📄 End-to-end Encrypted Cloud Storage in the Wild: A Broken Ecosystem (To appear at ACM CCS 2024) Joint work with Jonas Hofmann. We analyzed five end-to-end encrypted cloud storage services and found severe vulnerabilities in four of them. 🌐: brokencloudstorage.info

Sync, pCloud, Icedrive, Seafile, and Tresorit are popular E2EE cloud storage services that often appear in the public debate. They serve millions of users, companies, universities, and governmental organizations. We analyze their security against a compromised server.

Unfortunately, we found that four of these providers (Sync, pCloud, Icedrive, and Seafile) suffer from severe cryptographic vulnerabilities, which we disclosed. The impact ranges from injecting malicious files into the storage to compromising plaintexts!

We cluster attacks in classes: independent cryptographic designs are affected by the same anti-patterns. 🔐 Example: believing that public-key encryption provides authentication. However, since the public key is public anyone can create a ciphertext that decrypts correctly!

😈 Other "fun" vulnerabilities include a variation of a key-overwriting attack (see kopenpgp.com), which leads to leaking newly uploaded file plaintexts. No stunt crypto this time: most attacks are very practical even for less resourceful adversaries!

We are the first to document these cryptographic designs in depth. They all differ in practice from their respective whitepapers (if they exist), hindering independent auditing. We extracted concrete designs from the minified web client code. Great work by Jonas Hofmann!

The moral of the story is that E2EE cloud storage appears to be an immature field, which requires more foundational work. Some people may argue that cloud storage is a solved problem. Our work, in addition to the analyses of MEGA and Nextcloud, shows that, in practice, it's not.

Backendal, Davis, Günther, Haller, and Paterson make a great effort on the formal side. Check out their paper! x.com/kennyog/status…

There are still many open questions: 📄 How should a standard for E2EE cloud storage look like? 🔏 How can we best merge security with the business requirements and the engineering constraints? 🤝 What's the best way for cryptographers and practitioners to collaborate on this?

Go check out our website! It has nice non-technical descriptions of our attacks, split between the providers. 🌐: brokencloudstorage.info

[New] End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem (Jonas Hofmann and Kien Tuong Truong) ia.cr/2024/1616