{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:21:12Z","timestamp":1750220472283,"version":"3.41.0"},"reference-count":66,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,11,23]],"date-time":"2021-11-23T00:00:00Z","timestamp":1637625600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Northrop Grumman Cybersecurity Research Consortium, Amazon AWS, Cisco Systems","award":["585544"],"award-info":[{"award-number":["585544"]}]},{"DOI":"10.13039\/100000185","name":"DARPA","doi-asserted-by":"crossref","award":["N11AP20014"],"award-info":[{"award-number":["N11AP20014"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"crossref"}]},{"name":"NSF TC","award":["1117065"],"award-info":[{"award-number":["1117065"]}]},{"name":"NSF TWC","award":["1421910"],"award-info":[{"award-number":["1421910"]}]},{"name":"NSF CSR","award":["1618923"],"award-info":[{"award-number":["1618923"]}]},{"name":"European Research Council","award":["FP7-617805"],"award-info":[{"award-number":["FP7-617805"]}]},{"DOI":"10.13039\/501100001659","name":"German Research Foundation","doi-asserted-by":"crossref","award":["SFB-1053"],"award-info":[{"award-number":["SFB-1053"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Multi-mechanism Adaptation for Future Internet","award":["01IS17050"],"award-info":[{"award-number":["01IS17050"]}]},{"name":"German Federal Ministry of Education and Research"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2022,2,28]]},"abstract":"<jats:p>With the advent of the Internet of things (IoT), billions of devices are expected to continuously collect and process sensitive data (e.g., location, personal health factors). Due to the limited computational capacity available on IoT devices, the current de facto model for building IoT applications is to send the gathered data to the cloud for computation. While building private cloud infrastructures for handling large amounts of data streams can be expensive, using low-cost public (untrusted) cloud infrastructures for processing continuous queries including sensitive data leads to strong concerns over data confidentiality.<\/jats:p>\n          <jats:p>This article presents C3PO, a confidentiality-preserving, continuous query processing engine, that leverages the public cloud. The key idea is to intelligently utilize partially homomorphic and property-preserving encryption to perform as many computationally intensive operations as possible\u2014without revealing plaintext\u2014in the untrusted cloud. C3PO provides simple abstractions to the developer to hide the complexities of applying complex cryptographic primitives, reasoning about the performance of such primitives, deciding which computations can be executed in an untrusted tier, and optimizing cloud resource usage. An empirical evaluation with several benchmarks and case studies shows the feasibility of our approach. We consider different classes of IoT devices that differ in their computational and memory resources (from a Raspberry Pi 3 to a very small device with a Cortex-M3 microprocessor) and through the use of optimizations, we demonstrate the feasibility of using partially homomorphic and property-preserving encryption on IoT devices.<\/jats:p>","DOI":"10.1145\/3472717","type":"journal-article","created":{"date-parts":[[2021,11,23]],"date-time":"2021-11-23T23:50:55Z","timestamp":1637711455000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["C3PO:\n            <u>C<\/u>\n            loud-based\n            <u>C<\/u>\n            onfidentiality-preserving\n            <u>C<\/u>\n            ontinuous Query\n            <u>P<\/u>\n            r\n            <u>o<\/u>\n            cessing"],"prefix":"10.1145","volume":"25","author":[{"given":"Savvas","family":"Savvides","sequence":"first","affiliation":[{"name":"Fortanix Inc. USA ,\u00a0and\u00a0 Purdue University, Mountain View, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seema","family":"Kumar","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Darmstadt, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julian James","family":"Stephen","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Yorktown, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrick","family":"Eugster","sequence":"additional","affiliation":[{"name":"Universit\u00e0 della Svizzera italiana, Switzerland, Purdue University USA, TU Darmstadt Germany, \u00a0and\u00a0SensorHound Inc., USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,11,23]]},"reference":[{"key":"e_1_3_2_2_2","first-page":"480","volume-title":"International Conference on Very Large Data Bases (VLDB)","author":"Arasu Arvind","year":"2004","unstructured":"Arvind Arasu, Mitch Cherniack, Eduardo F. Galvez, David Maier, Anurag Maskey, Esther Ryvkina, Michael Stonebraker, and Richard Tibbetts. 2004. Linear road: A stream data management benchmark. In International Conference on Very Large Data Bases (VLDB). 480\u2013491."},{"doi-asserted-by":"publisher","key":"e_1_3_2_3_2","DOI":"10.1145\/2668930.2688055"},{"unstructured":"ARM TrustZone 2020. Retrieved from https:\/\/developer.arm.com\/ip-products\/security-ip\/trustzone.","key":"e_1_3_2_4_2"},{"issue":"112","key":"e_1_3_2_5_2","first-page":"108","article-title":"Smart*: An open data set and tools for enabling research in sustainable homes","volume":"111","author":"Barker Sean","year":"2012","unstructured":"Sean Barker, Aditya Mishra, David Irwin, Emmanuel Cecchet, Prashant Shenoy, and Jeannie Albrecht. 2012. Smart*: An open data set and tools for enabling research in sustainable homes. Workshop on Data Mining Applications in Sustainability 111, 112 (2012), 108.","journal-title":"Workshop on Data Mining Applications in Sustainability"},{"key":"e_1_3_2_6_2","first-page":"120","volume-title":"Workshop on Selected Areas of Cryptography","author":"Benaloh Josh","year":"1994","unstructured":"Josh Benaloh. 1994. Dense probabilistic encryption. In Workshop on Selected Areas of Cryptography. 120\u2013128."},{"unstructured":"BigDigits Multiple Precision Arithmetic Library 2020. Retrieved from http:\/\/www.di-mgt.com.au\/bigdigits.html.","key":"e_1_3_2_7_2"},{"doi-asserted-by":"publisher","key":"e_1_3_2_8_2","DOI":"10.1007\/978-3-642-01001-9_13"},{"doi-asserted-by":"publisher","key":"e_1_3_2_9_2","DOI":"10.17487\/rfc7228"},{"key":"e_1_3_2_10_2","first-page":"835","volume-title":"Networked System Design and Implementation. (NSDI)","author":"Burkhalter Lukas","year":"2020","unstructured":"Lukas Burkhalter, Anwar Hithnawi, Alexander Viand, Hossein Shafagh, and Sylvia Ratnasamy. 2020. TimeCrypt: Encrypted data stream processing at scale with cryptographic access control. In Networked System Design and Implementation. (NSDI). 835\u2013850."},{"doi-asserted-by":"publisher","key":"e_1_3_2_11_2","DOI":"10.1109\/TMC.2003.1195151"},{"key":"e_1_3_2_12_2","first-page":"1789","volume-title":"IEEE International Parallel and Distributed Processing Symposium (IPDPS)","author":"Chintapalli Sanket","year":"2016","unstructured":"Sanket Chintapalli, Derek Dagit, Bobby Evans, Reza Farivar, Thomas Graves, Mark Holderbaugh, Zhuo Liu, Kyle Nusbaum, Kishorkumar Patil, Boyang Peng, and Paul Poulosky. 2016. Benchmarking streaming computation engines: Storm, Flink and Spark streaming. In IEEE International Parallel and Distributed Processing Symposium (IPDPS). 1789\u20131792."},{"key":"e_1_3_2_13_2","article-title":"Contact tracing mobile apps for COVID-19: Privacy considerations and related trade-offs","volume":"2003","author":"Cho Hyunghoon","year":"2020","unstructured":"Hyunghoon Cho, Daphne Ippolito, and Yun William Yu. 2020. Contact tracing mobile apps for COVID-19: Privacy considerations and related trade-offs. CoRR abs\/2003.11511 (2020).","journal-title":"CoRR"},{"doi-asserted-by":"publisher","key":"e_1_3_2_14_2","DOI":"10.1007\/978-3-662-04722-4"},{"doi-asserted-by":"publisher","key":"e_1_3_2_15_2","DOI":"10.1007\/3-540-44586-2_9"},{"doi-asserted-by":"publisher","key":"e_1_3_2_16_2","DOI":"10.1007\/978-3-319-12060-7_10"},{"key":"e_1_3_2_17_2","volume-title":"The Transport Layer Security (TLS) Protocol","author":"Dierks Tim","year":"2008","unstructured":"Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol. RFC 5246. RFC Editor. Retrieved from http:\/\/www.rfc-editor.org\/rfc\/rfc5246.txt."