S.H., Building a High-Performance, Programmable Secure Coprocessor. In Computer Networks, Special Issue on Computer Network Security, No.31, pp. 831–860, 1999.
Stallings, W., Cryptography and Network Security: Principles and Practice. Prentice-Hall, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boyens, C., Günther, O. (2002). Trust Is not Enough: Privacy and Security in ASP and Web Service Environments. In: Manolopoulos, Y., Návrat, P. (eds) Advances in Databases and Information Systems. ADBIS 2002. Lecture Notes in Computer Science, vol 2435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45710-0_2
Download citation
DOI: https://doi.org/10.1007/3-540-45710-0_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44138-0
Online ISBN: 978-3-540-45710-7
eBook Packages: Springer Book Archive