Client-side encryption: Difference between revisions
ErikHaugen (talk | contribs) m ErikHaugen moved page Client-Side Encryption to Client-side encryption without leaving a redirect: history merge |
Remove because of unreliable source WP:VENDOR |
||
(35 intermediate revisions by 26 users not shown) | |||
Line 1: | Line 1: | ||
'''Client-side encryption''' is the [[cryptographic]] technique of [[encrypting]] data on the sender's side, before it is transmitted to a [[server (computing)|server]] such as a [[cloud storage service]].<ref name=":9"/> |
|||
{{unreferenced|date=February 2011}} |
|||
Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. |
|||
{{wikify|date=February 2011}} |
|||
Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.<ref name=":9"/> |
|||
Applications utilizing client-side encryption are sometimes marketed under the misleading or incorrect term ''"zero-knowledge"'',<ref name=":10"/> but this is a misnomer, as the term [[zero-knowledge proof|zero-knowledge]] describes something entirely different in the context of cryptography. |
|||
'''[[Client-side]] encryption''' is the cryptographic technique of encrypting data before it is transmitted to a server in a [[computer network]]. Usually, [[encryption]] is performed with a key that is not known to the server. Consequently, the service provider is unable to decrypt the hosted data. In order to access the data, it must always be decrypted by the client. Client-side encryption allows for the creation of [[zero-knowledge application]]s whose providers cannot access the data its users have stored, thus offering a high level of privacy. |
|||
==Details== |
|||
<!--- Categories ---> |
|||
Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.<ref name=":9"/> |
|||
Current recommendations by industry professionals as well as academic scholars offer great vocal support for developers to include client-side encryption to protect the confidentiality and integrity of information. |
|||
<ref name="Chandra2014">{{cite book |author=Deka, Ganesh Chandra |title=Handbook of Research on Securing Cloud-Based Databases with Biometric Applications |url=https://books.google.com/books?id=iiKXBQAAQBAJ |accessdate=21 February 2016 |date=31 October 2014 |publisher=IGI Global |isbn=978-1-4666-6560-6 |chapter=3 Security Architecture for Cloud Computing}}</ref><ref name="Ackermann2012">{{cite book |author=Tobias Ackermann |title=IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing |url=https://books.google.com/books?id=3WFEAAAAQBAJ&pg=PA136 |accessdate=21 February 2016 |date=22 December 2012 |publisher=Springer Science & Business Media |isbn=978-3-658-01115-4 |pages=136–}}</ref> |
|||
<ref>{{cite book |title=Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht |url=https://books.google.com/books?id=JgNUcgAACAAJ |accessdate=21 February 2016 |year=2009 |publisher=Fraunhofer-Institut für Sichere Informationstechnologie SIT |isbn=978-3-9813317-0-7 |chapter=Communications of the Association for Information Systems 13:Article 24}}</ref> |
|||
===Examples of services that use client-side encryption by default=== |
|||
* [[Tresorit]]<ref name=":0"/> |
|||
* [[Mega (service)|MEGA]]<ref name=":1"/> |
|||
* [[Cryptee]]<ref name=":2"/> |
|||
* [[Cryptomator]]<ref name=":11"/> |
|||
===Examples of services that optionally support client-side encryption=== |
|||
* [[iCloud|Apple iCloud]] offers optional client-side encryption when "Advanced Data Protection for iCloud" is enabled.<ref name=":3"/><ref name=":4"/> |
|||
* [[Google Drive]],<ref name=":6"/> [[Google Docs]],<ref name=":6"/> [[Google Meet]],<ref name=":7"/> [[Google Calendar]],<ref name=":7"/> and [[Gmail]]<ref name=":7"/> — However, as of Jul 2024, optional client-side encryption features are only available to paid users.<ref name=":8"/> |
|||
===Examples of services that do not support client-side encryption=== |
|||
* [[Dropbox (service)|Dropbox]]<ref name=":5"/> |
|||
===Examples of client-side encrypted services that no longer exist=== |
|||
* [[SpiderOak|SpiderOak Backup]]<ref name=":12"/> |
|||
==See also== |
|||
* [[End-to-end encryption]] – the encryption of data between two different clients that are communicating with each other |
