[Resource Topic] 2017/570: Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONE’s Security

Welcome to the resource topic for 2017/570

Title:
Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONE’s Security

Authors: Anders P. K. Dalskov, Claudio Orlandi

Abstract:

This paper presents an independent security review of a popular encrypted cloud storage service (ECS) SpiderOakONE. Contrary to previous work analyzing similar programs, we formally define a minimal security requirements for confidentiality in ECS which takes into account the possibility that the ECS actively turns against its users in an attempt to break the confidentiality of the users’ data. Our analysis uncovered several serious issues, which either directly or indirectly damage the confidentiality of a user’s files, therefore breaking the claimed Zero- or No-Knowledge property (e.g., the claim that even the ECS itself cannot access the users’ data). After responsibly disclosing the issues we found to SpiderOak, most have been fixed.

ePrint: https://eprint.iacr.org/2017/570

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .