The solution according to one or more embodiments of the present invention relates to the data-processing field. More specifically, this solution relates to the storing of information in a distributed data-processing environment.
Information security (i.e., the practice of protecting information from undesired actions) is a key issue in modern data-processing systems. Particularly, one of the main aspects of information security is confidentiality of the information (i.e., its protection from unauthorized accesses).
The confidentiality of the information is particularly important in distributed data-processing systems, wherein the information may be shared among multiple computing machines connected over a network (especially when the network is public, such as the Internet). A typical example is in a cloud computing (or simply cloud) infrastructure, wherein users of the network are allowed to access computing resources on-demand as services (referred to as cloud resources and cloud services, respectively); the cloud services are made available by cloud providers, which provision, configure and release the cloud resources upon request (so that they are generally of the virtual type with their actual implementation that is completely opaque to the users).
In this way, the users are relived of the management of the actual physical resources that are needed to implement the cloud resources (for example, their installation and maintenance); particularly, this provides economies of scale, improved exploitation of the physical resources, and high peak-load capacity. Moreover, the users are now allowed to perform tasks (on a pay-per-use basis) that were not feasible previously because of their cost and complexity (especially for individuals or small companies). The de-coupling of the cloud resources from their implementation provides the illusion of an infinite capacity thereof; moreover, the de-localization of the physical resources implementing the cloud resources enables the users to access them from anywhere.
However, the cloud infrastructure poses a number of additional threats to the confidentiality of the information of its users that is stored in the cloud infrastructure. Particularly, the information is continually transmitted over the Internet, wherein it may be intercepted. Moreover, when the cloud providers are third parties, the users loose control of the measures that are implemented to protect it. In any case, the cloud resources assigned to the different users of the cloud infrastructure are not physically segregated; therefore, attacks against the information of any user of the cloud infrastructure may now be launched directly from inside the cloud infrastructure by other users thereof.
The techniques commonly used to enforce the confidentiality of the information (especially in cloud infrastructures) are based on its encryption. Generally speaking, the encryption is the process of transforming information (referred to as plaintext) into a non-intelligible form that conceals its meaning (referred to as chipertext) by means of an algorithm, so that the chipertext may be used by authorized entities only to restore the plaintext with an inverse process (referred to as decryption). The algorithms used to encrypt the plaintext and to decrypt the ciphertext (referred to as a whole as chiper) are generally based on the use of one or more keys (i.e., parameters of the chiper required to produce useful results).
However, none of the encryption techniques that may be used in practice is inherently secure. Therefore, it is not possible to exclude that an attack by a hostile entity whose purpose is of preventing the authorized entities to maintain the confidentiality of the information (referred to as adversary) may be able to gain access to it.
In view of the above, several techniques have been proposed for increasing the security (especially in cloud infrastructures). For example, one known prior art proposes splitting the information into multiple portions that are stored or communicated distinctly, with the original information, the portions of the information or both of them that may also be encrypted. This makes the access to the (encrypted) portions more difficult (especially when they are stored in locations that are geographically remote).
However, in this case as well the same threats pointed out above apply once an adversary has managed to collect all the encrypted portions.