Zero-knowledge service

Last updated

In cloud computing, the term zero-knowledge (or occasionally no-knowledge or zero access) refers to an online service that stores, transfers or manipulates data in a way that maintains a high level of confidentiality, where the data is only accessible to the data's owner (the client), and not to the service provider. This is achieved by encrypting the raw data at the client's side or end-to-end (in case there is more than one client), without disclosing the password to the service provider. This means that neither the service provider, nor any third party that might intercept the data, can decrypt and access the data without prior permission, allowing the client a higher degree of privacy than would otherwise be possible. In addition, zero-knowledge services often strive to hold as little metadata as possible, holding only that data that is functionally needed by the service.

The term "zero-knowledge" was popularized by backup service SpiderOak, which later switched to using the term "no knowledge" to avoid confusion with the computer science concept of zero-knowledge proof.

Disadvantages

Most[ citation needed ] cloud storage services keep a copy of the client's password on their servers, allowing clients who have lost their passwords to retrieve and decrypt their data using alternative means of authentication; but since zero-knowledge services do not store copies of clients' passwords, [1] if a client loses their password then their data cannot be decrypted, making it practically unrecoverable.

Most[ citation needed ] cloud storage services are also able to furnish access requests from law enforcement agencies for similar reasons; zero-knowledge services, however, are unable to do so, since their systems are designed to make clients' data inaccessible without the client's explicit cooperation.

Related Research Articles

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

A file-hosting service, also known as cloud-storage service, online file-storage provider, or cyberlocker, is an internet hosting service specifically designed to host user files. These services allows users to upload files that can be accessed over the internet after providing a username and password or other authentication. Typically, file hosting services allow HTTP access, and in some cases, FTP access. Other related services include content-displaying hosting services, virtual storage, and remote backup solutions.

A remote, online, or managed backup service, sometimes marketed as cloud backup or backup-as-a-service, is a service that provides users with a system for the backup, storage, and recovery of computer files. Online backup providers are companies that provide this type of service to end users. Such backup services are considered a form of cloud computing.

<span class="mw-page-title-main">Wuala</span>

Wuala was a secure online file storage, file synchronization, versioning and backup service originally developed and run by Caleido Inc. It is now part of LaCie, which is in turn owned by Seagate Technology. The service stores files in data centres that are provided by Wuala in multiple European countries. An earlier version also supported distributed storage on other users' machines, however this feature has been dropped. On 17 August 2015 Wuala announced that it was discontinuing its service and that all stored data would be deleted on 15 November 2015. Wuala recommended a rival cloud storage startup, Tresorit, as an alternative to its remaining customers.

This is a comparison of online backup services.

<span class="mw-page-title-main">Cloud computing</span> Form of shared Internet-based computing

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations, each of which is a data center. Cloud computing relies on sharing of resources to achieve coherence and typically uses a pay-as-you-go model, which can help in reducing capital expenses but may also lead to unexpected operating expenses for users.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Apple ID is a user account by Apple for their devices and software. Apple IDs contain the user's personal data and settings. When an Apple ID is used to log in to an Apple device, the device will automatically use the data and settings associated with the Apple ID.

Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, mandatory decryption laws force owners of encrypted data to supply decrypted data to law enforcement.

<span class="mw-page-title-main">Cloud computing architecture</span> Overview about the cloud computing architecture

Cloud computing architecture refers to the components and subcomponents required for cloud computing. These components typically consist of a front end platform, back end platforms, a cloud based delivery, and a network. Combined, these components make up cloud computing architecture.

Tresorit is a cloud storage service with end-to-end encryption.

Datain use is an information technology term referring to active data which is stored in a non-persistent digital state typically in computer random-access memory (RAM), CPU caches, or CPU registers.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps.

Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service. Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy. Those applications are sometimes marketed under the misleading term "zero-knowledge".

Self-hosting is the practice of running and maintaining a website or service using a private web server, instead of using a service outside of someone's own control. Self-hosting allows users to have more control over their data, privacy, and computing infrastructure, as well as potentially saving costs and improving skills.

mailbox.org Encrypted email and web service provider in Germany

mailbox.org is an encrypted email service provider based in Germany. The encryption system uses PGP like most other encrypted email providers. It also features address books, calendars, video conferencing, online office and tasks management. It competes against Office365 and GSuite as a German based provider. Its target customers include private, business, school and public authorities.

References

  1. Kiefer, Franziskus; Manulis, Mark (2014). "Zero-Knowledge Password Policy Checks and Verifier-Based PAKE" (PDF). Computer Security - ESORICS 2014. Lecture Notes in Computer Science. Vol. 8713. pp. 295–312. doi:10.1007/978-3-319-11212-1_17. ISBN   978-3-319-11211-4.
  2. Kiss, Jemima (2014-07-17). "Snowden: Dropbox is hostile to privacy, unlike 'zero knowledge' Spideroak". The Guardian. Retrieved 2021-05-29.
  3. O'Sullivan, Fergus (2015-08-25). "What Exactly is Zero-Knowledge in The Cloud and How Does it Work?". Cloudwards. Retrieved 2021-05-29.
  4. Farivar, Cyrus (2016-10-04). "FBI demands Signal user data, but there's not much to hand over". Ars Technica. Retrieved 2021-05-29.