smart AND secure cloud document archive

derabbink
  • smart AND secure cloud document archive derabbink

    I am thinking of creating a cloud-based document archive. The intention is to make it impossible for the system to read the users' files, and be more than just a storage provider.

    Looking at this question, there are some ways to do this, but effectively this limits the archive system to be just a "dumb" storage provider: Only on your own machine will the data make sense after decryption.

    For trusting that the storage provider will not laugh at your embarrassing holiday pictures, this approach is rock solid. But the problem is that you won't have the convenience of a less secure system like dropbox, google drive or neat.com.
    These systems (let's call them "smart") index your data for search, have handy in-browser document viewers, etc, which I want for my system.

    But providing a web-interface to users' data means that the web server must be able to serve unencrypted files (or thumbnails).

    For storage, I was thinking of using asymmetric (RSA) encryption of symmetric encrption (AES?) secrets on the central server. Each file is symmetrically encrypted with a per-file secret. Those secrets are encrypted using the public key. The private key needed for decrypting a file's secret (and thus decrypting the file) is encrypted using a secret based on the user's password.

    This means that files can only be read by the server if the decrypted private key is kept in its decrypted form for the duration of a users session. Similary, indexing and generating thumbnails for stored files/documents can only be happen while the private key is "unlocked". This design is easily expandable to accommodate application-specific passwords (create an encrypted private key per password), in case I ever want to develop apps besides the web interface.

    My question is: How fundamentally (in)secure is this design?

    1. If the (web) server can decrypt files when users are logged in, this obviously begs a question of "how trustworthy and responsible with users' data and encryption secrets am I?" Is there a way to formally(/by design) answer this question with "very"?
    2. Moreover, how eager are the system administrators at my cloud provider to MITM my running system? (If e.g. pressured by some government.)
    3. And finally: In case of someone seizing my servers, are the users' data/encryption secrets safe from prying eyes?

  • I'm not sure if I understand your problem. There seems to be a contradiction in your goals vs. solution.

    • You don't trust the server to not evesdrop
    • You're providing the server your decryption keys during login so that it can scan the files and generate metadata
    • You're trusting the server to forget the keys and the plaintext when the user logs out

    You'd be better off generating the metadata at the time of encryption on the user's workstation. Then upload the metadata plaintext along with the encrypted data. It's not future-proof, so choose your metadata carefully.

    To share the file, encrypt the keyfile with the recipient's public key and upload it.

    Never give the plaintext keyfile to the server.

Tags
cloud-computing file-encryption
Related questions and answers
  • would you protect the keyserver API secret key on the cloud? Note that our web application needs access to this secret key so that it can obtain per-user keys for encrypting and decrypting the user data... the fundamental question, as noted in one of the comments: how would you protect the keystore password on the cloud? We are designing a SAAS web application in the AWS public cloud, which will have many end users (scaling to millions). All user data will be encrypted on a per-user basis with standard encryption. The password-protected encryption keys will be stored on a remote secure keyserver, which

  • a (simple) web-form, maybe also a samba-share which is hidden behind a VPN. Since I want to access the data very sparsely, I would also prefer a system where the data is always encrypted and is decrypted only... of administration. After thinking about the problem some time I came up with the following idea: Encryption Encrypt the data using a random key and EncFS Encrypt the key using RSA and my public certificate... problems? How secure is .htaccess protection on a nginx web server? Are there ways to improve the part where I access the files? If there should be existing solutions to my problem I did not find, please

  • storage with encryption of every file. There is only one user, and all the data (and code) is stored on his local machine. User is able to import some files in and read the formerly imported ones.... The key that the whole system's security is based upon is that user's password is stored inside his head only, i. e. not reachable programmatically (unless there's keylogger, telepathic software... as plaintext just for a moments, while encryption (public) key can even be exposed to everyone. But in comparison with symmetric syphers, I still have one key to secure in RAM, and there's additional

  • on disk, but the daemon process must then have the key to decrypt that file. This seems equivalent to just having the shared secret key for the original encrypted data. My naive approach would...I would like to give a daemon-style process (i.e. no user interaction) access to a shared secret key so that it can access a shared, encrypted data file. User applications accessing the same... encryption of the data on disk is at most a nuisance to a determined attacker. We also allow users to run the query server locally (still started by init.d/launchd), so I want to do whatever I can

  • (PBKDF2_ALGORITHM); return skf.generateSecret(spec).getEncoded(); } Now my question is : How should the Keyed hashing for the password be implemented ? Based on my reading, this is my... of the key and a random bytes generated from a CSPRNG. [salt] = [secret key] + [random bytes from a CSPRNG] Finally, I will dare to ask a silly question (will dare to ask since high iteration count... of security through the Keyed hashing ? P.S: I am aware of the value that slow hashing algorithms add by reducing the possibility of passwords getting compromised through brute force attacks. Just want

  • vulnerability that an attacker could use to enter the host system but I guess this risk I will take. I am wondering if I imported my sensitive password safe files into my host system and later overwrite them using Eraser ( >30 Gutmann Passes) what a data forensic could do with the information he finds on my hard drive. I think he would see that there are some segments on the hard drive that have been overwritten. I have a second cloud account containing a keepassfile with non sensitive data prepared to feed to those people in that case. One problem I see is that the size of my keepassfile

  • )) I've done some of my homework and so far I have: Smart cards (Basic cards, JCOP JAVA cards). Pros - have protected storage, can run code. Cons - firmware limits, every card need separate reader. They are more like a mobile authentication method, that doesn't make sense in my case, because system will be stationary. Micro-controllers with embedded crypto features. Ex. http://www.atmel.com.... Device itself should be able to run program code of some kind and have some common connection interface (ex. usb). You must be able to burn code only once, or there must be assurance that no one can

  • ). I asked IS how I should implement the data sync on the new system. There response was to store my password in plain text on the publicly available laptop and use that to mount the samba share..." your machine can log keystrokes to learn passwords in either case. I am pretty sure this advice is just wrong. I work at a university and we use a single log on active directory set up. With the SSH key someone can get access to a single service on a single server, while my password will give them access to "everything". Is there a way to securely mount a samba share without making my password

  • I need your advice on the security of this design. I have a scenario whereby a server application and a smart card application need to share a value e.g. 52, which has been encoded in a long... it to the smart card. The question is what is the best way to authenticate the token. Here is what I came up with: We create a unique symmetric key (K) and store it securely in the server and the smart... and the smart card's secure element Transaction If a server needs to send an amount (v) to a smart card, It loads the S file and selects a nonce (n) i.e. n = S[0] It invalidates the nonce

Data information