WESHARE: A Coercion-Resistant and Scalable Storage Cloud

Several cloud providers encrypt user data as best practices to protect against internal data theft. However, recent incidents have shown that cloud providers can be forced or coerced by governments, legal authorities or overtly malicious external attackers to decrypt user data when necessary. We define a property called coercion-resistance that frees cloud providers from the liability to decrypting client data under such external coercion. We study the challenges in building a coercion-resistant storage cloud that gracefully scales with large number of users and massive data. We discuss why existing solutions fail to achieve the desirable properties of a scalable, coercion-resistant cloud. We propose a new cryptographic primitive that achieves nearideal storage and computation costs when scaled to millions of users sharing large datasets. Using these techniques, we build a cloud storage system called WESHARE that securely handles cryptographic access control and efficient ciphertext re-encryption under the assumptions of the coercion-resistance property. Our prototype integrates seamlessly with a commercial cloud service (Box) and with existing key directory services. We demonstrate that WESHARE achieves strong scalability as data sizes or users increase.