Cloud computing services are becoming widely used to reduce information technology administration burdens and increase user flexibility. However, by using a cloud computing service, users place their data on the Internet where malicious users may attempt to gain access. A variety of techniques exist for securing communications to and from such cloud-based resources, and for encrypting user data for storage in the cloud. However, the existing solutions generally present vulnerabilities in which encryption keys or underlying data are periodically or permanently exposed in plaintext form by remote resources where any physical vulnerabilities might result in the exposure of sensitive data. These problems are multiplied where a cloud-based resource is integral to a distributed key management system.
There remains a need for key management techniques that ensure only encrypted data is present in cloud-based resources where administrators and end users have little or no control over physical and network security.