Users are storing their data in network servers or in the cloud for different reasons. This could be to obtain a backup of their personal data, securely stored in a remote location, but also a way to easily access their data from several location or devices, or a way to share data with others users.
One main concern for users is security or data privacy: the stored data must not be accessible to anybody else, not even the service provider. One way of realizing this is to first encrypt data and then upload data to the cloud, this way only the owner of the data is able to access the data, the service provider only manages encrypted data and does not possess the means of decrypting the data (i.e. the cryptography keys), ensuring confidentiality.
A first way of implementing such method is by using symmetric cryptography, that is to say cryptography based on a single secret encryption key; data being encrypted or decrypted using the same secret key. This means that the only way to share data with someone else is to share the secret key, this solution offers no control on how the data stored on the cloud is shared as anyone can then share the secret key enabling access to the data. Moreover, as symmetric key must be exchanged to share data, there is a risk that the key may be compromised during the exchange, thus compromising all encrypted data.
A second way of implementing such method is by using asymmetric encryption, that is to say cryptography based on a pair of keys: a public key—potentially shared with everyone—and a private key—kept secret by the owner. Data encrypted by the public key can only be decrypted using the private key. This method allows sharing of data with a user by using its public key to encrypt data to be shared: only the recipient is able to decrypt, using its private key. As in this method there is no exchange of secret key, the risk of compromising the data is limited.
The previous method presents a strong limitation: when a user wants to share encrypted data stored in the cloud data storage with someone else, he first needs to download said data, decrypt it, re-encrypt the data using the recipient's public key and then upload the data back to the cloud. These operations are very time consuming as bandwidth restriction may make the download and the upload of the data tedious, and the decryption and re-encryption of the data may take time on user device. Moreover, asymmetric encryption is much slower than symmetric encryption.
Hybrid encryption technique reduces some inconvenience of the previous method; hybrid encryption technique being a combination of symmetric and asymmetric encryption. In this technique, the content or data to be stored in the cloud is encrypted using a symmetric key, then said symmetric key is encrypted using an asymmetric encryption. In this solution, both the content encrypted using the symmetric key and said symmetric key encrypted using asymmetric encryption are stored within the cloud. Inconvenience over precedent method are reduced as only the encrypted symmetric key needs to be re-encrypted, that is to say a much smaller file that the content, which preserve both the bandwidth when uploading or downloading the data and the processor time needed to re-encrypt data. Still, if inconveniences of precedent method are reduced, the content—or here the symmetric key associated to the content—still need to be downloaded, decrypted, re-encrypted and uploaded; it is thus impossible to share a content uploaded by a first electronic device with a second electronic device if the first electronic device is not available. It is to be noted that the man skilled in the art will use a different symmetric key for each content, thus, if one symmetric key is compromised, only the content associated to said symmetric key will be compromised.
A new encryption technology, called Proxy-Re-Encryption (PRE) solves the previous problem. This technology is described in an article by G. Anteniese, K. Fu, M. Green and S. Hohenberger, “Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage” (in ACM Transactions on Information and System Security—TISSEC, vol. 9, no. 1, pp. 1-30, February 2006). This technology is based on asymmetric encryption, but offers a method to re-encrypt already encrypted data. This solves the previous problem as it exempts the electronic device from downloading the encrypted data, decrypting it, re-encrypting it and then uploading it back to the cloud data storage. PRE allows a direct re-encryption of the data within the cloud. FIG. 1 describes the way PRE works. 101 is data stored in the cloud by a first electronic device, said data being encrypted using a public key of the first electronic device. When the first electronic device wants to share this data with a second electronic device, the first electronic device calculates a re-encryption key, re-encryption key calculated using its own private key and the second user's public key. This re-encryption key is then uploaded to the cloud database server or database server 110. The server 110, using this re-encryption key, re-encrypts the data. The method used does not involve any decryption of the data by the server 110, guaranteeing the privacy of the data. The result, data 102, can be shared with the second electronic device, the second electronic device is then able to decrypt said data 102 using its own private key. PRE method guarantees that no exchange of sensible data occurs as with the method based on symmetric key, and exempt electronic devices from downloading and uploading data they want to share as with the second described method based on asymmetric cryptography. Only public keys need to be exchanged between the users, meaning here between their respective electronic devices used to access the cloud service. A pair of public key and private key is associated to an electronic device, stored within said electronic device. Said electronic devices may exchange directly their public keys via for example Near Field Communication (NFC). One electronic device's private key should not be shared to preserve confidentiality of encrypted data using said electronic device.
Proxy Re-Encryption (PRE) technology can be implemented using “multi-hop” or “single-hop” PRE.
In multi-hop PRE, a content initially encrypted for an electronic device A and re-encrypted using PRE for an electronic device B, can be re-encrypted using PRE by the electronic device B for another electronic device C, and so on. The process of re-encryption from an electronic device to another electronic device can thus be repeated anytime. For example, when data is encrypted and stored within the cloud data storage by a first electronic device A, if a second electronic device B wants to access said data, or if the electronic device A wants to share said data with electronic device B, the electronic device A calculates a first re-encryption key from the electronic device A to a second electronic device B and uploads said first re-encryption key to the cloud data storage. There, using said first re-encryption key, the database server is able to re-encrypt the data and send it to the electronic device B. If a third electronic device C wants to access the data, and when the electronic device A is unavailable (switched off, broken, lost, . . . ), said electronic device A is unable to calculate a re-encryption key from the electronic device A to the electronic device C. But the electronic device B may calculate a second re-encryption key from electronic device B to the electronic device C. Then, the database server may apply multi-hop PRE method using the first then the second re-encryption key on the data encrypted by the electronic device A to obtain encrypted data that can be shared with the electronic device C.
In single hop PRE such possibility does not exist as data re-encrypted a first time cannot be re-encrypted a second time. Thus, in the situation described in the previous paragraph, if the electronic device A is not available to calculate a re-encryption key from the electronic device A to the electronic device C, the data cannot be shared with the electronic device C although at the same time the server can share the data with electronic device B using re-encryption key from electronic device A to the electronic device B. The user in a case to download the data to the electronic device B so that it can be decrypted using the electronic device B private key. After decryption, the content becomes electronic device B content, and the user can resume the upload mechanism to the cloud, starting with the electronic device B encrypting the data content using its public key and then uploading the data to the cloud data storage as data for electronic device B.
Provided the user wants to share the newly uploaded content with an electronic device C, the electronic device B will calculate a re-encryption key from the electronic device B to the electronic device C and uploads said re-encryption key to the database server. Thus, the database server can re-encrypt data uploaded by the electronic device B using the calculated re-encryption key and send the data to the electronic device C. Again, downloading, decrypting, re-encrypting and uploading back the data are very time consuming operations.
If multi-hop PRE thus facilitates sharing of content from one device to others, the initial device may lose control on how its content is shared. Multi-hop PRE brings as a consequence security or privacy concerns. This is why single-hop PRE is preferable. But the gain in security and privacy is lost through strong limitations brought by single-hop PRE on the sharing of content between different electronic devices.
Today there is a need for a re-encryption key management process that avoids such limitations. There is a further need for such a management that facilitates a user's access to his content from different electronic devices, especially to transfer or associate the content from one electronic device to another and to manage situation of an electronic device loss for example.