E! 7816 Cloud Security Infrastructure

The usage of cloud services to store files is becoming popular both for private users and in companies. The combination of easy access to your data everywhere on any devices, and no need to worry about local disk crash and backups, is very tempting. If yo u add the possibility of sharing data with family, friends or colleagues, the service becomes even more attractive. However, privacy concerns has been raised regarding the how the data is stored and managed. Who have access to the data, how is the data pr otected from inspection, and how is the data secured when transferred between devices and the cloud? Several large cloud storage providers have showed weakness regarding these questions. In the CSI project the goal is to enhance the security of existin g cloud storage services. This has to be done without compromising the user-friendliness of the existing services. The enhanced security is achieved by a combination of symmetric and public key encryption, new approaches to authentication and digital sign atures, and adaptive scalable cryptography. Dropbox, Google Drive, Microsoft SkyDrive, and Apple iCloud are examples of existing cloud service providers that are used to store data, synchronize data between devices, and share data with other users. The Ensafer secure storage and sharing product from Invenia will in the CSI project be used to demonstrate how to enhance the security of these services. Ensafer uses a combination of symmetric and public key encryption to protect user data and enable secure sharing of these data. The new approaches to two-factor authentication and digital signatures from Encap will in the CSI project be used to enhance the user authentication in the product and the integrity of the data shared. The meaning of this is that w e can be assured that a user is who he or she claims to be, and that the data has not been altered or modified by someone else. The detailed control of user data and whom the data is shared with is implemented by having unique encryption keys for every single file. This approach has some challenges related to scaling. In the CSI project alternative approaches to sharing of a large number of files to a large number of users are investigated. These alternative approaches developed by Sirrix promises that the access and sharing of data scales well for extremely large number of files and users, and is manageable within an organization and across organizations.

CSI will bring high-level and scalable security to popular cloud storage services. This includes strong encryption of user data, privacy-assured data sharing, two-factor authentication (2FA) of users, and support for PKI based digital signing of electroni c information. CSI will combine knowledge and expertise from its partners to enhance existing cloud services with strongly requested security functions. The Ensafer file-sharing and collaboration service is used in CSI as the case for the research and dev elopment of such high-level and scalable security for cloud storage services. The product Ensafer enables users to securely store documents on the Ensafer storage server and to share these documents with other users providing strong information privacy. The client application provides the user interfaces to create, import, open, export and manage files and contacts, and to share and collaborate with other users. The storage infrastructure provides basic services that the client application uses to store and access files. With strong encryption and careful key management, Ensafer makes sure that the user is in full control of who may access her documents. In CSI we will bring the Ensafer model of easy sharing and always-encrypted user data to other exis ting cloud services. Popular cloud storage services, like Dropbox Google Drive and Microsoft SkyDrive, provide user-friendly storage and synchronization services. They have become extremely popular among both private and corporate users. However, recently strong concerns on storing critical data in the cloud have been raised. CSI will investigate how to apply a combination of user-friendly secure storage and sharing, scalable cryptography, and strong two-factor authentication and digital signing to a co mmon storage infrastructure. The actual file storage and file synchronization will be performed by the underlying storage.