Even cloud storage that says "the safest" turned out to be unsafe

ByCharlie Collis

Storing files on the Internet Cloud storage is a convenient service that allows files to be exchanged between terminals through the cloud. A new service is appearing one after another, such as a large-capacity cloud storage service now free, but a scientist who studies computer science at Johns Hopkins University "Even the safest and most secure cloud storage is not safe"We are announcing research results.

Even the most secure cloud storage may not be so secure, study finds - Network World

Many enterprises that provide cloud storage, as state-of-the-art cloud security to protect customers' data, are able to securely authenticate without revealing confidential secrets and passwords for certification to the other partyZero knowledge proof"Is adopted. A scientist at Johns Hopkins University said that as a result of studying that this zero knowledge proof is "how safe" it suggests that dangerous vulnerabilities are hidden.

In the cloud storage service that adopts zero knowledge proof, we encrypt and store the customer's data and pass the decryption key to the customer, enabling exchange of secure data which can not be accessed even by the merchant. However, the researcher said, "If there is a function to share the data to be kept within the cloud service, the decryption key becomes vulnerable to attack as seen from the merchant's side, and if the merchant wishes to see the customer's data, it can also look "It is warning.


When we investigated the zero knowledge proof cloud service that actually provides the service,SpiderOak","Wuala","Tresorit"It is confirmed that it is safe for" a model in which data is encrypted and stored in the cloud and can be decrypted only when the user downloads data ".

On the other hand, "When you share data on the cloud service, you will be able to exchange data on the system without the user's decryption key, in which case the merchant was in a state where the merchant could access the customer's data" Duane Wilson, the first author of the report to report. this is"Man-in-the-middle attackIt is similar to "and no big problem has happened at the moment, but that users are always under attack. Research director Giuseppe Ateniese said, "There is no evidence that cloud service providers are accessing customer data, but tell them that any safe cloud service is at risk of users I wanted it. "

According to researchers some services,Silent CircleWe adopt security other than zero knowledge certification authentication, such as speech recognition system, in combination. Although cloud storage services have appeared one after another, the service providers are also seeking to provide safer service.

in Note,   Web Service, Posted by darkhorse_log