Confidentiality as a Service -- Usable Security for the Cloud

There is an increasing number of easy-to-use cloud services to store and share information with others. Facebook, Dropbox, iCloud, Googlemail, Amazon S3, Windows SkyDrive and similar services encourage users to entrust the companies´ servers with a large variety of information: from their holiday pictures to corporate documents. However, both private and corporate users commonly fail to take account of possible privacy consequences. Even though there are approaches to provide confidentiality for the users´ data in the cloud, these are not widely adopted due to both awareness and usability issues. Therefore, we propose the novel Confidentiality as a Service (CaaS) paradigm to provide usable confidentiality and integrity for the bulk of users, for whom the current security mechanisms are too complex or require too much effort. The CaaS paradigm combines data security with usability by design and integrates effortlessly into available cloud service applications and workflows. We leverage the splitting of trust between the cloud service provider and one or more CaaS providers to improve usability. CaaS focuses on unobtrusive confidentiality by hiding all cryptographic artefacts from the prevalently non-technical users. Data protection is based on symmetric encryption and invisible key-management mechanisms. We present an integration for multiple popular cloud services to demonstrate the seamless applicability of CaaS.