New Secure Storage Architecture for Cloud Computing Sameera Abdulrahman Almulla and Chan Yeob Yeun Khalifa University of Science, Technology and Research, Sharjah Campus, United Arab of Emirates {Sameera.almulla,cyeun}@kustar.ac.ae Abstract. The rapid development of technology has resulted in an increase in the need for computing assets and many organizations are moving in the direction of outsourcing their storage and computing needs. This new trend of outsourcing resources and processes has been called “Cloud Computing”. The challenge is to provide security for data stored in public cloud, where users have reduced control of their own information. In this paper, we are going to propose a new security architecture for customers to ensure that their data is secured by deploying both symmetric and asymmetric encryption in an environment that allows for lawful interception. Keywords: Cloud Computing, Secure Storage, Lawful Interception, Encryption. 1 Introduction There are several cloud models available in the market, an agreed upon framework of cloud services described as Software-as-a-Service (SaaS), Platform-as-a-service (PaaS) and Infrastructure-as-a-Service (IaaS) (collectively referred to as “SPI”) [1],[2] and [3]. Since security measures will differ in each framework [4] and [5], in this paper, we will focus on cloud based storage supplied as IaaS. Our goal is to enhance cloud security in one aspect, namely storage, by satisfying the security requirements including confidentiality, integrity, data segregation and authentication while facilitating LI. The LI process for IP based communication is performed on the traffic between two communicating entities. Once the Law Enforcement Agency (LEA) has granted warrant to intercept the communication, a packet sniffing tool will be placed at the internet Service Provider (ISP) of the suspected entity. Later, the sniffed data will be used for digital forensics analysis [6]. In addition, sniffing tools are very useful to analyze the sniffed network traffic and determine its behaviors and trends, however, it is a challenging task to extract individual user’s activities. The main barrier that an LEA will face is the encrypted traffic. In this paper, we propose a new architecture to perform LI on the encrypted storage rather than the traffic without compromising user’s credentials such as the encryption sub-key and yet decrypt the suspicious evidence. Unlike the network traffic, intercepting user’s information at rest in the cloud environment consumes less time to