We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.

Skip main navigation

Preserving privacy in cloud storage: privacy by design

Sia and Niamh describe and example privacy tool
In this week, we have talked about the trade off between usability and privacy. An example of this trade off is when we’re using a cloud storage app, like Dropbox. So basically what happens here is that I’m putting my files on the Dropbox server, I get the convenience of being able to access it on multiple devices. But on the other hand, I’m giving away the content of my file. So I’m basically trading my privacy to gain a bit of usability. One of the projects that we have been working on in Newcastle is developing privacy preserving cloud storage apps. And here I have with me Niamh, who is a postgraduate student here in Newcastle University.
And he has been working on developing a privacy preserving app. Niamh, would you be able to tell us a bit more about this app that you have been working on? So at the moment, we’re developing it for Android. But I hope to get it on more platforms later on. How it actually works is it uses a secret sharing technique, which essentially takes your piece of data and splits it into loads of shares. These shares are then put on different cloud storages, so one would be on Dropbox, one would be on Google Drive. And then to reassemble your data, you just get all the shares and then reassemble them. So when you’re uploading a file, for example, you split.
And then when you’re downloading, you would then fetch each one and reassemble. Does this splitting and reassembling introduce a new layer of sort of difficulty for the user? No. So this is just as easy to use as any other currently available apps, such as Dropbox. When the user uploads, then all they do is select the file and press upload. And in the background, the splitting takes place. This is all hidden from the user. And then the same again with the downloading, where the user chooses the file they want to download, hits download, and then each of the shares is fetched from each cloud storage and reassembled and the original piece of data is given to the user.
And how would you compare the usability of this app with another mainstream app like Dropbox? It’s fairly similar. A lot of the features, such as syncing still work. So because the data is stored on each cloud storage provider, all you need is the algorithm on the device to be able to access the data. So as long as you can put the algorithm on a phone or on the laptop, then you can access the data from anywhere. And how does this app make sure that the privacy of the content of the data is preserved? So how the secret sharing actually works is that each share is completely random. So no information about the original data is given.
Even if you put two shares together, then it’s still completely random. And no information about the data is given. These shares, what happens if one of them gets corrupt or is just unavailable? So you can actually set up the algorithm so that if it’s, for example, split into five shares, you can give it a minimum threshold so that it can be reassembled with, say, just three. So if you split it into five and you have five cloud storages and one goes down, then you can still reassemble with the remaining four. Thank you, Niamh. Thanks. So that was an example of the efforts going on in the academia to develop new privacy preserving and privacy enhancing technologies.
There are substantial efforts in university research and industry to develop privacy-preserving tools that enable users only to reveal necessary data in the first place.
The concept of privacy by design refers to the practice of designing applications that work based on minimum data required.
In this video Sia and Niamh talk about an example of a remote storage app being developed in Newcastle University according to the concept of privacy by design.
The app enables the user to store their files on remote storage services without requiring to disclose the content of their files. It uses a cryptographic technique called secret sharing which enables a file to be split into ‘shares’ in a way that each share on its own does not reveal anything about the content of the file, but when shares are put together the file can be reconstructed. The app first uses secret sharing to split the file and then stores each of the shares on a separate remote storage service.
Splitting data goes back to the old saying of “Don’t keep all your eggs in one basket”. Where if a hacker finds out your passcode, he will have access to all of your data. However, if you split this data up and hide it behind different passcodes, a hacker that manages to learn one of these codes can also access only part of your data and not the full amount.
The discussed app is going through further development and is not yet available in app stores. You could contribute to projects like this by coming to study at Newcastle University School of Computing with us.
This article is from the free online

Cyber Security: Safety at Home, Online, in Life

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education