2FE: Two-Factor Encryption for Cloud Storage

TL;DR

This paper introduces 2FE, a two-factor encryption scheme for cloud storage that enhances confidentiality and availability by involving two user devices in encryption and decryption, addressing real-world threats like device theft and human errors.

Contribution

The paper proposes a novel two-factor encryption scheme that improves security and resilience of cloud storage against device compromise and user errors, using secret sharing and cryptographic techniques.

Findings

2FE provides strong confidentiality and availability guarantees.

Performance overhead of 2FE is small based on experimental evaluation.

The approach can be adapted for cryptocurrency wallets.

Abstract

Encrypted cloud storage services are steadily increasing in popularity, with many commercial solutions currently available. In such solutions, the cloud storage is trusted for data availability, but not for confidentiality. Additionally, the user's device is considered secure, and the user is expected to behave correctly. We argue that such assumptions are not met in reality: e.g., users routinely forget passwords and fail to make backups, and users' devices get stolen or become infected with malware. Therefore, we consider a more extensive threat model, where users' devices are susceptible to attacks and common human errors are possible. Given this model, we analyze 10 popular commercial services and show that none of them provides good confidentiality and data availability. Motivated by the lack of adequate solutions in the market, we design a novel scheme called Two-Factor Encryption (2FE) that draws inspiration from two-factor authentication and turns file encryption and decryption into an interactive process where two user devices, like a laptop and a smartphone, must interact. 2FE provides strong confidentiality and availability guarantees, as it withstands compromised cloud storage, one stolen or compromised user device at a time, and various human errors. 2FE achieves this by leveraging secret sharing with additional techniques such as oblivious pseudorandom functions and zero-knowledge proofs. We evaluate 2FE experimentally and show that its performance overhead is small. Finally, we explain how our approach can be adapted to other related use cases such as cryptocurrency wallets.