The questionsAre you using hosted services to store your company's data?Do you have any idea how much companies like Google, Microsoft or Yahoo knows about you?Are your conversations on the web indeed private?What about personal online finance managers? How secure is your data stored?
The issueOnline applications are a very convenient way to keep you data online, but what about security and privacy?Nowadays, web applications have a major drawback: you have to trust the web application provider that your data is guarded secure and safe from the prying eyes.
The philosophyWe think that only the user should be the one responsible for own data.Moreover, we think that only the user should be able to read, change or delete own data.We think that no one, not even the web application provider should be able to read users' data.
The solution: zero knowledge web applicationsIn rough lines, the zkBox's highlights are:Authentication to the storage without revealing anything about the user's password (zero-knowledge password proof)Encrypt and sign all the data before being sending it out to the online storageThe data is stored in the online storage in its encrypted form (Host-proof online storage)Data is retrieved from the storage and decrypted on the client machine (the encryption key is never sent from the client)
Under the hoodzkBox comes as an API built on top of a persistent storage solution which provides authentication an authorization. AWS (Amazon Web Services) is used as storage backend (on own installation, SQL Server can also be used).Security algorithms used:
Authentication: SRP 6a (zero-knowledge password proof protocol)Symmetric encryption: AES-256Digest: SHA-512Random generator: TRNG (with PRNG fallback)
Application scenarios build on top of zkBoxpersonal secure online backuponline medical recordsbank transactions backuppersonal finances
Get startedAre you ready to learn more about zkBox and how it can help you to secure your next application?If so, please visit the developers section.