A recent study by researcher at Johns Hopkins University questions how safe are the tactics of “zero knowledge” undertaken by some providers of Cloud storage
The study identifies serious weaknesses in the security and confidentiality of data stored in alleged “safe” clouds . According to the study , users should investigate in detail how suppliers manage their data. The cloud providers analyzed by researchers (Spider Oak, Wuala and Tresorit) typically use a method where data is encrypted when stored in the cloud and is only decrypted when the user downloads it from the cloud.
But the service providers might watch the contents of the documents if the data is shared with other user of the storage service. Usually these providers have an intermediary service that verifies the user before providing the keys to encrypt data. Researchers have found that suppliers can sometimes provide their own verification. This represents an opportunity for providers to offer false credentials that would decode the data using a very similar precedure to the attack known as “man in the middle”.
Fortunately, there are no news about commited data so far, but the possibility has been discovered and vulnerability is much greater than thought in this alleged “safe” services.
SCAPE Solutions could be of help in guaranteeing the data management is made in a safe way keeping the data encrypted at all times, avoiding sensitive data leakages and supressing those aforementioned weaknesses of “secure” cloud storage services.