ShEnc: A Versatile Secure Multi-Party Data Sharing Framework

Abstract

Secure data sharing via public Internet or local networks is absolutely vital for people today. Confidential information is stored as a file in most settings and shared via intermediate systems, including email, file hosting service, and portable devices. Cyberattacks (malicious) and human errors (non-malicious) are potential threats in these intermediate systems which may result in information leakage, impersonation, and repudiability. This is also true for communication networks. This paper presents a new method and system, called ShEnc, for end-to-end (E2E) secure multi-party data sharing. E2E encryption provides secure transmission of data from one end to the other while the intermediate systems may not be especially trustworthy. The system depends neither on prior secret sharing nor a dedicated server, secure communication channel, and special devices. Instead, we utilize the public key encryption: RSA and ECC. That is, only the public keys of the participants are disseminated beforehand, and robust confidentiality of shared data and authenticity of the sender are ensured. Furthermore, the system introduces a unique file format, enabling multi-party data sharing with a single file. The results of performance evaluation revealed that the overhead of the encrypted file size is about 2+n KB for RSA and 1+0.3n KB for ECC for the number of participants n. The processing time is less than one second under the condition where sharing 128 MiB file with 16 participants and 4 MiB file with 100 participants.