|||
* [[Homomorphic encryption]] |
|||
==References== |
|||
{{reflist|refs= |
|||
<ref name=":0">{{cite web |url=https://support.tresorit.com/hc/en-us/articles/216113777-What-is-Tresorit#:~:text=We%20use%20client-side%20encryption,access%20the%20data%20you%20store |title=What is Tresorit |date=2023 |website=support.tresorit.com |publisher=Tresorit |access-date=Jul 8, 2024}}</ref> |
|||
<ref name=":1">{{cite web |url=https://mega.nz/SecurityWhitepaper.pdf |title=Mega Security Whitepaper |date=2022 |website=mega.nz |publisher=MEGA |access-date=Jul 8, 2024 |page=21}}</ref> |
|||
<ref name=":2">{{cite web |url=https://crypt.ee/security |title=Cryptee Security |date=2024 |website=crypt.ee |publisher=Cryptee |access-date=Jul 8, 2024}}</ref> |
|||
<ref name=":3">{{cite web |url=https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/ |title=Apple advances user security with powerful new data protections |date=2022 |website=apple.com |publisher=Apple |access-date=Jul 8, 2024}}</ref> |
|||
<ref name=":4">{{cite web |url=https://www.eff.org/deeplinks/2023/05/how-enable-advanced-data-protection-ios-and-why-you-should |title=How to Enable Advanced Data Protection on iOS, and Why You Should |date=2023 |website=eff.org |publisher=EFF |access-date=Jul 8, 2024}}</ref> |
|||
<ref name=":5">{{Cite web |title=Can I specify my own private key for my Dropbox? |url=https://help.dropbox.com/security/how-security-works#:~:text=Dropbox%20doesn't%20offer%20client,the%20file%20and%20container%20level. |access-date=Jul 8, 2024 |website=dropbox.com |language=en-US}}</ref> |
|||
<ref name=":6">{{Cite web |title=Client-side encryption and strengthened collaboration in Google Workspace |url=https://workspace.google.com/blog/product-announcements/new-google-workspace-security-features |access-date=2023-01-24 |website=workspaceupdates.googleblog.com |language=en-US}}</ref> |
|||
<ref name=":7">{{Cite web |title=Client-side encryption for Gmail available in beta |url=https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html |access-date=2023-01-24 |website=workspaceupdates.googleblog.com |language=en}}</ref> |
|||
<ref name=":8">{{Cite web |title=About client-side encryption |url=https://support.google.com/a/answer/10741897?hl=en |access-date=Jul 8, 2024 |website=apps.google.com |language=en}}</ref> |
|||
<ref name=":9">{{cite web |url= http://www.infosectoday.com/Articles/Client-Side_Encryption.htm |title= Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security |date= 2015 |accessdate= February 21, 2016 |author= Tunio Gaffer |website= Information Security Today |publisher= Auerbach Publications |archive-url=https://web.archive.org/web/20160116160010/http://www.infosectoday.com/Articles/Client-Side_Encryption.htm |archive-date= January 16, 2016 |url-status= dead }}</ref> |
|||
<ref name=":10">{{Cite web|url=https://news.ycombinator.com/item?id=13303436|title=Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... {{!}} Hacker News|website=news.ycombinator.com|access-date=2018-07-16}}</ref> |
|||
<ref name=":11">{{cite web |url=https://github.com/cryptomator/cryptomator |title=Cryptomator Github |date=2024 |website=github.com |publisher=Cryptomator |access-date=Jul 8, 2024}}</ref> |
|||
<ref name=":12">{{cite web |url=https://crossclave.com |title=SpiderOak Cross Clave |date=2024 |website=crossclave.com |publisher=SpiderOak Cross Clave |access-date=Jul 8, 2024 |archive-url=https://web.archive.org/web/20240515010622/https://crossclave.com/ |archive-date=May 15, 2024}}</ref> |
|||
}} |
|||
[[Category:Cryptography]] |
[[Category:Cryptography]] |
||
[[Category:Clients]] |
[[Category:Clients (computing)]] |
||
[[Category:Cloud storage]] |
|||
{{Crypto-stub}} |
Latest revision as of 17:41, 12 November 2024
Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service.[1] Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.[1]
Applications utilizing client-side encryption are sometimes marketed under the misleading or incorrect term "zero-knowledge",[2] but this is a misnomer, as the term zero-knowledge describes something entirely different in the context of cryptography.
