Johns Hopkins University (JHU) researchers have found a flaw in the way secure cloud storage companies protect their customers' data, which could jeopardize the privacy protections they offer.
Whenever customers share their confidential files, the storage provider could exploit the security flaw to secretly view private data, according to the researchers. They focused on the secure cloud storage providers that house or back up sensitive information about intellectual property, finances, employees, and customers. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," says JHU doctoral student and lead researcher Duane C. Wilson.
Privacy during file sharing is normally preserved by the use of a trusted third party, and when the authentication process is finished, the third party issues "keys" that can unscramble and then re-encode the data to restore its confidentiality. "As a result, whenever data is shared with another user or group of users, the storage service could perform a man-in-the-middle attack by pretending to be another user or group member," Wilson says.
The researchers recommend the agreements between customers and secure storage providers be changed so an independent third party serves as the file-sharing "middle man" instead of the storage company itself.
From The Hub
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA