As people become more reliant on computing and Internet technologies, data security is becoming more important than ever. In applications of data storage and communications, such as cloud storages and wireless sensor networks, data encryption is critical to the protection of privacy and sensitive information.
With Internet connections becoming ubiquitous, it is relatively easy to access and distribute data widely through the use of clouds. To enjoy the benefits of cloud computing, people and companies often upload their data to cloud servers. This often includes private or confidential data, or any data a user might want to protect. This increases the chance for private and important data to become unnecessarily exposed if it is left unprotected.
Typically, people rely on cloud service providers to ensure the security of their data. However, cloud storage may have a number of associated security vulnerabilities. In its 2013 report (“The notorious nine: Cloud computing top threats in 2013,” http://www.cloudsecurityalliance.org/topthreats), the Cloud Security Alliance identified nine top security threats to cloud computing including data breaches, data loss, malicious insiders, and shared technology issues. Such data security issues are undesirable, and may slow the uptake of cloud services.
One way to mitigate data security issues is by way of encryption. For example, stand-alone tools such as Winzip and secure PDF may be used to encrypt files before those files are saved and stored, uploaded, and/or transmitted. Without the corresponding decryption key, the encrypted file may not be meaningful.
Using stand-alone tools such as Winzip and secure PDF to encrypt multiple files in a folder, however, has several drawbacks. For example, a user may be required to input a password to encrypt every file, and to input a corresponding password to decrypt the encrypted file for viewing and/or modification. When the number of files increases, this approach becomes tedious and is not user-friendly. As well, the user may easily become confused about which password decrypts which file if different passwords are used to encrypt different files.
Furthermore, the encryption strength in these examples depends on how strong the passwords chosen by the user are. Because of the difficulty users experience in coming up with and memorizing strong random passwords, they tend to choose weaker passwords, and the resulting encryption can often be weak. As a result, files encrypted using stand-alone tools may still be vulnerable to sophisticated attacks. Furthermore, if passwords are forgotten or lost, it may be difficult or impossible to recover the original plaintext files from the encrypted files. This effectively results in a permanent loss of data. Finally, when files are encrypted using stand-alone tools, sharing encrypted files among a group of people can be tedious and often requires the use of side channels to exchange passwords.
In large scale information systems, key management including key generation, exchange and maintenance of secrecy of the secret keys, becomes even more difficult. As such, it is desirable to develop a solution to mitigate key management challenges while achieving strong security in some information theoretic sense.