On monitoring information flow of outsourced data

Abstract

Data outsourcing is an Internet-based paradigm that allows organizations to share data cost-effectively by transferring data to a third-party service provider for management. Enforcing outsourced data privacy in untrustworthy environments is challenging because the data needs to be kept secret both from unauthorized users and the service provider (SP). Existing approaches propose that the data owner(s) encrypt the data before it is transferred to the service provider to preserve confidentiality. Access is only granted to a user initiated program if the key presented can decrypt the data into a readable format. Therefore the data owner can control access to the data without having to worry about the management costs. However, this approach fails to monitor the data once it has been retrieved from the SP's end. So, a user can retrieve information from the SP's end and share it with unauthorized users or even the SP. We propose a conceptual framework, based on the concept of dependence graphs, for monitoring data exchanges between programs in order to prevent unauthorized access. The framework has a distributed architecture which is suitable for data outsourcing environments and the web in general. Each data object contains a cryptographic tag (like an invisible digital watermark) that is computed by using a cryptographic hash function to combine the checksum of the data and the encryption key. In order to execute an operation with a data object the key presented for decryption must match the one associated with the user's role and generate a cryptographic tag that matches the one embedded into the data. Tracing data exchanges, in this way, can leverage data privacy for organizations that transfer data management to third party service providers.