1. What are the limitations of existing client-side encryption solutions?
Existing client-side encryption solutions have limitations in terms of security, efficiency, and usability. Many cloud storage providers, such as Google Drive and Dropbox, do not support client-side encryption and rely on server-side encryption, TLS, and two-factor authentication. Apple's iCloud supports end-to-end encryption for sensitive information but only server encryption for other data. Some products use symmetric encryption derived from passwords or PINs, which are considered unsafe due to low entropy. Additionally, most password-based solutions only support single-user file encryption and decryption, lacking a file sharing mechanism. Share keys are manually sent through insecure channels, making the process inconvenient and vulnerable to data breaches.
read more
2. Why are password-based solutions considered unsafe?
Password-based solutions are considered unsafe because they rely on low entropy derived from passwords, passphrases, or 4-digit PINs. These solutions typically only handle single-user file encryption and decryption, lacking a file sharing mechanism. This approach is inconvenient and brittle as users must manually send share links and passwords through separate channels. The limited entropy and lack of robust sharing mechanisms make these solutions vulnerable to security breaches and unauthorized access.
read more
3. What is the KEM-DEM setting in cloud encryption?
The KEM-DEM setting in cloud encryption involves a key encapsulation mechanism (KEM) and a data encapsulation mechanism (DEM). It is a hybrid encryption scheme where users generate RSA key pairs and obtain certificates from cloud service providers. The RSA public keys are used to encrypt data under fresh sampled AES keys. This method is adopted by providers like Amazon, Tresorit, and Mega. However, it is inflexible and inefficient due to the need for obtaining and specifying public keys for all recipients, leading to increased bandwidth, storage costs, and user expenditure.
read more
4. What are the limitations of existing solutions?
The limitations of existing solutions include poor security, coarse-grained access control, inflexible file sharing, and poor usability. Poor usability arises from the requirement of additional software or plugins, limiting users' devices and platforms. Switching to a new device necessitates repetitive installation processes, increasing users' burden and decreasing usability. These limitations hinder the efficiency and effectiveness of file sharing and access control in various applications.
read more