Client-side encryption

Last updated

Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service. [1] Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy. [1]

Contents

Applications utilizing client-side encryption are sometimes marketed under the misleading or incorrect term "zero-knowledge", [2] but this is a misnomer, as the term zero-knowledge describes something entirely different in the context of cryptography.

Details

Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users. [1]

Current recommendations by industry professionals as well as academic scholars offer great vocal support for developers to include client-side encryption to protect the confidentiality and integrity of information. [3] [4] [5]

Examples of services that use client-side encryption by default

Examples of services that optionally support client-side encryption

Examples of services that do not support client-side encryption

Examples of client-side encrypted services that no longer exist

See also

Related Research Articles

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

A file-hosting service, also known as cloud-storage service, online file-storage provider, or cyberlocker, is an internet hosting service specifically designed to host user files. These services allow users to upload files that can be accessed over the internet after providing a username and password or other authentication. Typically, file hosting services allow HTTP access, and in some cases, FTP access. Other related services include content-displaying hosting services, virtual storage, and remote backup solutions.

Software as a service is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. Unlike other software delivery models, it separates "the possession and ownership of software from its use". SaaS use began around 2000, and by 2023 was the main form of software application deployment.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

<span class="mw-page-title-main">Christopher Soghoian</span> American computer scientist (born 1981)

Christopher Soghoian is a privacy researcher and activist. He is currently working for Senator Ron Wyden as the senator’s Senior Advisor for Privacy & Cybersecurity. From 2012 to 2016, he was the principal technologist at the American Civil Liberties Union.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

SpiderOak Inc. is a US-based software company focused on satellite cybersecurity.

This is a comparison of online backup services.

Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, U.S. that offers cloud storage, file synchronization, personal cloud, and client software. Dropbox was founded in 2007 by MIT students Drew Houston and Arash Ferdowsi as a startup company, with initial funding from seed accelerator Y Combinator.

<span class="mw-page-title-main">Cloud computing</span> Form of shared internet-based computing

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations, each of which is a data center. Cloud computing relies on sharing of resources to achieve coherence and typically uses a pay-as-you-go model, which can help in reducing capital expenses but may also lead to unexpected operating expenses for users.

This is a comparison of notable file hosting services that are currently active. File hosting services are a particular kind of online file storage; however, various products that are designed for online file storage may not have features or characteristics that others designed for sharing files have.

Google Drive is a file-hosting service and synchronization service developed by Google. Launched on April 24, 2012, Google Drive allows users to store files in the cloud, synchronize files across devices, and share files. In addition to a web interface, Google Drive offers apps with offline capabilities for Windows and macOS computers, and Android and iOS smartphones and tablets. Google Drive encompasses Google Docs, Google Sheets, and Google Slides, which are a part of the Google Docs Editors office suite that allows collaborative editing of documents, spreadsheets, presentations, drawings, forms, and more. Files created and edited through the Google Docs suite are saved in Google Drive.

eM Client Desktop email client for Windows and Mac

eM Client is a desktop email client for Windows and macOS. Its functions include sending and receiving email, managing calendars, tasks, contacts, notes, and chat. It was originally released in 2007 and still receives regular updates as of May 2024. Versions for Android and iOS were released in 2024.

Tresorit is a cloud storage platform that offers functions for administration, storage, synchronization, and transfer of data using end-to-end encryption.

Cloud computing is used by most people every day, but there are issues that limit its widespread adoption. It is one of the fast developing area that can instantly supply extensible services by using internet with the help of hardware and software virtualization. Cloud computing biggest advantage is flexible lease and release of resources as per the requirement of the user. Its other advantages include efficiency, compensating the costs in operations and management. It curtails down the high prices of hardware and software

<span class="mw-page-title-main">Enpass</span> Password manager

Enpass is a freemium password manager and passkey manager available for MacOS, Windows, iOS, Android and Linux, with browser extensions for all major browsers, and pricing plans for both personal use and business.

Enterprise file synchronization and sharing refers to software services that enable organizations to securely synchronize and share documents, photos, videos and files from multiple devices with employees, and external customers and partners. Organizations often adopt these technologies to prevent employees from using consumer-based file sharing apps to store, access and manage corporate data that is outside of the IT department’s control and visibility.

