Companies tend to collect large amounts of data during the normal course of business. At least a portion of the data includes sensitive information, such as financial transactions, medical profiles, and customer identification, including social security numbers. Once collected, the companies must store the data, sometimes for long amounts of time, as required by company policy or by government guidelines and policies. However, a majority of the companies are unable to store the data themselves due to the considerable amount of storage space required and thus, rely on leasing storage and computing power from larger companies. Servers used by the larger companies to store the data are public and often cloud based.
Additionally, the field of business intelligence depends on analytics to identify trends, steer strategies, and support successful business practices. The analysis is commonly performed by analysts hired by a company. These analysts are generally entrusted with important tools, including decryption keys to decrypt the stored data prior to analysis. However, if an unauthorized individual, such as the adversary obtains the decryption key, access to the entire database storing the data is granted. Unfortunately, mobile devices of the analysts are often not equipped with strong intrusion prevention mechanisms, which make the analysist a weak link for attack by an adversary.
Protecting data owners' sensitive information from unauthorized individuals is extremely important to prevent misappropriation of the data. Currently, sensitive data can be protected via an access control mechanism at a server on which the data is stored so that the server first engages with a party interested in the data and then requires the interested party to enter necessary credentials to pass authentication protocols established by the access control mechanism before accessing the data. Unfortunately, a number of security breaches has recently increased due to unauthorized access of the credentials for an authorized user.
In addition to requiring a user to enter credentials, stored data can be encrypted prior to storage as an additional security layer to reduce the effects of breach by preventing access to the data content. However, encryption itself is generally not secure enough to prevent disclosure of the data content. For instance, to encrypt the data, companies generally utilize a public key to encrypt the data prior to storage. Subsequently, a user associated with the company needs to access the data, but to do so, must obtain a secret key of the company to decrypt the encrypted data. Allowing multiple users of the company access to the secret key places the data in a vulnerable position since the user can provide the key to unauthorized users. Additionally, the secret key can be accessed directly by unauthorized users, resulting in access to the data content. Unfortunately, obtaining a secret key can be fairly easy since humans are often easily fooled by simple social engineering attacks.
Therefore, there is a need for an approach to improved data protection and breach prevention. Preferably, the data protection and breach prevention will include a re-encryption scheme for large amounts of plaintext data to reduce the effects of unauthorized access to the data itself or via individuals authorized to access the data.