Key management service: Enabling secure sharing and deleting of documents on public clouds

The primary focus of existing secure cloud storage solutions have been on securing data both in motion and at rest. These storage solutions mostly focus on three essential properties: confidentiality, integrity and availability. However, modern enterprise applications demand data can be shared within or across organizations. The challenge is how to securely share data in public clouds using federated identities without increasing data movement and computation costs. Furthermore, the consumer should be able to delete their data in the cloud in the context of collaboration without leaving any traces behind. This problem has been addressed in recent times by utilizing or developing new data encryption techniques such as identitybased encryption, attribute-based encryption and proxy-re-encryption. However, these techniques suffer from scalability and flexibility problems when dealing with big data and support for dynamic and federated access control. This paper presents a novel architecture and corresponding protocols to provide secure sharing and deletion of documents on public cloud services: CloudDocs. This system uses AES for data encryption to achieve scalability, supports identity-based access control rules using private-public key pairs to provide flexibility, and uses independent key management services to support secure deletion, whereby the data is irrecoverable once the keys are destroyed. The key management service also supports dynamic and federated access control.

Keywords

cloud storage, data storage, public clouds, data sharing, data deletion, key management

Citation

Services Transactions on Cloud Computing, 2016, 2016, 4 (2), pp. 15 - 31 (17)

Collections

Journal Articles

Full item page