Researchers propose to build a tool that could be used on top of existing cloud storage services to enable secure document management in the cloud. In essence, using our client side apps developed for different platforms, all the documents will be automatically encrypted before they are sent to the cloud and stored in the cloud in an encrypted format. Therefore, the cloud service provider will not have any access to stored documents. In addition, encryption keys will be automatically managed by our server side solution. Using techniques developed as a part of prior research, the tool's server side implementation will provide efficient search over encrypted data, role-based access control, secure document sharing, and audit log generation. Furthermore, due to the proposed design that separates encryption keys into multiple pieces, any potential hacking into our server cannot be used to recover any document stored in the cloud. In addition, our server will never store any information related to documents in plaintext form.
This project will allow researchers to understand best practices in managing encrypted data in the context of cloud and mobile services. In addition, it will allow them to see the performance and limitations of current encrypted data management solutions (including ours) in real operating environments. Longer-term, if this project is successful, it could substantially decrease the privacy and economic risks of information disclosure due to usage of cloud and mobile services. This could have a direct economic impact, as well as increasing trust in using cloud based document management services, opening the way for new applications that would today be considered infeasible due to lack of necessary security and compliance mechanisms.
As a part of this I-corp project, we explored the feasibility of commercializing cloud security tool named SingleCrypt. Our proposed tool, SingleCrypt, could be used on top of existing cloud storage services such as Amazon S3, Dropbox and Google Drive to enable secure document management in the cloud. In essence, using our client side apps developed for different platforms, all the documents will be automatically encrypted before they are sent to the cloud and stored in the cloud in an encrypted format. Therefore, the cloud service provider will not have any access to stored documents’ potentially sensitive content. In addition, encryption keys will be automatically managed by our server side solution. Using our techniques developed as a part of our prior NSF supported projects, our server side implementation will provide efficient similarity search over encrypted data, role-based access control, secure document sharing, and audit log generation. Furthermore, due to our proposed design that separates encryption keys into multiple pieces, any potential hacking into our server cannot be used to recover any document stored in the cloud. In addition, our server will never store any documents. Using our tool, companies can define access control policies for their employees, monitor employee behavior, and track how documents are shared etc. In addition, our service can automatically backup, load balance and migrate the data to a different cloud service provider as needed. As a part of this I-corp project, we talked to nearly 100 potential customers to understand their cloud based document sharing service needs and explore whether SingleCrypt could address their pain points. During our customer interviews, we quickly realized that certain customer segments (e.g., large banks) are not ready to embrace public cloud based solutions for storing and sharing sensitive data. In addition, some existing cloud service companies claim that they can address the security concerns by encrypting the stored data and hold the encryption keys in the cloud as well. During our customer interviews, we tried to explain that if cloud service provider has access to encryption keys, than they can decrypt the data at any time and may disclose it to anyone easily. Especially, after recent incidents that show the data stored in the cloud is not secure, we saw an increase interest in our proposed solution and received some encouraging feedback that made us to believe that there could be a market for SingleCrypt. As a part our commercialization goal, we implemented a basic SingleCrypt prototype with very limited features to see the feasibility of the proposed approach. Initial results indicate that SingleCrypt can address most of the cloud based document sharing security issues with very little overhead. Currently, we are planning to submit a NSF SBIR proposal to raise funds to develop a prototype with more features that are needed for a minimum viable product. In addition, we are considering to apply NSF PFI:AIR-TT program to raise funding for such prototype development.
