-5

By server mistrust, I mean the fully implemented lack of customer plaintext on a vendor's system, and lack of vendor access to customer plaintext.

Specific case in question: Password and SSH key management backups, in which all are AES encrypted before being sent off to the vendor.

Possible threats:

  1. Vendor is compromised (pretty frequent, these days), e.g. by dumpster diving or disgruntled employees.
  2. Malicious actor deletes all vendor data.
  3. AES key used to encrypt backup is compromised.

Often, client-side data encryption just seems like a way to manage plausible deniability for the vendor in question, e.g. Mega.nz. Companies like the Clipperz password manager offer client-side encryption, or "mistrust" as a security feature.

I need a way to explain this sort of thing to management, users, and customers.

What security advantages does this sort of "you don't have to trust us" approach provide?

I am not asking about the security disadvantages, here, just the advantages.

Nathan Basanese
  • 640
  • 1
  • 9
  • 20
  • Zero knowledge doesn't add a level of security, it just makes is so that its easy to explain to a 3rd party that it is secure without knowing the technical details. – BadSkillz Jun 10 '15 at 08:04
  • // , Zero Knowledge security, i.e. vendors not storing any of our data in plaintext, doesn't provide any security advantages, then? – Nathan Basanese Jun 10 '15 at 08:25
  • 3
    There isn't much love for term misuse. Zero-knowledge is primarily used to discuss zero-knowledge cryptography, in which you can get a third-party to prove they hold some secret without you ever knowing what it is. Data storage services that encrypt your data or make you encrypt your data before you upload it are not making use of zero-knowledge cryptography, but of basic common sense. Because your wording is rather ambiguous, people are unlikely to know what to reply, hence the downvoting. – Steve Dodier-Lazaro Jun 10 '15 at 08:43
  • 1
    As for "does it improve security?" the answer is yes, but the question is still too poorly phrased to help your higher-ups weight how much of a factor that should be in their decision making process. What about 24/7 support, uptime, cost, convenience, compatibility, reputation, etc...? – Steve Dodier-Lazaro Jun 10 '15 at 08:44
  • // , I might suggest that a better way to demonstrate a lack of love for term misuse would be to answer by a term for "...services that encrypt your data or make you encrypt your data before you upload it...". I don't ask questions because they I things. I ask questions because they know that I do not. – Nathan Basanese Jun 10 '15 at 08:47
  • Obviously, lack of customer's data on one's server is always better. But without any details, it is difficult to quantify how much useful it could be. – eltrai Jun 10 '15 at 11:14
  • 1
    Also you could definitly edit your question to get rid of the term misuse, which is very confusing. – eltrai Jun 10 '15 at 11:15
  • 1
    Give us a specific context (the assets you're manipulating and your threat model), and tell us exactly what price you're paying for using a service that guarantees the secrecy of your data, then we'll be more able to tell you whether it's worth it or not. We don't know your company so we can't just make a binary guess as to why your management or customers would refuse the more confidentiality-preserving service. – Steve Dodier-Lazaro Jun 10 '15 at 12:41
  • // , Well, thanks, Steve! Not that it makes much difference now, though. You're -4 too late, and I think it's in downvote limbo. – Nathan Basanese Jun 10 '15 at 18:50

1 Answers1

5

Zero-Knowledge is an expression with a very precise meaning in cryptography, which does not match yours. Not using that expression would be a good communication move, even though you would not be the first person to abuse the terminology.

The property that you want to talk about would be better called "mistrust". The point of it is to indeed increase security -- legal security, to be specific. Services like Mega try to establish the idea that since they do not have access to the actual data, they cannot be held responsible for it. In practical terms, they offer a platform for massive sharing of copyrighted works without incurring the legal wrath of the copyright holders. Whether this would hold in court remains to be seen, though... Some examples of success at applying that strategy include postal services around the world: if two people send letters to each other describing their plans for some terrorist attack, the postman will not be considered an accomplice, even though he conveys the information and technically helps the terrorists coordinate with each other.

From a security analysis point of view, one may state that encryption ensures confidentiality against any party that does not have access to the decryption key, thus moving these parties somehow out of the security perimeter (for data confidentiality, at least). In your case, you want to remove yourself (your servers) completely out of the security perimeter. This both increases and decreases security: on one hand, this means that you no longer have to really care about data confidentiality as you store it; on the other hand, it adds new ways for data to be lost (if the client forgets the decryption key, the data is no longer accessible, and there is nothing you can do against that on the server side). As with all things about security, this is a trade-off.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475