Cloud-hosted key sharing towards secure and scalable mobile applications in clouds

User data may be stored in a cloud to take advantage of its scalability, accessibility, and economics. However, data of a sensitive nature must be protected from being read in the clear by an untrusted cloud provider. It is also beneficial to provide finite time limits on access to the data by users. A key management scheme is proposed where encrypted key shares are stored in the cloud and automatically deleted based on passage of time or user activity. The accessibility of the data gradually expires and revocation occurs as a result of the loss of sufficient key shares. The process does not require additional coordination by the data owner, which is of advantage to a very large population of resource-constrained mobile users. The rate of expiration may be controlled through the initial allocation of shares and the heuristics for removal. Subscription to user data is maintained through regular re-generation of shares. A simulation of the scheme and also its implementation on commercial mobile and cloud platforms demonstrate its practical performance.