Can You Trust Your Encrypted Cloud?: An Assessment of SpiderOakONE's Security

Publikation: Bidrag til bog/antologi/rapport/proceedingKonferencebidrag i proceedingsForskningpeer review


This paper presents an independent security review of a popular encrypted cloud storage service (ECS) SpiderOakONE. Contrary to previous work analyzing similar programs, we formally define a minimal security requirements for confidentiality in ECS which takes into account the possibility that the ECS actively turns against its users in an attempt to break the confidentiality of the users' data. Our analysis uncovered several serious issues, which either directly or indirectly damage the confidentiality of a user's files, therefore breaking the claimed Zero- or No-Knowledge property (i.e., the claim that even the ECS itself cannot access the users' data). After responsibly disclosing the issues we found to SpiderOak, most have been fixed.

TitelASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
RedaktørerJong Kim, Gail-Joon Ahn, Seungjoo Kim
Antal sider13
UdgivelsesstedNew York, NY, USA
ForlagAssociation for Computing Machinery
Udgivelsesår29 maj 2018
ISBN (trykt)978-1-4503-5576-6
ISBN (Elektronisk)9781450355766
StatusUdgivet - 29 maj 2018
BegivenhedACM Asia Conference on Computer & Communications Security 2018 - Songdo Central Park Hotel, Songdo, Sydkorea
Varighed: 4 jun. 20188 jun. 2018
Konferencens nummer: 13


KonferenceACM Asia Conference on Computer & Communications Security 2018
LokationSongdo Central Park Hotel
SerietitelASIACCS '18


  • applications / cloud storage, end-to-end encryption, spideroak

Se relationer på Aarhus Universitet Citationsformater

ID: 135450099