Proof of outsourced encryption: cross verification of security service level agreement

Abstract

With the popularity of cloud and edge computing, user data is often stored at third party service providers. Restricted by the available resources, end users may need to outsource the data encryption operations. However, the security service level agreement (SSLA) are usually hard to verify since it is fairly hard for end users to learn the data status at the service providers. In this paper, we investigate the proof of outsourced encryption problem. We first define the expected properties of the proof of encryption (PoE) mechanisms. Depending on the negotiated encryption algorithm in SSLA, we design two verification mechanisms so that end users can query encryption results at service providers to verify the enforcement of SSLA even when they are not aware of the keys. We formally analyze the protocols with BAN logic. Simulation and experiments show that our approaches can detect a dishonest service provider with high probability.