},{"doi-asserted-by":"publisher","key":"e_1_3_2_18_2","DOI":"10.1109\/MPRV.2018.2877286"},{"doi-asserted-by":"publisher","key":"e_1_3_2_19_2","DOI":"10.1109\/TIT.1985.1057074"},{"key":"e_1_3_2_20_2","first-page":"519","volume-title":"International Conference on Very Large Data Bases (VLDB)","author":"Ge Tingjian","year":"2007","unstructured":"Tingjian Ge and Stanley B. Zdonik. 2007. Answering aggregation queries in a secure system model. In International Conference on Very Large Data Bases (VLDB). 519\u2013530."},{"key":"e_1_3_2_21_2","first-page":"169","volume-title":"Symposium on Theory of Computing (STOC)","author":"Gentry Craig","year":"2009","unstructured":"Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In Symposium on Theory of Computing (STOC). 169\u2013178."},{"doi-asserted-by":"publisher","key":"e_1_3_2_22_2","DOI":"10.1007\/978-3-642-32009-5_49"},{"doi-asserted-by":"publisher","key":"e_1_3_2_23_2","DOI":"10.5220\/0006461202000211"},{"doi-asserted-by":"publisher","key":"e_1_3_2_24_2","DOI":"10.1016\/0022-0000(84)90070-9"},{"key":"e_1_3_2_25_2","first-page":"655","volume-title":"IEEE Symposium on Security and Privacy (SP)","author":"Grubbs Paul","year":"2017","unstructured":"Paul Grubbs, Kevin Sekniqi, Vincent Bindschaedler, Muhammad Naveed, and Thomas Ristenpart. 2017. Leakage-abuse attacks against order-revealing encryption. In IEEE Symposium on Security and Privacy (SP). 655\u2013672."},{"key":"e_1_3_2_26_2","first-page":"243","volume-title":"Conference on Networked Systems Design and Implementation (NSDI)","author":"Gupta Trinabh","year":"2014","unstructured":"Trinabh Gupta, Rayman Preet Singh, Amar Phanishayee, Jaeyeon Jung, and Ratul Mahajan. 2014. Bolt: Data management for connected homes. In Conference on Networked Systems Design and Implementation (NSDI). 243\u2013256."},{"doi-asserted-by":"publisher","key":"e_1_3_2_27_2","DOI":"10.1145\/2660267.2660297"},{"doi-asserted-by":"publisher","key":"e_1_3_2_28_2","DOI":"10.1007\/978-3-540-45146-4_28"},{"key":"e_1_3_2_29_2","first-page":"75","volume-title":"Symposium on Scala (SCALA)","author":"Hauck Markus","year":"2016","unstructured":"Markus Hauck, Savvas Savvides, Patrick Eugster, Mira Mezini, and Guido Salvaneschi. 2016. SecureScala: Scala embedding of secure computations. In Symposium on Scala (SCALA). 75\u201384."},{"doi-asserted-by":"publisher","key":"e_1_3_2_30_2","DOI":"10.1145\/3093742.3093927"},{"unstructured":"Identity Verification and End-to-End Encryption 2020. Retrieved from https:\/\/keybase.io\/.","key":"e_1_3_2_31_2"},{"doi-asserted-by":"publisher","key":"e_1_3_2_32_2","DOI":"10.23919\/DATE.2017.7926999"},{"doi-asserted-by":"publisher","key":"e_1_3_2_33_2","DOI":"10.1145\/2810103.2813629"},{"key":"e_1_3_2_34_2","first-page":"344","volume-title":"European Symposium on Research in Computer Security","author":"Kerschbaum Florian","year":"2019","unstructured":"Florian Kerschbaum and Anselme Tueno. 2019. An efficiently searchable encrypted data structure for range queries. In European Symposium on Research in Computer Security. 344\u2013364."},{"doi-asserted-by":"publisher","key":"e_1_3_2_35_2","DOI":"10.1145\/2723372.2742788"},{"key":"e_1_3_2_36_2","first-page":"1519","volume-title":"USENIX Security Conference","author":"Kumar Sam","year":"2019","unstructured":"Sam Kumar, Yuncong Hu, Michael P. Andersen, Raluca Ada Popa, and David E. Culler. 2019. JEDI: Many-to-many end-to-end encryption and key delegation for IoT. In USENIX Security Conference. 1519\u20131536."},{"key":"e_1_3_2_37_2","first-page":"740","volume-title":"International Conference on Cloud Computing","author":"Li Fei","year":"2013","unstructured":"Fei Li, Michael V\u00f6gler, Markus Claessens, and Schahram Dustdar. 2013. Efficient and scalable IoT service delivery on cloud. In International Conference on Cloud Computing. IEEE Computer Society, 740\u2013747."},{"doi-asserted-by":"publisher","key":"e_1_3_2_38_2","DOI":"10.1145\/3124441"},{"key":"e_1_3_2_39_2","volume-title":"Networks and Distributed Systems Security Symposium (NDSS)","author":"Modadugu Nagendra","year":"2004","unstructured":"Nagendra Modadugu and Eric Rescorla. 2004. The design and implementation of datagram TLS. In Networks and Distributed Systems Security Symposium (NDSS)."},{"doi-asserted-by":"publisher","key":"e_1_3_2_40_2","DOI":"10.1145\/2810103.2813651"},{"doi-asserted-by":"publisher","key":"e_1_3_2_41_2","DOI":"10.14778\/3137765.3137770"},{"key":"e_1_3_2_42_2","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/BSN.2006.27","volume-title":"International Workshop on Wearable and Implantable Body Sensor Networks (BSN)","author":"Oliver Nuria","year":"2006","unstructured":"Nuria Oliver and Fernando Flores-Mangas. 2006. HealthGear: A real-time wearable system for monitoring and analyzing physiological signals. In International Workshop on Wearable and Implantable Body Sensor Networks (BSN). 61\u201364."},{"unstructured":"OpenSSL Multiple Precision Arithmetic Library 2020. Retrieved from https:\/\/www.openssl.org.","key":"e_1_3_2_43_2"},{"doi-asserted-by":"publisher","key":"e_1_3_2_44_2","DOI":"10.1007\/3-540-48910-X_16"},{"doi-asserted-by":"publisher","key":"e_1_3_2_45_2","DOI":"10.1007\/978-3-642-29011-4_23"},{"key":"e_1_3_2_46_2","first-page":"587","volume-title":"Symposium on Operating Systems Design and Implementation (OSDI)","author":"Papadimitriou Antonis","year":"2016","unstructured":"Antonis Papadimitriou, Ranjita Bhagwan, Nishanth Chandran, Ramachandran Ramjee, Andreas Haeberlen, Harmeet Singh, Abhishek Modi, and Saikrishna Badrinarayanan. 2016. Big data analytics over encrypted datasets with Seabed. In Symposium on Operating Systems Design and Implementation (OSDI). 587\u2013602."},{"doi-asserted-by":"publisher","key":"e_1_3_2_47_2","DOI":"10.14778\/3342263.3342641"},{"key":"e_1_3_2_48_2","first-page":"463","volume-title":"IEEE Symposium on Security and Privacy (SP)","author":"Popa Raluca Ada","year":"2013","unstructured":"Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich. 2013. An ideal-security protocol for order-preserving encoding. In IEEE Symposium on Security and Privacy (SP). 463\u2013477."},{"key":"e_1_3_2_49_2","first-page":"85","volume-title":"Symposium on Operating Systems Principles (SOSP)","author":"Popa Raluca A.","year":"2011","unstructured":"Raluca A. Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In Symposium on Operating Systems Principles (SOSP). 85\u2013100."},{"unstructured":"Public cloud security incident 2020. Retrieved from https:\/\/www.helpnetsecurity.com\/2020\/07\/09\/public-cloud-security-incident\/.","key":"e_1_3_2_50_2"},{"issue":"11","key":"e_1_3_2_51_2","first-page":"169","article-title":"On data banks and privacy homomorphisms","volume":"4","author":"Rivest Ronald L.","year":"1978","unstructured":"Ronald L. Rivest, Len Adleman, Michael L. Dertouzos, et\u00a0al. 1978. On data banks and privacy homomorphisms. Found. Sec. Comput. 4, 11 (1978), 169\u2013180.","journal-title":"Found. Sec. Comput."},{"unstructured":"Savvas Savvides. 2020. Practical Confidentiality-Preserving Data Analytics in Untrusted Clouds. DOI:https:\/\/doi.org\/10.25394\/PGS.12645440.v1","key":"e_1_3_2_52_2"},{"doi-asserted-by":"publisher","key":"e_1_3_2_53_2","DOI":"10.14778\/3389133.3389144"},{"key":"e_1_3_2_54_2","first-page":"479","volume-title":"Symposium on Cloud Computing (SoCC)","author":"Savvides Savvas","year":"2017","unstructured":"Savvas Savvides, Julian James Stephen, Masoud Saeida Ardekani, Vinaitheerthan Sundaram, and Patrick Eugster. 