[论文解读] TwinCloud: A Client-Side Encryption Solution for Secure Sharing on Clouds Without Explicit Key Management.

With the advent of cloud technologies, there is a growing number of easy-to-use services to store files and share them with other cloud users. By providing security features, cloud service providers try to encourage users to store personal files or corporate documents on their servers. However, their server-side encryption solutions are not satisfactory when the server itself is not trusted. Although, there are several client-side solutions to provide security for cloud sharing, they are not used extensively because of usability issues in key management. In this paper, we propose TwinCloud which is an innovative solution with the goal of providing a secure system to users without compromising the usability of cloud sharing. TwinCloud achieves this by bringing a novel solution to the complex key exchange problem and by providing a simple and practical approach to store and share files by hiding all the cryptographic and key-distribution operations from users. Serving as a gateway, TwinCloud uses two or more cloud providers to store the encryption keys and encrypted files in separate clouds which ease the secure sharing without a need for trust to either of the cloud service providers with the assumption that they do not collude with each other. We implemented TwinCloud as a lightweight application and make it available as open-source. The results of our usability study show the prospect of the secure sharing solution of TwinCloud.