Chair of Communication and Distributed Systems Martin Henze While offering many benefits, cloud computing also introduces serious privacy challenges as evidenced by recent security breaches and privacy incidents. In this dissertation, we argue that overcoming these privacy challenges requires cooperation between the various actors in the cloud computing landscape, i.e., users, service providers, and infrastructure providers. All these different actors have clear incentives to care for privacy and, with the contributions presented in Accounting for Privacy in this dissertation, we provide technical approaches that enable each of them to account for privacy. the Cloud Computing Landscape As our first contribution to support users in exercising their privacy, we raise awa- reness for their exposure to cloud services in the context of email services as well as smartphone apps and enable them to anonymously compare their cloud in the Cloud Computing Landscape Privacy Accounting for usage to their peers. With privacy requirements-aware cloud infrastructure as our second contribution, we realize user-specified per-data item privacy policies and enable infrastructure providers to adhere to them. We furthermore support service providers in building privacy-preserving cloud services for the Internet of Things in the context of our third contribution by enabling the transparent processing of protected data and by introducing a distributed architecture to secure the control over devices and networks. Finally, with our fourth contribution, we propose a decentralized cloud infrastructure that enables users who strongly distrust cloud providers to completely shift certain services away from the cloud by cooperating with other users. Martin Henze Reports on Communications and Distributed Systems Reports and Distributed on Communications Wehrle Klaus Dr.-Ing. Prof. Editor: VOL 17 Accounting for Privacy in the Cloud Computing Landscape Von der Fakultät für Mathematik, Informatik und Naturwissenschaften der RWTH Aachen University zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften genehmigte Dissertation vorgelegt von Diplom-Informatiker Martin Henze aus Mönchengladbach Berichter: Prof. Dr.-Ing. Klaus Wehrle Prof. Dr. Thomas Engel Tag der mündlichen Prüfung: 22. 11. 2018 WICHTIG: D 82 überprüfen !!! Reports on Communications and Distributed Systems edited by Prof. Dr.-Ing. Klaus Wehrle Communication and Distributed Systems, RWTH Aachen University Volume 17 Martin Henze Accounting for Privacy in the Cloud Computing Landscape Shaker Verlag Aachen 2018 Bibliographic information published by the Deutsche Nationalbibliothek The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data are available in the Internet at http://dnb.d-nb.de. Zugl.: D 82 (Diss. RWTH Aachen University, 2018) Copyright Shaker Verlag 2018 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers. Printed in Germany. ISBN 978-3-8440-6389-9 ISSN 2191-0863 Shaker Verlag GmbH • P.O. BOX 101818 • D-52018 Aachen Phone: 0049/2407/9596-0 • Telefax: 0049/2407/9596-9 Internet: www.shaker.de • e-mail: [email protected] Abstract Cloud computing enables service operators to efficiently and flexibly utilize resources offered by third party providers instead of having to maintain their own infrastruc- ture. As such, cloud computing offers many advantages over the traditional service delivery model, e.g., failure safety, scalability, cost savings, and a high ease of use. Not only service operators, but also their users benefit from these advantages. As a result, cloud computing has revolutionized service delivery and we observe a tremen- dous trend for moving services to the cloud. However, this trend of outsourcing services and data to the cloud is limited by serious privacy challenges as evidenced by recent security breaches and privacy incidents such as the global surveillance dis- closures. These privacy challenges stem from the technical complexity and missing transparency of cloud computing, opaque legislation with respect to the jurisdiction that applies to users’ data, the inherent centrality of the cloud computing market, and missing control of users over the handling of their data. Overcoming these privacy challenges is key to enable corporate and private users to fully embrace the advantages of cloud computing and hence secure the success of the cloud computing paradigm. Indeed, we observe that cloud providers already account for selected privacy requirements, e.g., by opening special data centers in countries with strict data protection and privacy legislation. Likewise, researchers propose technical approaches to enforce certain privacy