It is sometimes desirable to store data files, or to provide other kinds of data, remotely from a local system or a closed local environment, e.g. in order to be able to access the data from various location and/or using various devices, and/or in order to be able to share the data among two or more users. To this end cloud services, such as Dropbox®, Google® Drive, SkyDrive®, Amazon® S3, salesforce.com, etc. are sometimes used. A user can provide data to the cloud service, and subsequently he or she may grant access to the data for another user. Thereby the two users can share the data in an easy manner, and only users who have been granted access can access the data. The cloud service may be of a kind where data files can be stored. Alternatively, the cloud service may be of a kind which conveys data from one site to another. Common to these cloud services is that they are untrusted services which are arranged in the cloud.
One problem with the traditional cloud services is that users must trust that the data that they store in the cloud service remains confidential, e.g., that the data stored in the cloud service is not misused due to the cloud service being compromised by hackers, due to corrupted cloud service administrators, or due to legal enforcements in the country where the cloud service is hosted. In other words, the cloud service constitutes a single point of trust with respect to data confidentiality. In order to avoid this, some previous systems have applied encryption of the data, thereby requiring that encryption/decryption keys are shared between the users who are granted access to the data. However, in these previous systems the encryption/decryption keys will be permanently available somewhere in the system, either at one or more client devices or at a central key management service, thereby constituting a single point of trust. Thereby there is a risk that a malicious attack is performed on the single point of trust, thereby gaining access to the encryption/decryption keys. This will allow the malicious party to gain access to the confidential data.
EP 2 503 480 A1 discloses a method and a device for retrieving data available on a second device by a first device. During encryption of data, a client creates a random session key and encrypts the data using the random session key. The random session key is then encrypted, using a public encryption key. The encrypted data is stored along with the encrypted random session key at a second device, e.g. a cloud service. During decryption of data, the client requests the encrypted data, and the second device sends the encrypted data and the encrypted random session key to the client. The encrypted random session key is then transmitted to a plurality of partial decryption devices for performing partial decryption of the encrypted random session key, based on a respective private key stored in each of the partial decryption servers. The respective partial decryptions of the random session key are received at the client device, and the client device derives the random session key from the partial decryptions. Finally, the data is decrypted, using the derived random session key.
The private keys used for performing the partial decryption of the encrypted random session key are generated by a central key generator and subsequently distributed to the partial decryption devices. Accordingly, the central key generator constitutes a single point of trust, which may potentially be attacked, leading to a breach of confidentiality.
Furthermore, in the method and device disclosed in EP 2 503 480 A1 two layers of encryption are required in order to obtain a sufficient level of confidentiality, i.e. encrypting the data, using the random session key, and encrypting the random session key, using a public encryption key.