Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONE’s Security
نویسندگان
چکیده
This paper presents an independent security review of a popular encrypted cloud storage service (ECS) SpiderOakONE. Contrary to previous work analyzing similar programs, we formally define a minimal security requirements for confidentiality in ECS which takes into account the possibility that the ECS actively turns against its users in an attempt to break the confidentiality of the users’ data. Our analysis uncovered several serious issues, which either directly or indirectly damage the confidentiality of a user’s files, therefore breaking the claimed Zeroor No-Knowledge property (e.g., the claim that even the ECS itself cannot access the users’ data). After responsibly disclosing the issues we found to SpiderOak, most have been fixed.
منابع مشابه
Private Key based query on encrypted data
Nowadays, users of information systems have inclination to use a central server to decrease data transferring and maintenance costs. Since such a system is not so trustworthy, users' data usually upkeeps encrypted. However, encryption is not a nostrum for security problems and cannot guarantee the data security. In other words, there are some techniques that can endanger security of encrypted d...
متن کاملFuzzy retrieval of encrypted data by multi-purpose data-structures
The growing amount of information that has arisen from emerging technologies has caused organizations to face challenges in maintaining and managing their information. Expanding hardware, human resources, outsourcing data management, and maintenance an external organization in the form of cloud storage services, are two common approaches to overcome these challenges; The first approach costs of...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملTrust Evaluation Scheme for Cloud Data Security using Fuzzy based Approach
Cloud computing provides a services for sharing and storing the data. Both cloud server and trusted authority are semitrusted party. The generation of trust value for cloud server and trust authority is a tedious process. Many researchers proposed different methods for generating trust value and it is still in open research. So, we propose a trust evaluation scheme for cloud data security using...
متن کاملDynamic Multi-Keyword Ranked Searchable Security Algorithm Using CRSA and B-Tree
With the advantage of storage as a service many enterprises are moving their valuable data to the cloud, since it costs less, easily scalable and can be accessed from anywhere any time. The trust between cloud user and provider is paramount. We use security as a parameter to establish trust. Cryptography is one way of establishing trust. Searchable encryption is a cryptographic method to provid...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2018