2017. Secure data types: A simple abstraction for confidentiality-preserving data analytics. In Symposium on Cloud Computing (SoCC). 479\u2013492."},{"unstructured":"Securely Connect any Device 2020. Retrieved from https:\/\/www.zerotier.com\/.","key":"e_1_3_2_55_2"},{"key":"e_1_3_2_56_2","first-page":"2469","volume-title":"USENIX Security Conference","author":"Shafagh Hossein","year":"2020","unstructured":"Hossein Shafagh, Lukas Burkhalter, Sylvia Ratnasamy, and Anwar Hithnawi. 2020. Droplet: Decentralized authorization and access control for encrypted data streams. In USENIX Security Conference. 2469\u20132486."},{"doi-asserted-by":"publisher","key":"e_1_3_2_57_2","DOI":"10.1145\/3131672.3131697"},{"doi-asserted-by":"publisher","key":"e_1_3_2_58_2","DOI":"10.1145\/2809695.2809723"},{"key":"e_1_3_2_59_2","first-page":"44","volume-title":"IEEE Symposium on Security and Privacy (SP)","author":"Song Dawn Xiaodong","year":"2000","unstructured":"Dawn Xiaodong Song, David A. Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In IEEE Symposium on Security and Privacy (SP). 44\u201355."},{"key":"e_1_3_2_60_2","volume-title":"Workshop on Hot Topics in Cloud Computing (HotCloud)","author":"Stephen Julian James","year":"2014","unstructured":"Julian James Stephen, Savvas Savvides, Russell Seidel, and Patrick Eugster. 2014. Practical confidentiality preserving big data analysis. In Workshop on Hot Topics in Cloud Computing (HotCloud). USENIX Association."},{"key":"e_1_3_2_61_2","first-page":"277","volume-title":"International Conference on Automated Software Engineering (ASE)","author":"Stephen Julian James","year":"2014","unstructured":"Julian James Stephen, Savvas Savvides, Russell Seidel, and Patrick Th. Eugster. 2014. Program analysis for secure big data processing. In International Conference on Automated Software Engineering (ASE). ACM, 277\u2013288."},{"key":"e_1_3_2_62_2","first-page":"348","volume-title":"Symposium on Cloud Computing (SoCC)","author":"Stephen Julian James","year":"2016","unstructured":"Julian James Stephen, Savvas Savvides, Vinaitheerthan Sundaram, Masoud Saeida Ardekani, and Patrick Eugster. 2016. STYX: Stream processing with trustworthy cloud-based execution. In Symposium on Cloud Computing (SoCC). 348\u2013360."},{"unstructured":"The GNU Multiple Precision Arithmetic Library 2020. Retrieved from https:\/\/www.gmplib.org.","key":"e_1_3_2_63_2"},{"unstructured":"Chris Whong. 2014. FOILing NYC\u2019s Taxi Trip Data. Retrieved from http:\/\/chriswhong.com\/open-data\/foil_nyc_taxi.","key":"e_1_3_2_64_2"},{"doi-asserted-by":"publisher","key":"e_1_3_2_65_2","DOI":"10.1007\/s10916-016-0644-9"},{"doi-asserted-by":"publisher","key":"e_1_3_2_66_2","DOI":"10.1109\/TPDS.2008.23"},{"key":"e_1_3_2_67_2","volume-title":"Workshop on Hot Topics in Cloud Computing (HotCloud)","author":"Zaharia Matei","year":"2012","unstructured":"Matei Zaharia, Tathagata Das, Haoyuan Li, Scott Shenker, and Ion Stoica. 2012. Discretized streams: An efficient and fault-tolerant model for stream processing on large clusters. In Workshop on Hot Topics in Cloud Computing (HotCloud)."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3472717","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3472717","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3472717","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:35Z","timestamp":1750193315000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3472717"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,23]]},"references-count":66,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,2,28]]}},"alternative-id":["10.1145\/3472717"],"URL":"https:\/\/doi.org\/10.1145\/3472717","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2021,11,23]]},"assertion":[{"value":"2020-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-11-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}