Vault schemes have recently been proposed as a cryptographic abstraction for storing sensitive and non-sensitive data in outsourced databases while preserving confidentiality guarantees. Prior work has focused primarily on privacy goals, formalized through indistinguishability notions that protect sensitive records even when an adversary has access to tokens and the database contents. In this work we argue that confidentiality alone is not sufficient: a new integrity threat arises in the form of framing attacks, in which a malicious server or colluding user forges records that appear to originate from an honest client. We introduce framing resistance as a complementary security goal for vaults, and formalize it via a new indistinguishability game, IND-FR. We then present two constructions achieving this notion. The first binds each record to a client through digital signatures or MACs, reducing framing resistance to the unforgeability of the underlying primitive. The second eliminates the need for client-held keys by leveraging transparency logs and server-issued signed receipts, reducing framing resistance to signature unforgeability and the append-only property of the log. Both constructions are proven secure under standard assumptions. Finally, we compare the two approaches, highlighting tradeoffs in security guarantees, trust models, and deployment complexity. Our results show that framing resistance is both achievable and practical, and that secure vaults can go beyond confidentiality to offer strong integrity protections suitable for real-world cloud and data-sharing environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Beyond Confidentiality: Framing-Resistant Secure Vault Schemes

  • Meghna Sengupta

摘要

Vault schemes have recently been proposed as a cryptographic abstraction for storing sensitive and non-sensitive data in outsourced databases while preserving confidentiality guarantees. Prior work has focused primarily on privacy goals, formalized through indistinguishability notions that protect sensitive records even when an adversary has access to tokens and the database contents. In this work we argue that confidentiality alone is not sufficient: a new integrity threat arises in the form of framing attacks, in which a malicious server or colluding user forges records that appear to originate from an honest client. We introduce framing resistance as a complementary security goal for vaults, and formalize it via a new indistinguishability game, IND-FR. We then present two constructions achieving this notion. The first binds each record to a client through digital signatures or MACs, reducing framing resistance to the unforgeability of the underlying primitive. The second eliminates the need for client-held keys by leveraging transparency logs and server-issued signed receipts, reducing framing resistance to signature unforgeability and the append-only property of the log. Both constructions are proven secure under standard assumptions. Finally, we compare the two approaches, highlighting tradeoffs in security guarantees, trust models, and deployment complexity. Our results show that framing resistance is both achievable and practical, and that secure vaults can go beyond confidentiality to offer strong integrity protections suitable for real-world cloud and data-sharing environments.