Cloud Data Sharing and Device-Loss Recovery with Hardware-Bound Keys

Felix Hörandner, Franco Nieddu

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Cloud-based storage services, such as Dropbox, Google Drive, or NextCloud, are broadly used to share data with others or between the individual devices of one user due to their convenience. Various end-to-end encryption mechanisms can be applied to protect the confidentiality of sensitive data in a not fully trusted cloud environment. As all such encryption mechanisms require to store keys on the client's device, losing a device (and key) might lead to catastrophic consequences: Losing access to all outsourced data. Strategies to recover from key-loss have various trade-offs. For example, storing the key on a flash drive burdens the user to keep it secure and available, while encrypting the key with a password before uploading it to the cloud requires users to remember a complex password. These strategies also require that the key can be extracted from the device's hardware, which risks the confidentiality of the key and data once a curious person finds a lost device or a thief steals it.

In this paper, we propose and implement a cloud-based data sharing system that supports recovery after key-loss while binding the keys to the devices' hardware. By using multi-use proxy re-encryption, we build a network of re-encryption keys that enables users to use any of their devices to access data or share it with other users. In case of device-loss, we amend this network of re-encryption keys -- potentially with the help of one or more user-selected recovery users -- to restore data access to the user's new device. Our implementation highlights the system's feasibility and underlines its practical performance.
Original languageEnglish
Title of host publication15th International Conference on Information Systems Security, ICISS 2019
PublisherSpringer
Pages196-217
Volume11952
ISBN (Electronic)978-3-030-36945-3
ISBN (Print)978-3-030-36944-6
DOIs
Publication statusPublished - 2019
Event15th International Conference on Information Systems Security: ICISS 2019 - Hyderabad, India
Duration: 16 Dec 201920 Dec 2019
Conference number: 2019
https://www.idrbt.ac.in/ICISS-2019/

Publication series

NameInformation Systems Security
PublisherSpringer, Cham
Volume11952
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Information Systems Security
Abbreviated titleICISS
Country/TerritoryIndia
CityHyderabad
Period16/12/1920/12/19
Internet address

Fingerprint

Dive into the research topics of 'Cloud Data Sharing and Device-Loss Recovery with Hardware-Bound Keys'. Together they form a unique fingerprint.

Cite this