3. What’s the problem?
- Store data from my computer(s) to untrusted machines
- aka backup to the cloud
- Sync and Share with friends
- Strong authenticated Encryption
- Encrypt content, directory and file names
- Encrypt directory structures and file sizes
- Simple to use
- Aluhut compatible
3
6. Amazon S3 SSE
- S3 + Server Side encryption
- User maintains all crypto keys
- s3put
- via TLS
- here is my data, and please encrypt with this key…
6
9. Déjà Dup
- Déjà Dup
Déjà Dup is a simple backup tool. It hides the complexity of backing up the
Right Way (encrypted, off-site, and regular) and uses duplicity as the backend.
Features:
• Support for local, remote, or cloud backup locations such as Google Drive
and Nextcloud
• Securely encrypts and compresses your data
• Incrementally backs up, letting you restore from any particular backup
• Schedules regular backups
• Integrates well into your GNOME desktop
9
https://launchpad.net/deja-dup
11. Restic - Backups done right
- Single go binary
- Backup to SFTP, REST, object stores (S3, B2, GC, Azure, … )
- Deduplication (Sliding Window with Rabin Fingerprints)
- AES-256 CTR, integrity by Poly1305-AES MAC
- Snapshots + Tags
- Simple setup, easy to use!
- Well documented!
11
https://restic.net
12. BorgBackup - Resistance is futile!
• Requires ssh target or Borg Server to host repository
• Encrypted: AES-256 CTR + HMAC-SHA256
• Follows the Horton Principle: A directed acyclic graph of
authentication from the manifest to the data chunks of individual files
• Deduplication over all client machines on same repo
• Compression (LZ4, zlib, LZMA, zstd)
• Mountable backups with FUSE
• Graphical Front End BorgWeb
• Well Documented
12 https://www.borgbackup.org
14. Backblaze
• Personal / Business Backup + Cheap cloud storage plans
• https://www.backblaze.com/blog/how-to-make-strong-
encryption-easy-to-use/
• AES-128 (2008)
14
15. Perkeep - "your personal storage system for life"
• Your data is entirely under your control
• Open Source
• Paranoid about privacy, everything private by default
• No SPOF: don't rely on any single party (including
yourself)
• Your data should be alive in 80 years, especially if you
are
• Append only blob store (max 16MB, content and data
blobs)
• Encryption: NaCl + Secretbox: XSalsa20 and
Poly1305
15
https://perkeep.org
18. tresorit
• Closed Source. Payed plans for individuals and busninesses
• “Swiss Privacy + EU data centers”. ISO 27001, GDPR,
HIPAA
• Zero knowledge, end-to-end encryption, client-side integrity
protection
• AES256 CFB, HMAC-SHA512
• https://tresorit.com/security/encryption
18
19. KBFS
- By keybase.io , very alpha, 250GB for free
- Public, signed directories for everyone in the world
- /keybase/public/yourname
- end-to-end encrypted folders
- /keybase/private/yourname
- /keybase/private/yourname,meatz@twitter,fnord
- Crypto algo galore https://keybase.io/docs/crypto/kbfs
19
20. Nextcloud
20
• 📱☁💻 A safe home for all your data – community-driven,
free & open source 👏
• enterprise-grade encryption features. recovery, audit, …
• Client: end-to-end. Enabled per folder. Encrypts content,
file names, directory structure. Shareable.
• Server side encryption. Per file keys, encrypted by server
wide or per user-keys. Encrypts content only.
Authenticated Encrypted.
• Whitepapers available
21. Seafile
- Fast and reliable sync & share
- Open Source: Community & Professional Editions
- Multiple storage backends: local, Ceph, Swift, S3
- Clients for all Major platforms
- Webdav Server
- Client side & storage backend encryption
- AES 256 CBC
- Weak crypto!
- PBKDF with only 1000 iterations
- Client: Only content is encrypted
- Server: all objects will be encrypted with the same global key/iv pair
21
https://www.seafile.com
22. S3QL
• https://bitbucket.org/nikratio/s3ql/
• Fuse file system over object stores
• supports hardlinks, symlinks, standard unix permissions, extended attributes
and file sizes up to 2 TB
• Metadata stored in SQLite object -> Only usable by one computer at a time
• Compression, deduplication
• Authenticated encryption: AES256 CTR + SHA256 HMAC
• Immutable Trees, Copy-on-write / snapshotting
• Considered stable and suitable for production use. Linux only
22
23. SAFE Network
• The SAFE network ultimately wants to
“create a secure, autonomous, data-centric,
peer-to-peer network as an alternative to
the current server-centric model.”
23 https://safenetwork.tech
24. Safecoin
• All public/published data on the Network
will be immutable and available on the
Network in perpetuity
• “Farming”. Earn Coins by providing storage
space, CPU, bandwidth, online time
• Earn coins by running Applications
• Spend coins for resource accesses
24
https://coinmarketcap.com / 2019-01-03
https://safenetwork.tech/fundamentals
25. Tahoe-LAFS
• Key:Value Store
• Encrypt, erasure code (3 out of 10, 7 for happyness),
distribute shares to servers
• AES, SHA256, RSA, Merkle Trees
• Capabilities for mutable and immutable files
• File System Layer + Application Layer
• REST API, SFTP, FTP, “Magic Folder”
25
https://tahoe-lafs.org/