Cloud Security in a “Split”-Second
As the amount of data being generated and transmitted over to the cloud increases, so too do research proposals to combat security issues with advanced cryptography. Often these proposals involve complex policy algorithms and new infrastructures, which work in theory, but would require high overhead in reality.
Dr. Mazhar Ali, however, may have found a simpler answer that offers both increased cloud security and affordable implementation. In his recently-published methodology for secure data sharing in the cloud, he suggests simply splitting encryption keys into two parts so that no single user has access to everything.
Standard data sharing in the cloud involves symmetric encryption, which is the oldest and most popular technique using one key to both encrypt and decrypt files. However, this method presents major security concerns for two reasons: a) it’s too easy for the key to fall into the wrong hands internally, and b) it’s too difficult to frequently modify the key with personnel changes, so departing members can often continue to access sensitive information long after they’re gone.
Rather than restructure the current cloud paradigm, Ali and his team decided to work within it to find a practical solution that could be deployed immediately. The key? Secure Data Sharing in Clouds, or SeDaSC, methodology.
The below image summarizes how SeDaSC works between a user, the cloud platform, and a trusted third-party cryptographic server (CS), which is responsible for key management, encryption, decryption, and access control.
SeDaSC adds an extra checkpoint to the standard process by making the encryption key a basic two-piece jigsaw puzzle that can be defined by the access control list (ACL). At the same time, SeDaSC doesn’t require the high overhead of re-encryption or intense computations, so data access is still fast, and can work with mobile devices.
“In computer science and engineering, it’s easy to get caught up in complicated concepts, and then feel inclined to build those out to become even more complicated,” Ali said. “Sometimes you need to take a step back and determine what makes sense in our existing infrastructure. For us, a relatively simple solution just clicked. SeDaSC enables government and enterprise entities to more-securely manage their sensitive data today.”
The team tested its methodology with Amazon Cloud services and its own CS, and found that it was the quickest secure data-sharing method when compared to other contemporary works. The only downside is that communication time would take a bit longer than usual because the user would have to request data via the CS. But even then, it’s split-seconds.
SeDaSC has not yet been adopted by organizations, but according to Ali, it’s gotten quite a bit of interest from other researchers since it was published, and the only thing standing in the way of deployment is a basic code in the CS to divide the key.