Securing Cloud Data Under Key Exposure

EasyChair Preprint no. 12759

Abstract

Recent revelations of a sophisticated attacker
have underscored the vulnerability of data privacy, as they
have been able to breach encryption by acquiring
cryptographic keys through coercion or exploiting
weaknesses in cryptographic software. Once these keys are
compromised, the only recourse to safeguard data privacy is
to restrict the attacker's access to the ciphertext. This can be
achieved by dispersing fragments of the encrypted data
across multiple servers in diverse administrative domains,
assuming that the attacker cannot compromise all of them.
Nevertheless, conventional encryption methods still leave
data vulnerable, as an attacker with the encryption key can
compromise a single server and gain access to the ciphertext
blocks stored within it. In response to this pressing challenge,
we introduce Bastion, a pioneering and efficient solution
designed to protect data privacy even in the event of key
exposure and an attacker's access to all ciphertext fragments.
We scrutinize Bastion's security features and assess its
performance through a prototype implementation.
Additionally, we explore practical insights regarding the
integration of Bastion into existing distributed storage
systems. Our findings suggest that Bastion is well-suited for
integration into current systems, as it incurs less than 5%
overhead compared to existing semantically secure
encryption modes.

Keyphrases: Bastion, Cryptographic Keys, Encryption, Information Privacy.

@Booklet{EasyChair:12759,
  author = {P Jagadeesan and K Mohan and V Naveen and A. Mohammad Farmaanullah},
  title = {Securing Cloud Data Under Key Exposure},
  howpublished = {EasyChair Preprint no. 12759},

  year = {EasyChair, 2024}}