Cloud Encryption Using Distributed Environmental Keys

Abstract

In recent years, cloud storage has been popularly used by people in different areas to store their personal or commercial data so as to make the data able to be accessed anytime and anywhere. However, when data is distributed to many locations, the risk of unauthorized access will increase. To secure cloud storage, data is often encrypted by using one encryption key, which is shared by those people who need to access the data. The key sharing method, unfortunately, dramatically increases the risk of data leakage, particularly when the key is hacked or lost. Another choice is multi-key encryption, which also increases the difficulty of data sharing and usage, especially in a cloud environment. To solve this problem, in this paper, we propose a secure cloud data encryption system, named the Distributed ENvironmental Key (DENK in short), with which all files are encrypted by one encryption key derived from multiple matching keys which are keys derived from authorized users' password keys and a trusted computer's environmental key. An authorized user can decrypt the files on a trusted computer by using one matching key and one auxiliary key provided by system server. The security analyses show that the DENK is able to resist machine-specific data leakage, replay attack, eavesdropping attack, and impersonation attack, and is practically useful in business.