Client-side encryption
Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service.[1] Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.[1]
Applications utilizing client-side encryption are sometimes marketed under the misleading or incorrect term "zero-knowledge",[2] but this is a misnomer, as the term zero-knowledge describes something entirely different in the context of cryptography.
Details
[edit]Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. By remaining encrypted through each intermediary server, client-side encryption ensures that data retains privacy from the origin to the destination server.[3] This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.[1]
Current recommendations by industry professionals as well as academic scholars offer great vocal support for developers to include client-side encryption to protect the confidentiality and integrity of information. [4][5] [6]
Examples of services that use client-side encryption by default
[edit]Examples of services that optionally support client-side encryption
[edit]- Apple iCloud offers optional client-side encryption when "Advanced Data Protection for iCloud" is enabled.[11][12]
- Google Drive,[13] Google Docs,[13] Google Meet,[14] Google Calendar,[14] and Gmail[14] — However, as of Jul 2024, optional client-side encryption features are only available to paid users.[15]
Examples of services that do not support client-side encryption
[edit]Examples of client-side encrypted services that no longer exist
[edit]See also
[edit]- End-to-end encryption – the encryption of data between two different clients that are communicating with each other
- Homomorphic encryption
References
[edit]- ^ a b c Tunio Gaffer (2015). "Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security". Information Security Today. Auerbach Publications. Archived from the original on January 16, 2016. Retrieved February 21, 2016.
- ^ "Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... | Hacker News". news.ycombinator.com. Retrieved 2018-07-16.
- ^ "What is Client-side Encryption and Why Does It Matter?". Virtru. 2015-05-25. Retrieved 2021-05-05.
- ^ Deka, Ganesh Chandra (31 October 2014). "3 Security Architecture for Cloud Computing". Handbook of Research on Securing Cloud-Based Databases with Biometric Applications. IGI Global. ISBN 978-1-4666-6560-6. Retrieved 21 February 2016.
- ^ Tobias Ackermann (22 December 2012). IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. Springer Science & Business Media. pp. 136–. ISBN 978-3-658-01115-4. Retrieved 21 February 2016.
- ^ "Communications of the Association for Information Systems 13:Article 24". Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht. Fraunhofer-Institut für Sichere Informationstechnologie SIT. 2009. ISBN 978-3-9813317-0-7. Retrieved 21 February 2016.
- ^ "What is Tresorit". support.tresorit.com. Tresorit. 2023. Retrieved Jul 8, 2024.
- ^ "Mega Security Whitepaper" (PDF). mega.nz. MEGA. 2022. p. 21. Retrieved Jul 8, 2024.
- ^ "Cryptee Security". crypt.ee. Cryptee. 2024. Retrieved Jul 8, 2024.
- ^ "Cryptomator Github". github.com. Cryptomator. 2024. Retrieved Jul 8, 2024.
- ^ "Apple advances user security with powerful new data protections". apple.com. Apple. 2022. Retrieved Jul 8, 2024.
- ^ "How to Enable Advanced Data Protection on iOS, and Why You Should". eff.org. EFF. 2023. Retrieved Jul 8, 2024.
- ^ a b "Client-side encryption and strengthened collaboration in Google Workspace". workspaceupdates.googleblog.com. Retrieved 2023-01-24.
- ^ a b c "Client-side encryption for Gmail available in beta". workspaceupdates.googleblog.com. Retrieved 2023-01-24.
- ^ "About client-side encryption". apps.google.com. Retrieved Jul 8, 2024.
- ^ "Can I specify my own private key for my Dropbox?". dropbox.com. Retrieved Jul 8, 2024.
- ^ "SpiderOak Cross Clave". crossclave.com. SpiderOak Cross Clave. 2024. Archived from the original on May 15, 2024. Retrieved Jul 8, 2024.