Field
The disclosed embodiments relate to techniques for protecting data. More specifically, the disclosed embodiments relate to techniques for using separate cryptographic keys for protecting different operations on the data, such as read operations and write operations.
Related Art
Data on network-enabled electronic devices is frequently stored, shared, and/or backed up using remote storage mechanism such as file hosting services, cloud storage services, and/or remote backup services. For example, a user may use a cloud storage service to store and/or back up a file on a personal computer, laptop computer, portable media player, personal digital assistant, tablet computer, and/or smart phone. After the file is uploaded to the cloud storage service, the user may retrieve the file and/or share the file with other users from the cloud storage service.
However, storage of data on untrusted remote storage mechanisms may be associated with a number of security issues. First, the data may be accessed by an unauthorized third party, thus compromising the confidentiality of the data. For example, the data may be obtained by an attacker if the attacker steals authentication credentials for accessing the data on cloud storage and/or reads packets containing the data during writing of the data to cloud storage and/or reading of the data from cloud storage. Second, the unauthorized third party may compromise the integrity of the data by modifying and/or tampering with the data. For example, an attacker may inject packets into a network connection between a user writing the data and cloud storage, resulting in storing of the packets' payloads with the data on the cloud storage and/or subsequent reading of the stored payloads from the cloud storage by the user and/or other users.
Hence, use of untrusted remote storage mechanisms may be facilitated by securing both the storage of data on the remote storage mechanisms and the transmission of the data between the remote storage mechanisms and network-enabled electronic devices.