Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds

21 Apr 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds

Quote:
Some cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.

Zero knowledge cloud services usually work by storing customer data in an encrypted fashion and only giving customers the keys to unencrypt it, rather than the vendor having access to those keys. But the researchers found that if data is shared within a cloud service, those keys could be vulnerable to an attack allowing vendors to peer into customer data if they wanted to. The study casts doubt over these zero-knowledge clouds and reinforces advice from experts that end users should be fully aware of how vendors handle their data.

Zero knowledge cloud vendors examined by the researchers - in this case Spider Oak, Wuala and Tresorit - typically use a method where data is encrypted when it is stored in the cloud and only unencrypted when the user downloads it again from the cloud. This model is secure. But, the researchers warn that if data is shared in the cloud, meaning that it is sent via the cloud service without the user downloading it on to their system, then vendors have an opportunity to view it. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," lead author Duane Wilson, a doctoral student in the Information Security Institute at the Department of Computer Science at Johns Hopkins University, was quoted as saying in a review of the report. View the full PDF of the report here.
Source

A Guy


My System SpecsSystem Spec
.

21 Apr 2014   #2
UsernameIssues

W7 Pro SP1 64bit
 
 

Most of the online storage solutions that I've seen only store one copy of a file. Thousands of users might be paying to store the same file, but only one copy (not counting the vendor's backup copies) is stored in the cloud. To do that, the vendor must know/use the encryption key.

It is fine to say that it would be more secure if each user had/used a unique key, but each user might end up paying more.
My System SpecsSystem Spec
22 Apr 2014   #3
lehnerus2000

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
 
 

Unavoidable.
If you give your data to someone else you run the risk of them reading it.
My System SpecsSystem Spec
.


22 Apr 2014   #4
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

It is simple to me.
1. Only put your data with someone else if that is the only option you have.
2. Cloud usage is growing very fast and Cloud security isn't keep up.
3. Only you will treat your data with the proper security and tender loving care.
4. If #1 applies to you get another option.
My System SpecsSystem Spec
22 Apr 2014   #5
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by lehnerus2000 View Post
Unavoidable.
If you give your data to someone else you run the risk of them reading it.
But you can make is very hard for them to do so. Nested truecrypt volumes are pretty hard to crack. It would be simpler/quicker to just infect your computer and steal the passwords.

Quote   Quote: Originally Posted by Layback Bear View Post
It is simple to me.
1. Only put your data with someone else if that is the only option you have.
2. Cloud usage is growing very fast and Cloud security isn't keep up.
3. Only you will treat your data with the proper security and tender loving care.
4. If #1 applies to you get another option.
Is your data safe from an event like fire/flood?
My System SpecsSystem Spec
22 Apr 2014   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If one want to protect from fire and flood it can be done.
You could choose a fire proof and water proof containers for hard drives.
I read a lot more about things being hacked that I do about floods and fires destroying data.
My System SpecsSystem Spec
22 Apr 2014   #7
UsernameIssues

W7 Pro SP1 64bit
 
 

It would be interesting to compare the data loss numbers for hacked vs. fire/flood for private (non-business) data...
...if only such data was available.
My System SpecsSystem Spec
26 May 2014   #8
exitPr0gram

Windows 7 Professional Version 6.1 Build 7601 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
Quote:
Some cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.

Zero knowledge cloud services usually work by storing customer data in an encrypted fashion and only giving customers the keys to unencrypt it, rather than the vendor having access to those keys. But the researchers found that if data is shared within a cloud service, those keys could be vulnerable to an attack allowing vendors to peer into customer data if they wanted to. The study casts doubt over these zero-knowledge clouds and reinforces advice from experts that end users should be fully aware of how vendors handle their data.

