Increasing the affairs of individuals and enterprises are being conducted in an automated manner over the Internet. Enterprises now engage in selling their products and services over the Internet; individuals also engage in communicating with one another over the Internet; employees may also engage in accessing secure resources of their employers over the Internet, etc.
Sensitive or private data is often accessed via the Internet from remote locations during user transactions. Preventing unauthorized access to this data can be critical to an enterprise or an individual. The data can include medical details, financial details, etc.
To enhance security of the data, the data is usually encrypted at the machine in which the data is natively stored. But, when the data has to be shared or accessed remotely then some significant issues can arise with the encryption and management of the data.
For example, suppose multiple users are authorized to access the data and one of those users is dismissed from an enterprise so that now just one fewer user is authorized to access the data. When this occurs, the data has to be re-encrypted so as to prevent the unauthorized user from accessing the data.
Consider another more detailed example, where complex key management is in place, within an enterprise, for the data, such that for each addition of a user to a directory or to a file, the encryption key of the file or directory is encrypted with the user's public key. Each time revocation to a user of a group that has access rights to the data happens, a lazy re-encryption can be done on the data. But, this means that there has to be an encryption key for each file and for each directory. Also, any addition of a new user to a group means that the encryption keys have to be made available to the new user. The owners of the files/directories have to supply the keys to the new user; this can only happen when the owners are logged in. Such a scenario cannot be done by a root designated resource.
However, a root designated resource can add him/her self as a user and read files and then delete him/her self from the group. Therefore, it appears that there should be another file permission model built at the encryption layer apart from the permissions present in an existing file system layer to prevent root access in the manner described. Root access can introduce a security hole where the data can be compromised. Yet, modifying existing file permission processing is not advisable and not practical in most situations and even if such a modification did occur to restrict root access, backing up the data without revealing the data/keys to the root is still not possible with conventional approaches.
Consequently, there is a need for improved techniques for securely managing data over a distributed network, such as the Internet.