%0 Book Section %1 springerlink:10.1007/978-3-642-31540-4_12 %A Dautrich, Jonathan %A Ravishankar, Chinya %B Data and Applications Security and Privacy XXVI %C Berlin / Heidelberg %D 2012 %E Cuppens-Boulahia, Nora %E Cuppens, Frédéric %E Garcia-Alfaro, Joaquin %I Springer %K data-outsourcing secret-sharing %P 145-160 %R 10.1007/978-3-642-31540-4_12 %T Security Limitations of Using Secret Sharing for Data Outsourcing %U http://dx.doi.org/10.1007/978-3-642-31540-4_12 %V 7371 %X Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k = 8. %@ 978-3-642-31539-8

@incollection{springerlink:10.1007/978-3-642-31540-4_12, abstract = {Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k = 8.}, added-at = {2012-09-11T10:11:23.000+0200}, address = {Berlin / Heidelberg}, affiliation = {University of California, Riverside, USA}, author = {Dautrich, Jonathan and Ravishankar, Chinya}, biburl = {https://www.bibsonomy.org/bibtex/2c255a9a820d632b038a71dac2b9160a6/matthiashuber}, booktitle = {Data and Applications Security and Privacy XXVI}, description = {Abstract - SpringerLink}, doi = {10.1007/978-3-642-31540-4_12}, editor = {Cuppens-Boulahia, Nora and Cuppens, Frédéric and Garcia-Alfaro, Joaquin}, interhash = {967b494da3f0f87be671132e8ac8ebab}, intrahash = {c255a9a820d632b038a71dac2b9160a6}, isbn = {978-3-642-31539-8}, keyword = {Computer Science}, keywords = {data-outsourcing secret-sharing}, pages = {145-160}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, timestamp = {2012-09-11T10:11:23.000+0200}, title = {Security Limitations of Using Secret Sharing for Data Outsourcing}, url = {http://dx.doi.org/10.1007/978-3-642-31540-4_12}, volume = 7371, year = 2012 }