{"id":932,"date":"2024-10-24T20:54:01","date_gmt":"2024-10-25T02:54:01","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/?p=932"},"modified":"2024-10-24T20:54:05","modified_gmt":"2024-10-25T02:54:05","slug":"vulnerabilities-in-e2ee-cloud-storage","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/2024\/10\/24\/vulnerabilities-in-e2ee-cloud-storage\/","title":{"rendered":"Vulnerabilities in E2EE Cloud Storage"},"content":{"rendered":"\n
<\/span>\"\"
\n

Vulnerabilities in E2EE Cloud Storage<\/p>\n\n\n\n

\"\"<\/figure>\n<\/div><\/div>\n\n\n\n

During ACM CCS 2024, held October 14-18, 2024, researchers from ETH Zurich, Jonas Hofmann and Kien Tuong Truong, indicated severe security flaws in the end-to-end encryption (E2EE) systems of several cloud storage service providers. These flaws can pose a significant threat to user information and undermine the promised security standards of those providers.<\/p>\n\n\n\n

The research studied five cloud storage service providers: Sync, pCloud, Icedrive, Seafile, and Tresorit, with over 22 million users. The academics investigated these cloud service companies and found them vulnerable to various types of attacks, including unauthorized access to key material, protocol downgrades, and data tampering. However, some of the companies have acknowledged the issue and are considering addressing it, while others, such as Icedrive, have publicly stated their intention not to fix the vulnerabilities. This raises concerns for E2EE cloud storage users regarding the use of cloud storage services with proper data privacy and security.<\/p>\n\n\n\n

End-to-end encryption (E2EE)<\/h5>\n\n\n\n

In E2EE only the sender and receiver can read or modify the content as they have the only relevant keys, and it uses private communication using Public key encryption based on two keys instead of one: a public key and a private key. E2EE is a type of messaging that keeps messages private from everyone, including the messaging service (cloud service provider). When E2EE is used the message only exists in decrypted form for the sender and receiver. It\u2019s like a letter goes over the mail in a sealed envelope.<\/p>\n\n\n\n

\n
\"\"<\/figure>\n<\/figure>\n\n\n\n

Image: E2EE Scenario showing encrypted movement between sender and receiver <\/p>\n\n\n\n

Description of the protocol and key hierarchy used by those five providers<\/strong><\/p>\n\n\n\n

Considering protocols due to the dependence on a user-chosen password \u03c1 (generally dissimilar from the one used to validate for the server) -derived key material, the security of the systems researcher\u2019s analysis is highly dependent on the strength of the user\u2019s password. A malicious provider can always attempt an offline brute-force attack or a dictionary attack to recover a password, which is a fundamental limitation of password-based encryption. Good password policies along with multifactor authentication and the usage of a memory-hard password hashing function help to mitigate this risk.<\/p>\n\n\n\n

The Key hierarchies for those providers are summarized in the following figure:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Figure 1: <\/strong>Key hierarchies of all providers researched. Symbols shown \u2217 indicate a one-to-many relationship. All the key material that is not obtained from something else is indirectly generated using relevant suitable key generation functions.<\/p>\n\n\n\n

Combination of attacks to test Confidentiality, Integrity and Availability (CIA)<\/strong><\/p>\n\n\n\n

The researchers tested 10 possible attacks against E2EE cloud storage services; all these activities would require the attacker to have already gained control of a server with the ability to read, modify and inject data. The researchers mentioned that they study this to be a convincing threat model for E2EE services, as these service industries are meant to protect files even if such a compromise has happened.<\/p>\n\n\n\n

These attacks were categorized into ten broad categories, which can compromise confidentiality, damage file data and metadata, and enable the injection of unauthorized files and directory manipulation.<\/p>\n\n\n\n

The researchers identified the following vulnerabilities:<\/p>\n\n\n\n