Trusting third-party storage providers for holding personal information. A context-based approach to protect identity-related data in untrusted domains

The never ending growth of digital information and the availabilityof low-cost storage facilities and networks capacity is leading users towardsmoving their data to remote storage resources. Since users’ data often holdsidentity-related information, several privacy issues arise when data can bestored in untrusted domains. In addition digital identity management is becomingextremely complicated due to the identity replicas proliferation necessaryto get authentication in different domains. GMail and Amazon Web Services, for instance, are two examples of online services adopted by million of usersthroughout the world which hold huge amounts of sensitive users data. Stateof-the-art encryption tools for large-scale distributed infrastructures allowusers to encrypt content locally before storing it on a remote untrusted repository. This approach can experience performance drawbacks, when very largedata-sets must be encrypted/decrypted on a single machine. The proposedapproach extends the existing solutions by providing two additional features: (1) the encryption can also be delegated to a pool of remote trusted computingresources, and (2) the definition of the encryption context which drives the toolto select the best strategy to process the data. The performance benchmarksare based on the results of tests carried out both on a local workstation and onthe Grid INFN Laboratory for Dissemination Activities (GILDA) testbed