Dual Server Open Key Encryption with Keyword Search for Secure Cloud Storage

Recent news exposes a powerful hacker by obtaining cryptographic keys, intimidation or backdoors in cryptographic code, which destroys information confidentiality. Once the encryption key is revealed, restricting the attacker's exposure to the ciphertext is the only feasible option to protect information confidentiality. For example, this can be accomplished by spreading ciphertext blocks through servers in multiple administrative domains, assuming that the opponent is unable to compromise them all. However, if information are encrypted with existing systems, an opponent equipped with the encryption key can still compromise a single database and decrypt the blocks of ciphertext contained in it. In this paper, we research information privacy against an opponent who knows the encryption key and has access to a large fraction of the blocks of ciphertext. To this end, we suggest Bastion, a novel and efficient scheme that guarantees secrecy of information even if the key to authentication is leaked and the opponent has access to almost all blocks of ciphertext. We analyze Bastion's security and evaluate its performance by implementing a prototype. We also discuss practical insights regarding Bastion's integration into dispersed commercial storage systems. Our analysis results suggest that Bastion is well suited for incorporation into existing systems as it accounts for less than 5% overhead compared to existing semi-secure encryption modes.