OmniShare: Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices

Cloud storage services like Dropbox, Google Drive and OneDrive are becoming increasingly popular. Two major reasons for the success of cloud storage services are 1) their ability to synchronize stored data across multiple client devices and 2) the possibility of sharing a subset of this data with other people. But privacy of cloud data is a growing concern. Encrypting data on the client-side before uploading it to cloud storage servers is an effective way to ensure privacy of data. However, in order to allow users to access their data from multiple devices, current solutions resort to deriving encryption keys solely from user-chosen passwords which may have low entropy. We present OmniShare, the first scheme to allow client-side encryption with high-entropy keys whilst providing an intuitive key distribution mechanism enabling data access from multiple client devices. It allows users to authorize their devices to access encrypted storage and makes use of out-of-band channels for distributing the relevant keys to authorized devices. OmniShare uses the cloud storage itself as a communication channel between devices to ensure that user actions needed during authorization are minimal and consistent. Furthermore, OmniShare allows the possibility of sharing selected encrypted files with other people. OmniShare is open source and currently available for Android and Windows with other other platforms in development.