Zero knowledge cloud vendors examined by the researchers - in this case Spider Oak, Wuala and Tresorit - typically use a method where data is encrypted when it is stored in the cloud and only unencrypted when the user downloads it again from the cloud. This model is secure. But, the researchers warn that if data is shared in the cloud, meaning that it is sent via the cloud service without the user downloading it on to their system, then vendors have an opportunity to view it. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," lead author Duane Wilson, a doctoral student in the Information Security Institute at the Department of Computer Science at Johns Hopkins University, was quoted as saying in a review of the report. View the full PDF of the report here.
Source

A Guy
I use Dropbox and have quite a bit of space on it for free (87GB to be precise) obtained from referrals, etc. and i would like to ask you if Dropbox is worthy of security in terms of storing things that you would not want compromised.

Dropbox has a site somewhat explaining their security here

Are the ones that you mentioned (Spider Oak, Wuala and Tresorit) better than Dropbox in a sense of encryption methods? Being that this cloud storage there is no way to be 100% secure, correct me if i'm wrong.

I'm looking for just decent encryption at the cheapest cost (If not free, even). Something that would make it worth transferring my data to another storage service and losing my 87GB
My System SpecsSystem Spec
26 May 2014   #9
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Well...

Dropbox drops the security notification ball, again

But then again, are they any different? I think you'd be well served to find out the best ways to secure your current info

6 Ways To Secure Your Dropbox Account

How To Add a Second Layer of Encryption to Dropbox

Another question is how much of that data is actually a liability to you if it was seen? Account info, tax info, etc. Does it all need to be uber secure, or could you go to extra steps to just secure that data that could harm you?

A Guy
My System SpecsSystem Spec
26 May 2014   #10
exitPr0gram

Windows 7 Professional Version 6.1 Build 7601 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
Well...

Dropbox drops the security notification ball, again

But then again, are they any different? I think you'd be well served to find out the best ways to secure your current info

6 Ways To Secure Your Dropbox Account

How To Add a Second Layer of Encryption to Dropbox

Another question is how much of that data is actually a liability to you if it was seen? Account info, tax info, etc. Does it all need to be uber secure, or could you go to extra steps to just secure that data that could harm you?

A Guy
I've actually ran across and browsed all of the articles that you've mentioned, but i appreciate you taking the time to look in to it for me.

And no, there is only 1 or 2 things that i wouldn't want people to see on my Dropbox and even those aren't major.

I was really wanting to figure out if the Cloud Storage services you recommended previously were a better way to go in terms of security, or reliability, as I've had an error occur recently with the Windows Dropbox application and lost some data.
My System SpecsSystem Spec
Reply

 Even the Most Secure Cloud Storage May Not Be So Secure, Study Finds




Thread Tools





Similar help and support threads
Thread Forum
CloudAlloy Makes Docs In The Cloud More Secure By Breaking Them Into..
CloudAlloy Makes Docs In The Cloud More Secure By Breaking Them Into Pieces Source A Guy
Security News
Study finds IE9 is better at blocking malware than others combined
Study finds IE9 is better at blocking malware than Chrome, Safari, and Firefox combined Source A Guy
Security News
Data in the Cloud cannot be guaranteed to be secure
Hi everyone While This news snippet concerns a slightly different topic but : You can see what *Could* happen if the people who own the servers have legal problems with content. http://www.bbc.co.uk/news/technology-16787486 -- users could be prevented from gaining access to...
News
HTML5 Being Used to Set Persistent Cookies, Study Finds
HTML5 Being Used to Set Persistent Cookies, Study Finds | threatpost
Security News
Study Finds Microsoft’s Free Antivirus As Effective As Symantec’s...
More - Study Finds Microsoft’s Free Antivirus As Effective As Symantec’s Norton - Andy Greenberg - The Firewall - Forbes
Security News
Secure a Storage HDD?
Hey guys, I have a 500Gb Hard drive in my system which i use purely for storage,Like my films,music,,and information id rather keep private. My parents and my sister and sometimes some friends all use this pc,and even on their limited user account they can still access my 500Gb drive,How can...
Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:48.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App