requirements either from the client side, e.g., using encryption, or from the service side, e.g., based on trusted hardware. Despite these ongoing efforts, the necessary technical means to fully account for privacy in the cloud computing landscape are still missing. In this dissertation, we approach the pressing problem of privacy in cloud computing from a different direction: Instead of focusing on single actors, we are convinced that overcoming the inherent privacy challenges of cloud computing requires cooperation between the various actors in the cloud computing landscape, i.e., users, service providers, and infrastructure providers. All these different actors have clear incen- tives to care for privacy and, with the contributions presented in this dissertation, we provide technical approaches that enable each of them to account for privacy. As our first contribution to support users in exercising their privacy, we raise aware- ness for their exposure to cloud services in the context of email services as well as smartphone apps and enable them to anonymously compare their cloud usage to their peers. With privacy requirements-aware cloud infrastructure as our second contribution, we realize user-specified per-data item privacy policies and enable in- frastructure providers to adhere to them. We furthermore support service providers in building privacy-preserving cloud services for the Internet of Things in the context of our third contribution by enabling the transparent processing of protected data and by introducing a distributed architecture to secure the control over devices and networks. Finally, with our fourth contribution, we propose a decentralized cloud infrastructure that enables users who strongly distrust cloud providers to completely shift certain services away from the cloud by cooperating with other users. The contributions of this dissertation highlight that it is both promising and feasible to apply cooperation of different actors to strengthen users’ privacy and consequently enable more corporate and private users to benefit from cloud computing. Kurzfassung Cloud Computing ermöglicht es Dienstebetreibern auf die Ressourcen von Clou- danbietern zurück zugreifen, anstatt eine eigene Infrastruktur betreiben zu müssen. Dabei bietet Cloud Computing viele Vorteile gegenüber dem traditionellen Betrieb von Diensten, z. B. Ausfallsicherheit, Skalierbarkeit, Kosteneinsparungen und Be- nutzerfreundlichkeit. Von diesen Vorteilen profitieren nicht nur die Dienstebetreiber selbst, sondern auch deren Nutzer. Infolgedessen beobachten wir einen deutlichen Trend zur Verlagerung von Diensten in die Cloud. Allerdings wird dieser Trend durch gravierende Privatsphäreprobleme eingeschränkt. Dies zeigen beispielsweise aktuelle Privatsphäreverstöße, wie die globale Überwachungsaffäre. Diese Privat- sphäreprobleme resultieren aus der technischen Komplexität und der mangelnden Transparenz von Cloud Computing, Unklarheiten über die für Nutzerdaten gelten- den Rechtsvorschriften, dem zentralisierten Markt von Cloudangeboten sowie der fehlenden Kontrolle von Nutzern über den Umgang mit ihren Daten in der Cloud. Diese Privatsphäreprobleme zu lösen ist entscheidend, damit möglichst viele Unter- nehmen und Privatanwender von den Vorteilen des Cloud Computings profitieren können. In der Tat beobachten wir beispielsweise, dass Cloudanbieter bereits heute spezielle Rechenzentren in Ländern mit strengen Datenschutzbestimmungen betrei- ben. Aus wissenschaftlicher Sicht existieren zudem technische Ansätze zur Stärkung der Privatsphäre, beispielsweise durch Verschlüsselung auf der Nutzerseite oder ba- sierend auf vertrauenswürdiger Hardware auf der Diensteseite. Trotz dieser stetigen Bemühungen fehlen nach wie vor die notwendigen technischen Mittel, um Privat- sphäre im Cloud Computing umfassend zu adressieren. In dieser Dissertation gehen wir die drängenden Privatsphäreprobleme des Cloud Computings aus einer anderen Perspektive an: Anstatt uns auf einzelne Akteure zu fokussieren, konzentrieren wir uns auf Kooperationen zwischen den verschiedenen Akteuren, d.h. Nutzern, Dienstebetreibern und Infrastrukturanbietern, um die inhä- renten Privatsphäreprobleme zu bewältigen. Alle diese Akteure haben klare Anreize, sich um Privatsphärefragen zu kümmern. Im Rahmen dieser Dissertation präsentie- ren wir technische Ansätze, die es jedem von ihnen ermöglichen, dies umzusetzen. Als ersten Beitrag unterstützen wir Nutzer indem wir ihre Cloudnutzung im Kontext von E-Mail-Diensten und Smartphone-Apps aufdecken und ihnen ermöglichen, ih- re Cloudnutzung anonym miteinander zu vergleichen. Mit unserem zweiten Beitrag