What is Zero-Knowledge Encryption

FEDO Zero-Knowledge Encryption - the only way to keep your data safe

“Zero-knowledge encryption is the solution that stops anyone but you from un-encrypting your data – including government agencies going directly to your storage provider and using the cloud act!

If Zero-knowledge encryption is the solution, what is the problem? 

94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen and 51% close within two years. (University of Texas).

For many organization, the biggest risk when using any type of cloud storage is how safe is it?  If the authorities arrive at your cloud providers offices with a warrant and demand the data and the encryption keys, what happens? What happens if an employee at your cloud provider goes rouge and shares my encryption keys or un-encrypts and shares my data? (See the Capital One data breach)

Regulated industries spend millions of dollars on complex systems to protect the cryptographic keys that secure files stored in the cloud or on-premise. Despite this investment, there are breaches through mismanaged or stolen keys. If regulated industries can’t protect their data – what hope is there for smaller organizations? How do you keep your data safe? What is the answer?

The point is: you must use hardened Zero-Knowledge Encryption such as FEDO™ technology.

Zero-knowledge encryption is the most secure way to use the public cloud, and to store files within your own organization. Zero-Knowledge Encryption removes the issue of the public cloud provider mismanaging your encryption keys and removes the high cost and complexity of running your own key management system.

Having your data encrypted is a the first step to ensuring your stored data is safe. The next step is to make sure that the keys that encrypt that data are safe and only available to those who decide can have access. The problem with public storage is that it is like a hotel room. Your room is secured by the key that you are given so your belongings are safe, but the hotel also have the key and the key can, for example,  be compromised by a bad room service employee who can access your belongings. This is the senario that played out with the Capitol One data breach. In August 2019 a former Amazon employee was arrested and charged with stealing customer over 100 million customer records.

Zero-Knowledge Encryption means that the service provider has zero knowledge of the keys that are used to encrypt your data. It is like having a unique key for your hotel room so only you have access, even the hotel staff and management need you to open the door to get in.

How It Works

Cipher7™ from FortressSecure uses FEDO™ technology to secure the stored data. Other systems encrypt the file based on a key that is then stored and secured using a password only know to the user. FEDO technology goes much further by hardening of encryption, as shown below.

  1. First it fragments the file into multiple pieces
  2. Then it encrypts each individual fragments
  3. Next, it obfuscates the file names
  4. Finally it distributes the file fragments across randomly named directories. These directories can be in multiple locations.

The keys are generated for each file fragment in a blockchain type method and destroyed immediately after use. There are no stored keys to be compromised.

Zero-knowledge encryption

The security hardening by multiple methods rather than encryption alone is of the utmost importance when considering the onslaught and power of the attacks to observe, steal, or even destroy private and confidential information

 

Cipher 7 can be used for securing both public cloud storage and private cloud storage. The encrypted drive is accessable from Windows, MacOS, Linux, Android and IoS as a local drive, the same way you would map and access a network drive. The private cloud can be setup through the FortressSecure SilverShield SFTP server.