Hamburg-based cloud data service relies on zero-knowledge procedures to protect customer data
Hamburg, November 23, 2021 – “Zero-knowledge IT is the order of the day in times of crisis,” says Detlef Schmuck, CEO of Hamburg-based TeamDrive GmbH. The company operates a cloud data service for team collaboration based on a so-called “zero knowledge” principle. “This means that we, as a provider, have no information about our customers’ data and no key to access the data,” explains Detlef Schmuck. He thus sees TeamDrive as an antipode to, as he puts it, “other common data services, file sharing and collaboration solutions” where providers have access to customer data.
“TeamDrive’s interface looks very similar and is just as easy to use as the data services of the big U.S. providers Dropbox, Box or OneDrive,” says Detlef Schmuck, “but only we have a zero-knowledge architecture by design working underneath. This means that our service is set up from the ground up so that we, as the provider, can never read our customers’ data.” This secure default setting protects just non-IT-savvy, ordinary computer users and business customers.
This works through end-to-end encryption of all data stored in the cloud without exception, with only the customer holding the key. TeamDrive does not receive any key at all and can therefore “under no circumstances get hold of the data in readable form” (Detlef Schmuck). Therefore, TeamDrive never processes data in the cloud, which would require it to be decrypted on the server, but always downloads it to an end device for decryption and processing. “Particularly in the current crisis, in which many companies are forced to rapidly advance their digitalization, for example through home offices, it is important not to neglect security and still provide easy-to-use solutions for employees and customers,” emphasizes TeamDrive CEO Detlef Schmuck.
Background to encryption
TeamDrive combines various encryption methods in its solution to ensure maximum security and confidentiality at all times and in all places. TeamDrive works with a so-called RSA encryption with two keys, one private and one public. The abbreviation RSA stands for the first letters of the surnames of the three mathematicians Ronald Rivest, Adi Shamir and Leonard Adleman, who invented the method. In the RSA method, the private key is used to decrypt and sign data. The public key is used to encrypt the contents and verify signatures. The password of the public key is known, but the code of the private key is secret. When TeamDrive is installed, it creates a public-private RSA-2048/3072 key pair. The digits denote the key length, so ultimately the security; 2048/3072 is considered uncrackable. These keys are used for the secure transmission of TeamDrive invitations. The public key is located on a central TeamDrive server, but this does not represent a security restriction, as data can never be converted into a readable form with a public key alone. TeamDrive encrypts all files on the customer’s computer using the AES-256 algorithm before they are uploaded. AES-256 is the highest available security level of the Advanced Encryption Standard. A separate symmetric AES-256 key is created for each data room (Space) at TeamDrive. As soon as a new group member receives an invitation to the Space, the symmetric key of the data room is encrypted with the user’s public key and an invitation is sent. The access data for the cloud servers is also sent in encrypted form. The process ensures that only authorized group members can access the data.