Willem Jonker Milan Petkovic´ (Eds.) 5 Secure 2 4 8 S Data Management C N L 10th VLDB Workshop, SDM 2013 Trento, Italy, August 30, 2013 Proceedings 123 Lecture Notes in Computer Science 8425 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbruecken, Germany For furthervolumes: http://www.springer.com/series/7409 Willem Jonker Milan Petkovic´ (Eds.) • Secure Data Management 10th VLDB Workshop, SDM 2013 Trento, Italy, August 30, 2013 Proceedings 123 Editors WillemJonker Milan Petkovic´ EIT ICTLabs/University ofTwente Philips Research/Eindhoven University Enschede of Technology The Netherlands Eindhoven The Netherlands ISSN 0302-9743 ISSN 1611-3349 (electronic) ISBN 978-3-319-06810-7 ISBN 978-3-319-06811-4 (eBook) DOI 10.1007/978-3-319-06811-4 SpringerChamHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2014938481 LNCSSublibrary:SL3–InformationSystemsandApplications,incl.Internet/Web,andHCI (cid:2)SpringerInternationalPublishingSwitzerland2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnectionwith reviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredandexecuted onacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublicationor partsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation,inits currentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforusemaybe obtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecutionunder therespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissions that may be made. The publisher makes no warranty, express or implied, with respect to the materialcontainedherein. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface The 2013 VLDB Secure Data Management Workshop was the tenth edition of the SDM workshop series. Recent developments in society have led to a growing interest in the topic of data security. The deep embedding of ICT in our everyday life has resulted in an ever- growing amount of (often personal) data traveling over the World Wide Web. Awarenessofthe needforproperprotectionofthese dataisgrowingamongcitizens, industries, and politicians. Given the fact that the tenth edition of our VLDB Secure Data Management Workshop was an anniversary edition, we decided to hold a special workshop with a proceedings volume comprisingthe visionarycontributions ofleading thinkersin the field. Theresultoftheworkshopiscapturedintheseproceedings,whichcontainthekey- note paper, the technical papers, as well as ten vision papers. The vision papers in particular address key challenges in our area and indicate interesting research ques- tions. We hope that these vision papers will inspire researchers in this field and give direction to their research. We wish to thank all the authors of submitted papers for their high-quality sub- missions.WewouldalsoliketothanktheProgramCommitteemembersaswellasthe additionalreviewersfordoinganexcellentjob.Finally,wewouldliketoacknowledge Elisa Costante and Sokratis Vavilis, who helped in the technical preparation of the proceedings. December 2013 Willem Jonker Milan Petkovic´ Organization Workshop Organizers Willem Jonker EIT ICT Labs/University of Twente, Enschede, The Netherlands Milan Petkovic´ Philips Research/Eindhoven University of Technology, Eindhoven, The Netherlands Program Committee Nguyen Manh Tho Gerrit Bleumer Nick Mankovich Ljiljana Brankovic Sharad Mehrotra Sabrina De Capitani di Vimercati Stig Frode Mjolsnes Ernesto Damiani Eiji Okamoto Eric Diehl Sylvia Osborn Jeroen Doumen Guenther Pernul Csilla Farkas Birgit Pfitzmann Eduardo Fernández-Medina Bart Preneel Elena Ferrari Kai Rannenberg Simone Fischer-Hubner David G. Rosado Tyrone Grandison Ahmad-Reza Sadeghi Dieter Gollmann Andreas Schaad Hakan Hacigumus Jason Smith Marit Hansen Morton Swimmer Min-Shiang Hwang Clark Thomborson Mizuho Iwaihara Sheng Zhong Sushil Jajodia Nicola Zannone Ton Kalker Marc Langheinrich Contents Key Note To Cloud Or Not To? Musings on Clouds, Security and Big Data . . . . . . . . 3 Radu Sion Vision Papers Data Security – Challenges and Research Opportunities . . . . . . . . . . . . . . . 9 Elisa Bertino Research Challenges to Secure the Future Internet . . . . . . . . . . . . . . . . . . . 