Akeso: Bringing Post-Compromise Security to Cloud Storage
Authors: Lily Gloudemans (William & Mary), Pankaj Niroula (William & Mary), Aashutosh Poudel (William & Mary), Collin MacDonald (William & Mary), Stephen Herwig (William & Mary)
Volume: 2025
Issue: 4
Pages: 446–464
DOI: https://doi.org/10.56553/popets-2025-0139
Abstract: Although cloud providers offer many options for encrypting object storage and rotating the encryption key, the cloud ultimately possesses the key, leaving data vulnerable to insider attacks, legal demands, and storage bugs. Moreover, current key rotation methods do not re-encrypt existing objects, exposing the data indefinitely to adversaries with stolen keys. This paper introduces Akeso, the first cloud storage system to achieve post-compromise security, thus restoring data confidentiality after a key compromise. For efficient key rotation, Akeso adapts the asynchronous group key agreement protocols of messaging applications to storage clients. For scalable object re-encryption, Akeso makes novel use of a cloud-side enclave to coordinate an updatable encryption scheme among untrusted cloud functions. Our evaluations demonstrate that Akeso re-encrypts a 10 GB bucket 2.5× faster than a naïve method that fetches and re-encrypts each object, with a monthly expense that is only 15.6–19.3% higher than the current, less secure, provider encryption options.
Keywords: Cloud Storage, Post-Compromise Security, Confidential Computing
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
