As the Internet gains popularity, more and more services are made available online, inviting users to disclose more private information to the service providers. However, lack of trust about privacy and security practice is a key inhibitor in moving to cloud models. For example, when sharing and storing information in the cloud, additional assurance is needed that appropriate measures have been taken by cloud service providers (CSPs) to protect and handle the data, according to legislation, security practice and users' (data subjects') requirements. Both business consumers and citizens are requiring more control over the usage and sharing of their personal and confidential information.
In order to keep such sensitive data secure, on-line applications and services often store such sensitive data in a cryptographically protected (e.g. encrypted and/or signed) format. In addition, previous work on sticky policies, where policies and constraints are attached to data (by using cryptographic public-key mechanisms) and dictate data handling criteria, can serve as the basis for policy compliance, enforcement and auditing. Further, cryptographic algorithms may use encryption keys to encrypt data. Specifically, an encryption key may determine the functional output of a cryptographic algorithm.