TY - GEN
T1 - KaaSP
T2 - 9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015
AU - Aiken, W.
AU - Ryoo, Jungwoo
AU - Kim, Hyoungshick
PY - 2015/1/8
Y1 - 2015/1/8
N2 - Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.
AB - Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.
UR - http://www.scopus.com/inward/record.url?scp=84926171132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84926171132&partnerID=8YFLogxK
U2 - 10.1145/2701126.2701206
DO - 10.1145/2701126.2701206
M3 - Conference contribution
AN - SCOPUS:84926171132
T3 - ACM IMCOM 2015 - Proceedings
BT - ACM IMCOM 2015 - Proceedings
PB - Association for Computing Machinery, Inc
Y2 - 8 January 2015 through 10 January 2015
ER -