<p>Encryption is the most direct technique to protect data confidentiality when users outsource their data to the cloud. Typically, ciphertexts are stored in the cloud, while cryptographic keys are managed by a key management server (KMS). However, this approach introduces new challenges in securely managing both keys and ciphertexts. Specifically, two crucial issues remain unresolved. One is that the simultaneous leakage of data encryption key and ciphertexts stored in cloud can directly compromise user data. Another is that if the cloud and KMS collude, they can trivially retrieve user data. In this work, we propose a Password-protected Encrypted Cloud Storage scheme PECS that is resilient to the aforementioned leakage and collusion attacks. In PECS, the users can encrypt/decrypt their data using only a password without storing any key material, and neither the cloud nor KMS learns any information about the user data or keys. Technically, we introduce a re-encryption mechanism performed by the cloud to prevent an adversary from obtaining the original ciphertexts. Furthermore, the user encrypts key wrap before sending it to the cloud, under a pair of password-derived secret and public key. Both the data encryption keys and password are protected from being exposed by the servers through an oblivious pseudorandom function (OPRF). Provable security and efficiency of PECS are demonstrated through comprehensive analyses.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Securing leakage and collusion attacks on encrypted cloud storage using memorizable passwords

  • Shihan Qin,
  • Rui Zhang,
  • Hui Ma

摘要

Encryption is the most direct technique to protect data confidentiality when users outsource their data to the cloud. Typically, ciphertexts are stored in the cloud, while cryptographic keys are managed by a key management server (KMS). However, this approach introduces new challenges in securely managing both keys and ciphertexts. Specifically, two crucial issues remain unresolved. One is that the simultaneous leakage of data encryption key and ciphertexts stored in cloud can directly compromise user data. Another is that if the cloud and KMS collude, they can trivially retrieve user data. In this work, we propose a Password-protected Encrypted Cloud Storage scheme PECS that is resilient to the aforementioned leakage and collusion attacks. In PECS, the users can encrypt/decrypt their data using only a password without storing any key material, and neither the cloud nor KMS learns any information about the user data or keys. Technically, we introduce a re-encryption mechanism performed by the cloud to prevent an adversary from obtaining the original ciphertexts. Furthermore, the user encrypts key wrap before sending it to the cloud, under a pair of password-derived secret and public key. Both the data encryption keys and password are protected from being exposed by the servers through an oblivious pseudorandom function (OPRF). Provable security and efficiency of PECS are demonstrated through comprehensive analyses.