Secure data-sharing using distributed environmental matching keys

Abstract

In the past decade, with the development of data-sharing on cloud storage, people can access their personal or commercial data stored in different systems or devices anytime and anywhere. However, the shared data is distributed over many cloud storages. This may increase the risk of unauthorized access or even insider threats. Many commercial cloud storages provide data encryption service with extra charge; however, such service often encrypts data by using only one encryption key. When the authorized users of one group would like to access the shared data, they need to own the same decryption key, i.e., group key, which may rise the risk of data leakage, especially when the key is hacked. Multi-key encryption is another way to protect the shared data. But it is hard to manage multiple keys and share them with other authorized users, especially in a cloud environment. To provide a secure and effective data sharing method in a cloud environment, in this paper, we construct a secure cloud data encryption protocol, named the Environmental Matching key based Data- Sharing protocol (EMaDS in short). The EMaDS encrypts shared data by using one encryption key which combines several environmental matching keys derived from authorized user’s password and a trust device’s hardware/software configuration. Our security analyses show that the EMaDS is able to resist machine-specific data leakage, replay attack, eavesdropping attack, impersonation attack, forgery attack, and known-key attack. Besides, the mathematical proof also shows the probability with which to generate the same environmental matching key by using the same trusted device is less than 1wm×w!, where w is the number of parameters of a trusted device, and m is the number of parameters chosen for generating environmental matching key. When the trusted device is different, it is absolutely impossible to generate the same environmental matching key. These analyses conclude that the EMaDS is very suitable for group data sharing under heterogeneous environments and is practically useful in business.