Secure global protocol for computing aggregate functions
Résumé
Storing personal data in a remote database in outsourcing company often re-quires clients to inherently trust the provider with full access to the outsourced datasets. But placing sensitive data under the control of a third-party provider without guarantees of privacy and confidentiality can be a big problem because data can be easily leaked. Although recent researches have addressed this security aspect by using encryption, no state-of-the-art solves this problem completely. This work draws a radically different vision of the database outsourcing by using new hardware devices called Secure Portable Tokens (SPT for short). SPTs combine tamper resistant smart card microcontrollers with large storage capacity NAND Flash chips. This token aims at helping every individual to better protect her privacy. We propose a protocol composed of low cost secure tokens and a powerful but untrusted supporting server (SS), called asymmetric architecture. This protocol, with personal data scattered in distributed tokens, aims at answering any general query in an interactive setting. The objective is to provide the exact results for general query with acceptable performance to partly trusted queriers who can only obtain some authorized views of the dataset but not the raw data stored in PDSs.