Private Editing Using Untrusted Cloud Services

May 4th, 2011 by David Evans

Our paper on how to use untrusted cloud services like Google Docs to edit and manage documents, without trusting them with your content, is now available:

Yan Huang and David Evans. Private Editing Using Untrusted Cloud Services. Second International Workshop on Security and Privacy in Cloud Computing. Minneapolis, Minnesota. 24 June 2011. [PDF, 10 pages]

Yan will present the paper at the workshop on June 24.


We present a general methodology for protecting the confidentiality and integrity of user data for a class of on-line editing applications. The key insight is that many of these applications are designed to perform most of their data-dependent computation on the client side, so it is possible to maintain their functionality while only exposing an encrypted version of the document to the server. We apply our methodology to Google Documents and describe a prototype extension tool that enables users to use a cloud application to manage their documents without sacrificing confidentiality or integrity. To provide adequate performance, we employ an incremental encryption scheme and extend it to support variable-length blocks. We analyze the security of our scheme and report on experiments that show our extension preserves most of the cloud application’s functionality with less than 10% overhead for typical use.

One Response to “Private Editing Using Untrusted Cloud Services”

  1. David Evans Says:

    See also Nate Lawson’s comments on this: Encrypted Google Docs done well, Root Labs, 9 May 2011. [Hacker News]