The zero-knowledge principle opens up a discussion about cryptographically secure cloud-based applications. A zero-knowledge
proof is when one party proves to a second party that something is true without providing any additional information.
In essence, enterprises using Gmail can only trust that Google will be a good steward and properly secure their data. It's quite a leap of faith.
In applying this principle to cloud application security, data generated by an application and stored in the cloud will remain private and known only to the end user. This is significant because only the end user will be able to access and read the data in cleartext -- the cloud service provider as well as any attacker who gained access to the data store where our information is stored will only see garbled data. The objective is to protect important data -- like usernames, passwords, Social Security numbers -- against prying eyes.
In contrast, Google's Gmail, one of the world's most popular cloud-based applications, had 425 million users worldwide as of June 2012, but it is not a zero-knowledge application, since its users' email messages are not encrypted when stored in the cloud.
Worse yet is how Google takes advantage of that lack of encryption. When registering, the Gmail license agreement states that Google can access the user's data to present relevant advertisements to users. For this to be possible, Google must have access to all its users' email messages, clearly a concern for anyone worried about data privacy. The only messages Google can't view are the ones that have been specifically encrypted by a user using some sort of GPG encryption tool, but this has to be done by a user manually and is not provided as part of Gmail. In essence, enterprises using Gmail can only trust that Google will be a good steward and properly secure their data. It's quite a leap of faith.
A Gmail-style security paradigm is fine for the typical user, who traditionally is not concerned with security. While securing personal data is important, unfortunately, most people are not willing to sacrifice time or money to take this precaution.
With recent NSA revelations, the security of data in cloud applications has become more important, particularly for enterprises. Thus, cloud-based applications that provide security are increasingly important: Recent publicity around high-profile security incidents has highlighted the importance of security, and there's never been a better time for security teams to leverage that awareness to convince internal stakeholders to commit the resources needed to effect change.
Examples: Zero-knowledge and cloud security
To help enterprises know what to look for when selecting secure cloud applications, let's review several cloud application providers that are appropriately applying the zero-knowledge principle to secure their cloud applications.
SpiderOak Crypton Framework
Using the zero-knowledge program, SpiderOak is developing the open-source Crypton framework, which helps users build cryptographically secure cloud-based applications. Crypton handles the data encryption process, so the developers are not involved. This way, weaknesses are less likely and the data is more secure, a far better system for developers.
SpiderOak, a company that provides online cloud storage synchronization and sharing programs similar to Dropbox, provides zero-knowledge by providing client-side encryption for data stored in the cloud, ensuring only its users can view their cloud data in unencrypted form. However, since SpiderOak is a zero-knowledge backup service, there is no way of recovering or resetting a password if it is lost. This is also true for other zero-knowledge applications, and users may feel frustrated working with such programs.
Sync.com is another company providing zero-knowledge cloud data storage. It provides desktop clients only for Windows and OS X, but the Linux desktop client is on the way. In comparison, SpiderOak has a Linux desktop client version to synchronize local data with the data stored on the cloud, which makes it more prominent for Linux users.
Another alternative, CryptoHeaven Inc., provides zero-knowledge, secure and encrypted email hosting. Comparing CryptoHeaven service to Gmail, all the email messages stored on CryptoHeaven servers are encrypted and can be decrypted only by the end user. CryptoHeaven is an open source cross-platform desktop client program written in Java, which can be used to manage your CryptoHeaven account including email messages, chat conversion and cloud storage.
See Infosec Institute’s article on Building Cryptographically Secure Cloud Applications.
Upon reviewing CryptoHeaven, I was surprised how easy everything works together. Basically, it's a matter of downloading and running the desktop client, which will transparently generate the private/public key pair used for encryption and decryption of data. With CryptoHeaven it's possible to send encrypted or unencrypted email messages; when sending unencrypted messages, the whole message body will be seen unencrypted through the MTA mail servers along the way, but this is how the mail system was designed. Nevertheless, all email messages stored in the user's folder are encrypted and can't be seen by anyone but the user.
There is a rising need to build cryptographically secure cloud applications as they become more important in the coming years. In building such applications, the world moves toward better security. Crypton (see "SpiderOak Crypton Framework") is a great jumping-off point to build upon. True, applications built using Crypton are
susceptible to a zero-day vulnerability, but that may be unavoidable. Crypton is still a young project, but with further development it will become a true asset to the open-source community -- and a way to build cryptographically secure applications.
About the author:
Dejan Lukan has an extensive knowledge of Linux/BSD system maintenance as well as security related concepts including system administration, network administration, security auditing, penetration testing, reverse engineering, malware analysis, fuzzing, debugging and antivirus evasion. He is also fluent in more than a dozen programming languages and constantly writes security-related articles for his own website at www.proteansec.com.