Several providers cloud services promise users full privacy and protection from monitoring through the adoption of zero knowledge policies.
Zero knowledge cloud services work by storing data in encrypted form and providing users with unique wrenches for their decryption, which providers do not have access to.
However, a recent study by Johns Hopkins University calls into question the security of these security policies:
Experts have found that if data is shared through one services cloud, these keys could be vulnerable to attacks, allowing providers to gain access to customer data.
Several cloud service providers that promise zero knowledge protection - such as Spider Oak, Wuala and Tresorit - use a method where data is encrypted when stored in the cloud and decrypted only when downloaded by a user. This model is safe. But researchers warn that if the data becomes a share in the cloud, meaning it is sent through the service without the user downloading it to its system, then providers have the opportunity to see them.
For more information you can see the full report here.
Source: iguru.gr
