Portable key management service for cloud storage

Cloud storage services provide highly scalable, available and pay-as-you-go storage space for individual and enterprise users. Cloud storage services are inherently insecure as the management of the data in the cloud storage is controlled by third parties beyond the reach of the data owner. To address this problem, a number of data obfuscation techniques have been proposed to conceal data before sending it to the cloud. The secrets keys used for obfuscation are stored in a secure location while obfuscated data is stored in the cloud. In these approaches, the data is as secure as its corresponding keys. However, this still brings a challenging issue where a user needs to manage a large number of (secret) keys in such a way that they are protected against all types of adversaries, and should be as highly available as cloud storage services. To address this issue, we propose a portable key management service that is highly secure and available. In our solution, all keys are stored in a tamper-proof hardware within a portable USB device that users can carry with them all the time in order to provide high security and availability. We describe the system model, the details of the key management service and a prototype implementation.