Dew computing is an information technology (IT) paradigm that combines the core concept of cloud computing with the capabilities of end devices. It is used to enhance the experience for the end user in comparison to only using cloud computing. Dew computing attempts to solve major problems related to cloud computing technology, such as reliance on internet access. Dropbox is an example of the dew computing paradigm, as it provides access to the files and folders in the cloud in addition to keeping copies on local devices. This allows the user to access files during times without an internet connection; when a connection is established again, files and folders are synchronized back to the cloud server.

In cloud computing, the term zero-knowledge refers to an online service that stores, transfers or manipulates data in a way that maintains a high level of confidentiality, where the data is only accessible to the data's owner, and not to the service provider. This is achieved by encrypting the raw data at the client's side or end-to-end, without disclosing the password to the service provider. This means that neither the service provider, nor any third party that might intercept the data, can decrypt and access the data without prior permission, allowing the client a higher degree of privacy than would otherwise be possible. In addition, zero-knowledge services often strive to hold as little metadata as possible, holding only that data that is functionally needed by the service.

<span class="mw-page-title-main">Cryptee</span> Document and image storage service

Cryptee is a privacy focused client-side encrypted and cross-platform productivity suite and data storage service. Users can write personal documents, notes, journals, store images, videos, and various kinds of other files. The company's commercial strategy is focused on offering to its users an open source and transparent Photo Storage, Document Editor and Cloud Storage services without trackers or advertisements as it seeks to compete with Google Docs, Google Photos and similar services through its offerings. Cryptee, based out of Tallinn, Estonia, Europe, utilizes zero-access storage to safe-keep all users' sensitive digital belongings.

References

  1. 1 2 3 Tunio Gaffer (2015). "Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security". Information Security Today. Auerbach Publications. Archived from the original on January 16, 2016. Retrieved February 21, 2016.
  2. "Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... | Hacker News". news.ycombinator.com. Retrieved 2018-07-16.
  3. Deka, Ganesh Chandra (31 October 2014). "3 Security Architecture for Cloud Computing". Handbook of Research on Securing Cloud-Based Databases with Biometric Applications. IGI Global. ISBN   978-1-4666-6560-6 . Retrieved 21 February 2016.
  4. Tobias Ackermann (22 December 2012). IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. Springer Science & Business Media. pp. 136–. ISBN   978-3-658-01115-4 . Retrieved 21 February 2016.
  5. "Communications of the Association for Information Systems 13:Article 24". Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht. Fraunhofer-Institut für Sichere Informationstechnologie SIT. 2009. ISBN   978-3-9813317-0-7 . Retrieved 21 February 2016.
  6. "What is Tresorit". support.tresorit.com. Tresorit. 2023. Retrieved Jul 8, 2024.
  7. "Mega Security Whitepaper" (PDF). mega.nz. MEGA. 2022. p. 21. Retrieved Jul 8, 2024.
  8. "Cryptee Security". crypt.ee. Cryptee. 2024. Retrieved Jul 8, 2024.
  9. "Cryptomator Github". github.com. Cryptomator. 2024. Retrieved Jul 8, 2024.
  10. "Apple advances user security with powerful new data protections". apple.com. Apple. 2022. Retrieved Jul 8, 2024.
  11. "How to Enable Advanced Data Protection on iOS, and Why You Should". eff.org. EFF. 2023. Retrieved Jul 8, 2024.
  12. 1 2 "Client-side encryption and strengthened collaboration in Google Workspace". workspaceupdates.googleblog.com. Retrieved 2023-01-24.
  13. 1 2 3 "Client-side encryption for Gmail available in beta". workspaceupdates.googleblog.com. Retrieved 2023-01-24.
  14. "About client-side encryption". apps.google.com. Retrieved Jul 8, 2024.
  15. "Can I specify my own private key for my Dropbox?". dropbox.com. Retrieved Jul 8, 2024.
  16. "SpiderOak Cross Clave". crossclave.com. SpiderOak Cross Clave. 2024. Archived from the original on May 15, 2024. Retrieved Jul 8, 2024.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.