Details
[edit]Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.[1]
Current recommendations by industry professionals as well as academic scholars offer great vocal support for developers to include client-side encryption to protect the confidentiality and integrity of information. [3][4] [5]
Examples of services that use client-side encryption by default
[edit]Examples of services that optionally support client-side encryption
[edit]- Apple iCloud offers optional client-side encryption when "Advanced Data Protection for iCloud" is enabled.[10][11]
- Google Drive,[12] Google Docs,[12] Google Meet,[13] Google Calendar,[13] and Gmail[13] — However, as of Jul 2024, optional client-side encryption features are only available to paid users.[14]
Examples of services that do not support client-side encryption
[edit]Examples of client-side encrypted services that no longer exist
[edit]See also
[edit]- End-to-end encryption – the encryption of data between two different clients that are communicating with each other
- Homomorphic encryption
References
[edit]- ^ a b c Tunio Gaffer (2015). "Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security". Information Security Today. Auerbach Publications. Archived from the original on January 16, 2016. Retrieved February 21, 2016.
- ^ "Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... | Hacker News". news.ycombinator.com. Retrieved 2018-07-16.
- ^ Deka, Ganesh Chandra (31 October 2014). "3 Security Architecture for Cloud Computing". Handbook of Research on Securing Cloud-Based Databases with Biometric Applications. IGI Global. ISBN 978-1-4666-6560-6. Retrieved 21 February 2016.
- ^ Tobias Ackermann (22 December 2012). IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. Springer Science & Business Media. pp. 136–. ISBN 978-3-658-01115-4. Retrieved 21 February 2016.
- ^ "Communications of the Association for Information Systems 13:Article 24". Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht. Fraunhofer-Institut für Sichere Informationstechnologie SIT. 2009. ISBN 978-3-9813317-0-7. Retrieved 21 February 2016.
- ^ "What is Tresorit". support.tresorit.com. Tresorit. 2023. Retrieved Jul 8, 2024.
- ^ "Mega Security Whitepaper" (PDF). mega.nz. MEGA. 2022. p. 21. Retrieved Jul 8, 2024.
- ^ "Cryptee Security". crypt.ee. Cryptee. 2024. Retrieved Jul 8, 2024.
- ^ "Cryptomator Github". github.com. Cryptomator. 2024. Retrieved Jul 8, 2024.
- ^ "Apple advances user security with powerful new data protections". apple.com. Apple. 2022. Retrieved Jul 8, 2024.
- ^ "How to Enable Advanced Data Protection on iOS, and Why You Should". eff.org. EFF. 2023. Retrieved Jul 8, 2024.
- ^ a b "Client-side encryption and strengthened collaboration in Google Workspace". workspaceupdates.googleblog.com. Retrieved 2023-01-24.
- ^ a b c "Client-side encryption for Gmail available in beta". workspaceupdates.googleblog.com. Retrieved 2023-01-24.
- ^ "About client-side encryption". apps.google.com. Retrieved Jul 8, 2024.
- ^ "Can I specify my own private key for my Dropbox?". dropbox.com. Retrieved Jul 8, 2024.
- ^ "SpiderOak Cross Clave". crossclave.com. SpiderOak Cross Clave. 2024. Archived from the original on May 15, 2024. Retrieved Jul 8, 2024.