Nowadays most of cloud storage practices are to let user upload the file to the server and then encrypt it through server, but it makes so many people feel not peace of mind.
Some user may use third-party encryption system to encrypt the data before uploading.
In this section, we divided the related work into two parts. The first part we will introduce the security of some famous cloud storage services. Second, we choose an encryption system which called SecretSync to introduce, this encryption system for user to encrypt data before uploading to the cloud storage.
2.4.1 Cloud storage
In this phase, we choose three famous cloud storage services to describe the security in their storage space. These cloud storage services we choose in this phase are Dropbox, Sugarsync and ASUS Webstorage.
Dropbox [17] is the most famous cloud storage service and it uses Amazon S3 for data storage. They encrypted the files by using AES 256 bits after files are uploaded, and the encryption keys are managed by them. Dropbox also against network security issues such as Distributed Denial of Service attacks (DDoS)[18], Man-in-the-Middle attacks (MITM)[19], and sniffing [20]. The user sends files from client to server are using 256 bits SSL encryption. Most employees in the Dropbox are prohibited from viewing the contents of the files, they are only permitted to view file metadata, only a small number of employees could access the file for the reason which stated in their privacy policy.
Sugarsync [21] is the support of the most complete cloud storage because it supports
many mobile devices for using. The file sends between client and server are using TLS (Transport Layer Security) encryption. TLS is the successor to SSL v3.0 and both industry standard cryptographic protocols for secure Web communications. The file which storage in the SugarSync is encrypted with AES 128 bits encryption. They not only just provide backup the file but also sync the file between the different devices, and they also use Amazon S3 for data storage.
The file which stored in ASUS WebStorage [22] encrypted with AES to protect the file, and they also provide SSL encryption to protect user’s information. In addition, they use One-Time-Password (OTP) [23] mechanism for paid user to strengthen of logging. The user who is eligible to use OTP authentication could download the application in mobile phone. The OTP authentication is activated through mobile phone without the need of a computer. It randomly generated 6-digit dynamic security code every 30 seconds and can only be used once making it impossible for hackers to steal any personal data stored within the cloud service.
Unfortunately, some of the cloud storage service do not proposed any encryption way to protect the file, so it could produce significant harm of data security. What we can do is to encrypt data with third-party encryption system.
2.4.2 SecretSync
The SecretSync [24] is a third-party encryption system to encrypt data before upload to the cloud. It encrypted the file with AES 256 bits, the encryption key mixed the password which the user inputs when installing the system.
The figure 2.4.2 shows the procedure.
Figure 2-7 SecretSync Encryption System
1. When installation processing, it asks the user to provide the cloud storage path to sync the encrypted data and also ask for a password to create the AES key which only for user.
2. After installing the SecretSync system then the computer creates a SecretSync folder to let user put the file into this folder.
3. The file which stored into SecretSync folder would be encrypted with AES encryption algorithm, and then it syncs the encrypted file to the specific storage path which is cloud storage path such as Dropbox. So if the user accesses the file in cloud storage folder directly, then the file contents is garbled. Only the files which stored in SecretSync are original.
4. If the user wants to access the file on another computer, he/she has to install the system again and produce the same AES key to decrypt the file. Then the encrypted file would sync to the SecretSync folder and decrypt it for user to access the original contents.
In this section we focus on the famous cloud storage and introduce each one of security. We found that most of the cloud storage encrypted the file in the server after the user uploading; this way represents the decryption keys are managed by the service provider. Although the service provider states that prohibits their employees viewing the file in the privacy policy, we could not ensure it in some special situation.
All we can protect is using third-party encryption system to encrypt the file before uploading to the cloud storage, but we found that most of encryption system such as SecretSync can only store the decryption key in the computer. It is so inconvenience if we want to access the encrypted files on different computer because we have to install the application again and create the same decryption key as like original computer. The key also could be stole by someone if the computer is public.
Chapter 3 System Architecture
In this thesis, we propose an integrated service to let user can protect their file and store in the reliable storage space. In order to protect the files to be secure, we provide an encryption system to encrypt files before uploading and manage uploaded files in convenient way; the application encodes the decryption key into a QR Code for flexible and portable, it can be a photograph stored in smartphone or an image stored in flash drive; the back-end storage server which store the uploaded files combines other cloud storage as backup storage to let our service be reliable.
Our system is composed of three parts: client-side application named SSGuard, processing server named SSManager and many storage servers named SSCoffers. The SSGuard provides the functionalities for users to encrypt file before uploading, manage their uploaded files and share secure files with other users or groups. The SSManager is in charge of storing user’s information which included user account, public key and uploaded file’s information (timestamp, stored storage IP and encrypted AES key), and also processes the requests which send by the users. It also can encrypt file before uploading to the Storage server, it will describe in 3.3.5. The SSCoffers are in charge of storing encrypted files, the way how the files are stored will describe in 3.2.