A significant trend in recent years has been the movement of data and services to cloud-based systems. Increasingly, individuals and organizations rely on cloud-based data storage, even for sensitive data. Unfortunately, as demonstrated by some widely reported leaks of sensitive data stored in cloud services, security measures taken by cloud service providers may not adequately protect data.
Data stored in cloud services is often vulnerable at a number of points. Access to the user's cloud service account may be accessible to anyone who can obtain or guess the username and password for the account. System administrators or data backup services employed by the cloud service may be able to access and transmit user data to unauthorized recipients. And, while the cloud service may store user data in encrypted form, the cryptographic key needed to decrypt the data may be still accessible to system administrators of the cloud service.
Since most security practices used by cloud services typically remain confidential, users may have only the reputation of the cloud service to assure them that proper security measures have been implemented. Some large organizations try to ensure that their sensitive data is being adequately protected by operating their own cloud storage service. Even so, these organizations still rely on the competence and integrity of the system administrators they employ to ensure that data security policies are properly implemented.
Finally, even when the user protects their account with a strong password that is kept inaccessible to others and the cloud service has implemented best data security practices, the cloud service may be legally required in some circumstances to turn over cryptographic keys to government entities in the country where cloud service facilities are located. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for image-based encryption of cloud data.