Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONE's Security

被引:3
|
作者
Dalskov, Anders P. K. [1 ]
Orlandi, Claudio [1 ]
机构
[1] Aarhus Univ, Aarhus, Denmark
来源
PROCEEDINGS OF THE 2018 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS'18) | 2018年
关键词
D O I
10.1145/3196494.3196547
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper presents an independent security review of a popular encrypted cloud storage service (ECS) SpiderOakONE. Contrary to previous work analyzing similar programs, we formally define a minimal security requirements for confidentiality in ECS which takes into account the possibility that the ECS actively turns against its users in an attempt to break the confidentiality of the users' data. Our analysis uncovered several serious issues, which either directly or indirectly damage the confidentiality of a user's files, therefore breaking the claimed Zero- or No -Knowledge property (i.e., the claim that even the ECS itself cannot access the users' data). After responsibly disclosing the issues we found to SpiderOak, most have been fixed.
引用
收藏
页码:343 / 355
页数:13
相关论文
共 50 条
  • [31] CAN YOU TRUST YOUR BANK - HELLER,R, WILLATT,N
    SOKOLOV, RA
    NEW YORK TIMES BOOK REVIEW, 1978, 83 (08): : 16 - +
  • [32] Can you trust your cryostat? Reproducibility of cryostat section thickness
    Hamer, Philip C. De Witt
    Bleeker, Fonnet E.
    Zwinderman, Aeilko H.
    Van Noorden, Cornelis J. F.
    MICROSCOPY RESEARCH AND TECHNIQUE, 2006, 69 (10) : 835 - 838
  • [33] Can You Trust Your Pose? Confidence Estimation in Visual Localization
    Ferranti, Luca
    Li, Xiaotian
    Boutellier, Jani
    Kannala, Juho
    2020 25TH INTERNATIONAL CONFERENCE ON PATTERN RECOGNITION (ICPR), 2021, : 5004 - 5011
  • [34] Risk Assessment for Big Data in Cloud: Security, Privacy and Trust
    Ali, Hazirah Bee Bt Yusof
    Abdullah, Lili Marziana Bt
    Kartiwi, Mira
    Nordin, Azlin
    PROCEEDINGS OF 2018 ARTIFICIAL INTELLIGENCE AND CLOUD COMPUTING CONFERENCE (AICCC 2018), 2018, : 63 - 67
  • [35] Can You Trust Your Model's Uncertainty? Evaluating Predictive Uncertainty Under Dataset Shift
    Ovadia, Yaniv
    Fertig, Emily
    Ren, Jie
    Nado, Zachary
    Sculley, D.
    Nowozin, Sebastian
    Dillon, Joshua V.
    Lakshminarayanan, Balaji
    Snoek, Jasper
    ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 32 (NIPS 2019), 2019, 32
  • [36] WHY YOU CAN TRUST YOUR TELEPHONE - MANAGEMENT FACTOR IN QUALITY ASSURANCE
    PETERS, R
    KARRAKER, IO
    INDUSTRIAL RESEARCH, 1975, 17 (12): : 47 - 51
  • [37] Tissue-agnostic RET inhibition: can you trust your target?
    D'Aiello, Angelica
    Halmos, Balazs
    LANCET ONCOLOGY, 2022, 23 (10): : 1235 - 1237
  • [38] Commentary: Your eyes can deceive you; don't trust them
    Hanif, Rabbiya
    Ashfaq, Awais
    JTCVS TECHNIQUES, 2022, 11 : 48 - 48
  • [39] Data Analysis of Cloud Security Alliance's Security, Trust & Assurance Registry
    Sen, Amartya
    Madria, Sanjay
    ICDCN'18: PROCEEDINGS OF THE 19TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING AND NETWORKING, 2018,
  • [40] You Can Access but You Cannot Leak: Defending Against Illegal Content Redistribution in Encrypted Cloud Media Center
    Zhang, Leo Yu
    Zheng, Yifeng
    Weng, Jian
    Wang, Cong
    Shan, Zihao
    Ren, Kui
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2020, 17 (06) : 1218 - 1231
12345