Individuals, enterprises, and government agencies encrypt information before uploading to commodity cloud storage systems like Box or Amazon’s S3 to gain strong security in the event the storage provider is compromised. Regulations like HIPAA and PCI (and good security hygiene) require that encryption keys be rotated periodically. The current schemes in use for rotating encryption keys are either infeasible or insecure as we discuss in this presentation. We describe attacks against the current scheme and present two new encryption schemes that improve the security of key rotation offering different security and performance trade-offs.
Dr. Adam Everspaugh (@AdamEverspaugh) is a cryptographer and software engineer. He researches and presents on topics including oblivious password hardening, secure random number generators, and updatable encryption. Adam is a security engineer for Coinbase, and a cryptographic advisor to Keeper Security (password management service), and the distributed app platform Mainframe.com.