Fragmentation and Encryption to Enforce Privacy in Data Storage Valentina Ciriani 1 , Sabrina De Capitani di Vimercati 1 , Sara Foresti 1 , Sushil Jajodia 2 , Stefano Paraboschi 3 , and Pierangela Samarati 1 1 Universit`a degli Studi di Milano, 26013 Crema, Italia {ciriani,decapita,foresti,samarati}@dti.unimi.it 2 George Mason University, Fairfax, VA 22030-4444 jajodia@gmu.edu 3 Universit`a degli Studi di Bergamo, 24044 Dalmine, Italia parabosc@unibg.it Abstract. Privacy requirements have an increasing impact on the real- ization of modern applications. Technical considerations and many sig- nificant commercial and legal regulations demand today that privacy guarantees be provided whenever sensitive information is stored, pro- cessed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper we address this problem and propose a solution to enforce privacy over data collections by combining data fragmentation with en- cryption. The idea behind our approach is to use encryption as an un- derlying (conveniently available) measure for making data unintelligible, while exploiting fragmentation as a way to break sensitive associations between information. Key words: Privacy, fragmentation, encryption. 1 Introduction Information is today probably the most important and valued resource. Private and governmental organizations are increasingly gathering vast amounts of data, which are collected and maintained, and often include sensitive personally iden- tifiable information. In such a scenario guaranteeing the privacy of the data, be them stored in the system or communicated to external parties, becomes a primary requirement. Individuals, privacy advocates, and legislators are today putting more and more attention on the support of privacy over collected information. Regulations are increasingly being established responding to these demands, forcing organi- zations to provide privacy guarantees over sensitive information when storing, processing or sharing it with others. Most recent regulations (e.g., [2, 14]) require © Springer-Verlag, Lecture Notes in Computer Science, (2008) http://www.springerlink.com/content/x02404845g538663/fulltext.pdf