Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONE's Security

被引：3

作者：

Dalskov, Anders P. K. ^{[1
]}

Orlandi, Claudio ^{[1
]}

机构：

[1] Aarhus Univ, Aarhus, Denmark

来源：

PROCEEDINGS OF THE 2018 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS'18) | 2018年

关键词：

D O I：

10.1145/3196494.3196547

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

This paper presents an independent security review of a popular encrypted cloud storage service (ECS) SpiderOakONE. Contrary to previous work analyzing similar programs, we formally define a minimal security requirements for confidentiality in ECS which takes into account the possibility that the ECS actively turns against its users in an attempt to break the confidentiality of the users' data. Our analysis uncovered several serious issues, which either directly or indirectly damage the confidentiality of a user's files, therefore breaking the claimed Zero- or No -Knowledge property (i.e., the claim that even the ECS itself cannot access the users' data). After responsibly disclosing the issues we found to SpiderOak, most have been fixed.

引用

页码：343 / 355

页数：13

共 50 条

[41] Change Can Work for You or Against You It's Your Choice
McConnell, Charles R.
HEALTH CARE MANAGER, 2010, 29 (04) : 365 - 374
[42] Do you trust your recommendations? An exploration of security and privacy issues in recommender systems
Lam, Shyong K. 'Tony'
Frankowski, Dan
Riedl, John
EMERGING TRENDS IN INFORMATION AND COMMUNICATION SECURITY, PROCEEDINGS, 2006, 3995 : 14 - +
[43] What's in your head can hurt you
Mathiason, G
FORTUNE, 1998, 138 (02) : 153 - 153
[44] How Many People - Besides You - Can Answer Your Security Questions?
Moallem, Abbas
ERGONOMICS IN DESIGN, 2013, 21 (04) : 31 - 32
[45] Can You Trust Your Autonomous Car? Interpretable and Verifiably Safe Reinforcement Learning
Schmidt, Lukas M.
Kontes, Georgios
Plinge, Axel
Mutschler, Christopher
2021 32ND IEEE INTELLIGENT VEHICLES SYMPOSIUM (IV), 2021, : 171 - 178
[46] Graph Neural Networks for Hardware Vulnerability Analysis - Can you Trust your GNN?
Alrahis, Lilas
Sinanoglu, Ozgur
2023 IEEE 41ST VLSI TEST SYMPOSIUM, VTS, 2023,
[47] Graph Neural Networks for Hardware Vulnerability Analysis - Can you Trust your GNN?
New York University, Center for Cybersecurity, Abu Dhabi, United Arab Emirates
Proc IEEE VLSI Test Symp,
[48] Who can you trust? Credibility assessment in online health forums
Lederman, Reeva
Fan, Hanmei
Smith, Stephen
Chang, Shanton
HEALTH POLICY AND TECHNOLOGY, 2014, 3 (01) : 13 - 25
[49] Can you trust your lawyer's call? Legal advisers exhibit myside bias resistant to debiasing interventions
Jeklic, Mihael A.
JOURNAL OF EMPIRICAL LEGAL STUDIES, 2023, 20 (02) : 409 - 433
[50] Whom can you trust? It's not so easy to tell
Stewart, TA
FORTUNE, 2000, 141 (12) : 331 - +

← 1 2 3 4 5 →