Paper 2024/2094

Secure Vault scheme in the Cloud Operating Model

Rishiraj Bhattacharyya, University of Birmingham
Avradip Mandal, Zfenselabs, USA
Meghna Sengupta, University of Edinburgh
Abstract

The rising demand for data privacy in cloud-based environments has led to the development of advanced mechanisms for securely managing sensitive information. A prominent solution in this domain is the "Data Privacy Vault," a concept that is being provided commercially by companies such as Hashicorp, Basis Theory, Skyflow Inc., VGS, Evervault, Protegrity, Anonomatic, and BoxyHQ. However, no existing work has rigorously defined the security notions required for a Data Privacy Vault or proven them within a formal framework which is the focus of this paper. Among its other uses, data privacy vaults are increasingly being used as storage for LLM training data which necessitates a scheme that enables users to securely store sensitive information in the cloud while allowing controlled access for performing analytics on specific non-sensitive attributes without exposing sensitive data. Conventional solutions involve users generating encryption keys to safeguard their data, but these solutions are not deterministic and are therefore unsuited for the LLM setting. To address this, we propose a novel framework that is deterministic as well as semantically secure. Our scheme operates in the Cloud Operating model where the server is trusted but stateless, and the storage is outsourced. We provide a formal definition and a concrete instantiation of this data privacy vault scheme. We introduce a novel tokenization algorithm that serves as the core mechanism for protecting sensitive data within the vault. Our approach not only generates secure, unpredictable tokens for sensitive data but also securely stores sensitive data while enabling controlled data retrieval based on predefined access levels. Our work fills a significant gap in the existing literature by providing a formalized framework for the data privacy vault, complete with security proofs and a practical construction - not only enhancing the understanding of vault schemes but also offering a viable solution for secure data management in the era of cloud computing.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. INDOCRYPT 2024
DOI
https://doi.org/10.1007/978-3-031-80311-6_14
Keywords
data privacy vaultLLM privacycloud storagesecure data storagetokenizationvault scheme
Contact author(s)
rishiraj bhattacharyya @ gmail com
avradip @ zfenselabs com
M Sengupta-1 @ sms ed ac uk
History
2025-01-01: approved
2024-12-30: received
See all versions
Short URL
https://ia.cr/2024/2094
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/2094,
      author = {Rishiraj Bhattacharyya and Avradip Mandal and Meghna Sengupta},
      title = {Secure Vault scheme in the Cloud Operating Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/2094},
      year = {2024},
      doi = {https://doi.org/10.1007/978-3-031-80311-6_14},
      url = {https://eprint.iacr.org/2024/2094}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.