Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds


21 Apr 2014   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds

Quote:
Some cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.

Zero knowledge cloud services usually work by storing customer data in an encrypted fashion and only giving customers the keys to unencrypt it, rather than the vendor having access to those keys. But the researchers found that if data is shared within a cloud service, those keys could be vulnerable to an attack allowing vendors to peer into customer data if they wanted to. The study casts doubt over these zero-knowledge clouds and reinforces advice from experts that end users should be fully aware of how vendors handle their data.

Zero knowledge cloud vendors examined by the researchers - in this case Spider Oak, Wuala and Tresorit - typically use a method where data is encrypted when it is stored in the cloud and only unencrypted when the user downloads it again from the cloud. This model is secure. But, the researchers warn that if data is shared in the cloud, meaning that it is sent via the cloud service without the user downloading it on to their system, then vendors have an opportunity to view it. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," lead author Duane Wilson, a doctoral student in the Information Security Institute at the Department of Computer Science at Johns Hopkins University, was quoted as saying in a review of the report. View the full PDF of the report here.
Source

A Guy

My System SpecsSystem Spec
.

21 Apr 2014   #2

W7 Pro SP1 64bit
 
 

Most of the online storage solutions that I've seen only store one copy of a file. Thousands of users might be paying to store the same file, but only one copy (not counting the vendor's backup copies) is stored in the cloud. To do that, the vendor must know/use the encryption key.

It is fine to say that it would be more secure if each user had/used a unique key, but each user might end up paying more.
My System SpecsSystem Spec
22 Apr 2014   #3

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 

Unavoidable.
If you give your data to someone else you run the risk of them reading it.
My System SpecsSystem Spec
.


22 Apr 2014   #4

Windows 7 Pro. 64/SP-1
 
 

It is simple to me.
1. Only put your data with someone else if that is the only option you have.
2. Cloud usage is growing very fast and Cloud security isn't keep up.
3. Only you will treat your data with the proper security and tender loving care.
4. If #1 applies to you get another option.
My System SpecsSystem Spec
22 Apr 2014   #5

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by lehnerus2000 View Post
Unavoidable.
If you give your data to someone else you run the risk of them reading it.
But you can make is very hard for them to do so. Nested truecrypt volumes are pretty hard to crack. It would be simpler/quicker to just infect your computer and steal the passwords.

Quote   Quote: Originally Posted by Layback Bear View Post
It is simple to me.
1. Only put your data with someone else if that is the only option you have.
2. Cloud usage is growing very fast and Cloud security isn't keep up.
3. Only you will treat your data with the proper security and tender loving care.
4. If #1 applies to you get another option.
Is your data safe from an event like fire/flood?
My System SpecsSystem Spec
22 Apr 2014   #6

Windows 7 Pro. 64/SP-1
 
 

If one want to protect from fire and flood it can be done.
You could choose a fire proof and water proof containers for hard drives.
I read a lot more about things being hacked that I do about floods and fires destroying data.
My System SpecsSystem Spec
22 Apr 2014   #7

W7 Pro SP1 64bit
 
 

It would be interesting to compare the data loss numbers for hacked vs. fire/flood for private (non-business) data...
...if only such data was available.
My System SpecsSystem Spec
26 May 2014   #8

Windows 7 Professional Version 6.1 Build 7601 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
Quote:
Some cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.

Zero knowledge cloud services usually work by storing customer data in an encrypted fashion and only giving customers the keys to unencrypt it, rather than the vendor having access to those keys. But the researchers found that if data is shared within a cloud service, those keys could be vulnerable to an attack allowing vendors to peer into customer data if they wanted to. The study casts doubt over these zero-knowledge clouds and reinforces advice from experts that end users should be fully aware of how vendors handle their data.

Zero knowledge cloud vendors examined by the researchers - in this case Spider Oak, Wuala and Tresorit - typically use a method where data is encrypted when it is stored in the cloud and only unencrypted when the user downloads it again from the cloud. This model is secure. But, the researchers warn that if data is shared in the cloud, meaning that it is sent via the cloud service without the user downloading it on to their system, then vendors have an opportunity to view it. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," lead author Duane Wilson, a doctoral student in the Information Security Institute at the Department of Computer Science at Johns Hopkins University, was quoted as saying in a review of the report. View the full PDF of the report here.
Source

A Guy
I use Dropbox and have quite a bit of space on it for free (87GB to be precise) obtained from referrals, etc. and i would like to ask you if Dropbox is worthy of security in terms of storing things that you would not want compromised.

Dropbox has a site somewhat explaining their security here

Are the ones that you mentioned (Spider Oak, Wuala and Tresorit) better than Dropbox in a sense of encryption methods? Being that this cloud storage there is no way to be 100% secure, correct me if i'm wrong.

I'm looking for just decent encryption at the cheapest cost (If not free, even). Something that would make it worth transferring my data to another storage service and losing my 87GB
My System SpecsSystem Spec
26 May 2014   #9

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Well...

Dropbox drops the security notification ball, again

But then again, are they any different? I think you'd be well served to find out the best ways to secure your current info

6 Ways To Secure Your Dropbox Account

How To Add a Second Layer of Encryption to Dropbox

Another question is how much of that data is actually a liability to you if it was seen? Account info, tax info, etc. Does it all need to be uber secure, or could you go to extra steps to just secure that data that could harm you?

A Guy
My System SpecsSystem Spec
26 May 2014   #10

Windows 7 Professional Version 6.1 Build 7601 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
Well...

Dropbox drops the security notification ball, again

But then again, are they any different? I think you'd be well served to find out the best ways to secure your current info

6 Ways To Secure Your Dropbox Account

How To Add a Second Layer of Encryption to Dropbox

Another question is how much of that data is actually a liability to you if it was seen? Account info, tax info, etc. Does it all need to be uber secure, or could you go to extra steps to just secure that data that could harm you?

A Guy
I've actually ran across and browsed all of the articles that you've mentioned, but i appreciate you taking the time to look in to it for me.

And no, there is only 1 or 2 things that i wouldn't want people to see on my Dropbox and even those aren't major.

I was really wanting to figure out if the Cloud Storage services you recommended previously were a better way to go in terms of security, or reliability, as I've had an error occur recently with the Windows Dropbox application and lost some data.
My System SpecsSystem Spec
Reply

 Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds




Thread Tools



Similar help and support threads for2: Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds
Thread Forum
Study finds IE9 is better at blocking malware than others combined Security News
Data in the Cloud cannot be guaranteed to be secure News
HTML5 Being Used to Set Persistent Cookies, Study Finds Security News
Study Finds Microsoft’s Free Antivirus As Effective As Symantec’s... Security News
Secure a Storage HDD? Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:24 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33