KaaSP: Keying as a service provider for small and medium enterprises using untrusted cloud services

Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced for personal users, it is still questionable whether such services can effectively be deployed for enterprises due to their lack of scalability. We propose a new access control system that incorporates encryption, based on access via a third-party key management service. The proposed system introduces a new entity named a Keying as a Service Provider (KaaSP) to more securely provide a data encryption service. In our approach, data encryption keys are generated through a negotiation with the KaaSP which would not have access to all key parts. Therefore, even if petitioned by a powerful adversary such as a law enforcement organization or breached by an attack, the data could not be leaked. Moreover, user data on the cloud storage can be protected from access attempts made by a lost device controlled by an unauthorized user since a lost device's credential for authentication can instantly be revoked. Additionally, the controlling organization can seamlessly edit access credentials via this cryptographic framework.