Achieving Reconciliation between Privacy Preservation and Auditability in Zero-trust Cloud Storage using Intel SGX
Cloud storage allows for saving files at an off-site location that is accessible through the public internet. However, cloud storage suffers from a lack of trust since employees have physical and electronic access to almost all of the data, and zero-trust security is thus essential. This paper proposes an SGX-based file hosting scheme that gives full consideration to both privacy preservation and auditability to address the aforementioned concerns. We designed a secure key exchange protocol consisting of two phases: a key generation phase and a key verification phase. Theoretical analysis and experiments indicate that the protocol can resist man in-the-middle attacks, which has been unattainable in previous studies. The experimental results show that our scheme takes little time regardless of file size and achieves solid performance in handling concurrent requests; furthermore, it is innocuous for clients, and the memory usage is acceptable.