Paper 2017/570

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONE’s Security

Anders P. K. Dalskov and Claudio Orlandi

Abstract

This paper presents an independent security review of a popular encrypted cloud storage service (ECS) SpiderOakONE. Contrary to previous work analyzing similar programs, we formally define a minimal security requirements for confidentiality in ECS which takes into account the possibility that the ECS actively turns against its users in an attempt to break the confidentiality of the users' data. Our analysis uncovered several serious issues, which either directly or indirectly damage the confidentiality of a user's files, therefore breaking the claimed Zero- or No-Knowledge property (e.g., the claim that even the ECS itself cannot access the users' data). After responsibly disclosing the issues we found to SpiderOak, most have been fixed.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
Cloud storageend-to-end encryptionSpiderOak
Contact author(s)
anderspkd @ cs au dk
History
2018-01-11: last of 2 revisions
2017-06-14: received
See all versions
Short URL
https://ia.cr/2017/570
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/570,
      author = {Anders P.  K.  Dalskov and Claudio Orlandi},
      title = {Can You Trust Your Encrypted Cloud? An Assessment of {SpiderOakONE}’s Security},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/570},
      year = {2017},
      url = {https://eprint.iacr.org/2017/570}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.