Securing Cloud Data Under Key Exposure
Abstract
Recent news reveals a powerful attacker that breaks data confidentiality by acquiring cryptographic keys through coercion or backdoors in cryptographic software. Securing Cloud Data under Key Exposure Once the encryption key is exposed, restricting the attacker’s access to the ciphertext is the only viable measure to preserve data confidentiality. For example, this can be achieved by spreading ciphertext blocks across servers in multiple administrative domains—thus assuming the opponent cannot compromise them all.
In this Securing Cloud Data Under Key Exposure paper, we study data confidentiality against an adversary who knows the encryption key and has access to a large fraction of the ciphertext blocks.
System Configuration
H/W System Configuration
Speed : 1.1 GHz
RAM : 256 MB(min)
Hard Disk : 20 GB
Floppy Drive : 1.44 MB
Key Board : Standard Windows Keyboard
Mouse : Two or Three Button Mouse
Monitor : SVGA
S/W System Configuration
Platform : cloud computing
Operating system : Windows Xp,7,
Server : WAMP/Apache
Working on : Browser Like Firefox, IE
Conclusion
We addressed the problem of securing data outsourced to the cloud against an adversary having access to the encryption key in this paper. To that end, we introduced a novel security definition that captures confidentiality of data against the new adversary. We analyzed Bastion’s security and in realistic settings evaluated its performance. Bastion significantly improves (by more than 50 percent) the performance of existing primitives offering comparable security under key exposure and only incurs a negligible overhead (less than 5 percent) when compared to existing semi-secure encryption modes (e.g. CTR encryption mode).
