Privacy-supporting cloud computing by in-browser key translation

Myrto Arapinis, Sergiu Bursuc, Mark Ryan*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)


Cloud computing means entrusting data to information systems that are managed by external parties on remote servers, in the 'cloud', raising new privacy and confidentiality concerns. We propose a general technique for designing cloud services that allows the cloud to see only encrypted data, while still facilitating some data-dependent computations. The technique is based on key translations and mixes in web browsers. We focus on a particular kind of software-as-a-service, namely, services that support applications, evaluations and decisions. Such services include job application management, public tender management (e.g., for civil construction), and conference management. We identify the specific security and privacy risks that existing systems pose. We propose a protocol that addresses them, and forms the basis of a system that offers strong security and privacy guarantees. We express the protocol and its properties in the language of ProVerif, and prove that it does provide the intended properties. We describe an implementation of a particular instance of the protocol called ConfiChair, which is geared to the evaluation of papers submitted to conferences.

Original languageEnglish
Pages (from-to)847-880
Number of pages34
JournalJournal of Computer Security
Issue number6
Publication statusPublished - 2013


  • cloud computing
  • cloud provider confidentiality
  • formal verification
  • privacy models
  • Security protocols

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Privacy-supporting cloud computing by in-browser key translation'. Together they form a unique fingerprint.

Cite this