Security Scheme for Sensitive Data in Management-Type SaaS

In this paper, we proposed the potential security problem of sensitive data in management-type SaaS which have no valid evidence when service provider embezzling or responsibility confirmation in service level agreement dispute, and proposed a scheme to ensure sensitive data safety by taking advantage of encryption and signature technique. Non-credible PKG of identity-based signature mechanism is used as signature mechanism for sensitive data in the scheme. Based on non-credible PKG of identity-based signature, a double-layer PKG framework is built by using the sub-PKG of service provider and tenants according to characteristic of the security responsibility of sensitive data is supervised by both service provider and tenants which have ownership and use right of the software respectively. The symmetric cryptography which ensures confidentiality of sensitive data is employed based on balance efficiency and safety. The related questions are also discussed. Security and the feasibility analysis show that this scheme ensures the confidentiality, integrity and non-repudiation of sensitive data. It can also provide valid evidence for service level agreement dispute and impel the application and the development of management-type SaaS. The proposed scheme can be widely applied to interactive distributed system of sensitive data.