Sign In

Communications of the ACM

ACM TechNews

Design Flaw in 'secure' Cloud Storage Puts Privacy at Risk, Jhu Researchers Say

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A security flaw could jeopardize data stored in the cloud.

Researchers have identified a flaw in the way secure cloud storage companies protect customers' data.

Credit: The Hub

Johns Hopkins University (JHU) researchers have found a flaw in the way secure cloud storage companies protect their customers' data, which could jeopardize the privacy protections they offer.

Whenever customers share their confidential files, the storage provider could exploit the security flaw to secretly view private data, according to the researchers. They focused on the secure cloud storage providers that house or back up sensitive information about intellectual property, finances, employees, and customers. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," says JHU doctoral student and lead researcher Duane C. Wilson.

Privacy during file sharing is normally preserved by the use of a trusted third party, and when the authentication process is finished, the third party issues "keys" that can unscramble and then re-encode the data to restore its confidentiality. "As a result, whenever data is shared with another user or group of users, the storage service could perform a man-in-the-middle attack by pretending to be another user or group member," Wilson says.

The researchers recommend the agreements between customers and secure storage providers be changed so an independent third party serves as the file-sharing "middle man" instead of the storage company itself.

From The Hub
View Full Article


Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


No entries found