Safebox: A Scheme For Searching And Sharing Encrypted Data In Cloud Applications

Confidential data is often encrypted before it is uploaded to cloud servers. However, client-controlled encryption often poses a major barrier towards the full functionalities of cloud services. This paper presents SafeBox, a new Cloud Access Security Broker (CASB)-based approach that protects sensitive information against attackers with full control of cloud servers, and allows clients to search and share encrypted data transparently. It addresses the following challenges: First, SafeBox brings almost no loss of functionalities for protecting sensitive information in cloud applications. It safeguards not only textual input data but also uploaded files. Second, it allows a server to perform keyword-based searching over encrypted contents, and does not modify the current cloud interfaces or users' habits. Finally, it enables encrypted data sharing between different brokers efficiently. Our experimental evaluations on multiple cloud applications show that SafeBox has modest overheads and can be applied to practical use.