KaaSP: Keying as a service provider for small and medium enterprises using untrusted cloud services

W. Aiken, Jungwoo Ryoo, Hyoungshick Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.

Original languageEnglish (US)
Title of host publicationACM IMCOM 2015 - Proceedings
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450333771
DOIs
StatePublished - Jan 8 2015
Event9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015 - Bali, Indonesia
Duration: Jan 8 2015Jan 10 2015

Publication series

NameACM IMCOM 2015 - Proceedings

Other

Other9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015
CountryIndonesia
CityBali
Period1/8/151/10/15

Fingerprint

Cryptography
Industry
Law enforcement
Cloud computing
Access control
Authentication
Scalability
Internet
Control systems
Service provider
Small and medium-sized enterprises
Encryption

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Control and Systems Engineering
  • Management Information Systems

Cite this

Aiken, W., Ryoo, J., & Kim, H. (2015). KaaSP: Keying as a service provider for small and medium enterprises using untrusted cloud services. In ACM IMCOM 2015 - Proceedings [a20] (ACM IMCOM 2015 - Proceedings). Association for Computing Machinery, Inc. https://doi.org/10.1145/2701126.2701206
Aiken, W. ; Ryoo, Jungwoo ; Kim, Hyoungshick. / KaaSP : Keying as a service provider for small and medium enterprises using untrusted cloud services. ACM IMCOM 2015 - Proceedings. Association for Computing Machinery, Inc, 2015. (ACM IMCOM 2015 - Proceedings).
@inproceedings{f843171b8be24dfe9554243acd3228c3,
title = "KaaSP: Keying as a service provider for small and medium enterprises using untrusted cloud services",
abstract = "Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.",
author = "W. Aiken and Jungwoo Ryoo and Hyoungshick Kim",
year = "2015",
month = "1",
day = "8",
doi = "10.1145/2701126.2701206",
language = "English (US)",
series = "ACM IMCOM 2015 - Proceedings",
publisher = "Association for Computing Machinery, Inc",
booktitle = "ACM IMCOM 2015 - Proceedings",

}

Aiken, W, Ryoo, J & Kim, H 2015, KaaSP: Keying as a service provider for small and medium enterprises using untrusted cloud services. in ACM IMCOM 2015 - Proceedings., a20, ACM IMCOM 2015 - Proceedings, Association for Computing Machinery, Inc, 9th International Conference on Ubiquitous Information Management and Communication, ACM IMCOM 2015, Bali, Indonesia, 1/8/15. https://doi.org/10.1145/2701126.2701206

KaaSP : Keying as a service provider for small and medium enterprises using untrusted cloud services. / Aiken, W.; Ryoo, Jungwoo; Kim, Hyoungshick.

ACM IMCOM 2015 - Proceedings. Association for Computing Machinery, Inc, 2015. a20 (ACM IMCOM 2015 - Proceedings).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - KaaSP

T2 - Keying as a service provider for small and medium enterprises using untrusted cloud services

AU - Aiken, W.

AU - Ryoo, Jungwoo

AU - Kim, Hyoungshick

PY - 2015/1/8

Y1 - 2015/1/8

N2 - Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.

AB - Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.

UR - http://www.scopus.com/inward/record.url?scp=84926171132&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84926171132&partnerID=8YFLogxK

U2 - 10.1145/2701126.2701206

DO - 10.1145/2701126.2701206

M3 - Conference contribution

AN - SCOPUS:84926171132

T3 - ACM IMCOM 2015 - Proceedings

BT - ACM IMCOM 2015 - Proceedings

PB - Association for Computing Machinery, Inc

ER -

Aiken W, Ryoo J, Kim H. KaaSP: Keying as a service provider for small and medium enterprises using untrusted cloud services. In ACM IMCOM 2015 - Proceedings. Association for Computing Machinery, Inc. 2015. a20. (ACM IMCOM 2015 - Proceedings). https://doi.org/10.1145/2701126.2701206