14 Jan Camenisch Security and Privacy of Data in a Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Sushil Jajodia The Future of Information Security Research: Cryptology and Beyond. . . . . 23 Bart Preneel Where Security Research Should Go in the Next Decade . . . . . . . . . . . . . . 28 Kai Rannenberg ‘‘Technology Should Be Smarter Than This!’’: A Vision for Overcoming the Great Authentication Fatigue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 M. Angela Sasse Data Security and Privacy in 2025? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Matthias Schunter Towards a Risk-Based Approach to Achieving Data Confidentiality in Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Sharad Mehrotra Internet of Things. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Antonio Skarmeta and M. Victoria Moreno Security,PrivacyandTrust:FromInnovationBlockertoInnovationEnabler ... 54 Willem Jonker and Milan Petkovic´ Workshop Papers Secure Similar Document Detection with Simhash . . . . . . . . . . . . . . . . . . . 61 Sahin Buyrukbilen and Spiridon Bakiras X Contents Big Security for Big Data: Addressing Security Challenges for the Big Data Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Yuri Demchenko, Canh Ngo, Cees de Laat, Peter Membrey, and Daniil Gordijenko Query Log Attack on Encrypted Databases . . . . . . . . . . . . . . . . . . . . . . . . 95 Tahmineh Sanamrad and Donald Kossmann A Multi-Party Protocol for Privacy-Preserving Range Queries . . . . . . . . . . . 108 Maryam Sepehri, Stelvio Cimato, and Ernesto Damiani Privacy Implications of Privacy Settings and Tagging in Facebook. . . . . . . . 121 Stan Damen and Nicola Zannone Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Key Note To Cloud Or Not To? Musings on Clouds, Security and Big Data B Radu Sion( ) Stony Brook Network Security and Applied Cryptography Lab, Stony Brook, USA [email protected] Abstract. In this talk we explored the economics of cloud computing. We identified cost trade-offs and postulated the key principles of cloud outsourcing that define when cloud deployment is appropriate and why. Theresultsmaysurpriseandareespeciallyinterestinginunderstanding cyber- security aspects that impact the appeal of clouds. Weoutlinedandinvestigatedsomeofthemainresearchchallengeson optimizing for these trade-offs. If you came to this talk you were also very likely to find out exactly how many US dollars you need to spend to breakyour favoritecipher, or sendone ofyour bitsover the network. 1 Overview Commoditizedoutsourcedcomputinghasfinallyarrived,mainlyduetotheemer- gence of fast and cheap networking and efficient large scale computing. Ama- zon, Google, Microsoft and Oracle are just a few of the providers starting to offer increasingly complex storage and computation outsourcing “cloud” ser- vices. CPU cycles have become consumer merchandise. In[1]andelsewhereweexploredtheend-to-endcostofaCPUcycleinvarious environmentsandshowthatitscostliesbetween0.45picocentsinefficientclouds and 27picocents for small business deployment scenarios (1picocent = $1 × 10−14).IntermsofpureCPUcyclecosts,currentcloudspresentseeminglycost- effective propositions for personal and small enterprise clients. Nevertheless, cloud clients are concerned with the privacy of their data and computation – this is often the primary adoption obstacle, especially for mediumandlargecorporations,whooftenfallunderstrictregulatorycompliance requirements. To address this, existing secure outsourcing research addressed several issues including guaranteeing integrity, confidentiality and privacy of outsourced data to secure querying on outsourced encrypted database. Such assuranceswilllikelyrequirestrongcryptographyaspartofelaborateintra-and client-cloud protocols. Yet, strong crypto is expensive. Thus, it is important to ask: how much cryptography can we afford in the cloud while maintaining the cost benefits of outsourcing? Somebelievetheanswerissimplynone.Ina2009interview,WhitfieldDiffie argued that “the whole point of cloud computing is economy” and while it is W.JonkerandM.Petkovi´c(Eds.):SDM2013,LNCS8425,pp.3–5,2014. DOI:10.1007/978-3-319-06811-41,(cid:2)c SpringerInternationalPublishingSwitzerland2014