Want to store your data to the cloud? This presentation gives an overview of multiple encrypted storage solutions.

1. Cloud Data Encryption
(Aluhut Edition)
flarp 2019/01 matthias@grawinkel.com / @meatz

2. 2

3. What’s the problem?
- Store data from my computer(s) to untrusted machines
- aka backup to the cloud
- Sync and Share with friends
- Strong authenticated Encryption
- Encrypt content, directory and file names
- Encrypt directory structures and file sizes
- Simple to use
- Aluhut compatible
3

4. Crypto Buzzwords
- AES (GCM, CTR, CBC, CFB, XTS, …)
- SHA-256 / SHA-512
- Blake2
- Merkle Trees
- HMAC
- PBKDF2
- XSalsa20Poly1305
- Authenticated Encryption?
4

5. Backups,
Object Stores

6. Amazon S3 SSE
- S3 + Server Side encryption
- User maintains all crypto keys
- s3put
- via TLS
- here is my data, and please encrypt with this key…
6

7. tarsnap
• https://www.tarsnap.com
• inventors of scrypt
7

8. Duplicity
- Encrypted bandwidth-efficient backup using the
rsync algorithm
- Traditional backup scheme: Full backup +
incremental
- GnuPG for encryption
8

9. Déjà Dup
- Déjà Dup
Déjà Dup is a simple backup tool. It hides the complexity of backing up the
Right Way (encrypted, off-site, and regular) and uses duplicity as the backend.
Features:
• Support for local, remote, or cloud backup locations such as Google Drive
and Nextcloud
• Securely encrypts and compresses your data
• Incrementally backs up, letting you restore from any particular backup
• Schedules regular backups
• Integrates well into your GNOME desktop
9
https://launchpad.net/deja-dup

10. Duplicati
- Inspired by duplicity. Rewrite in 2008.
- AES-256
10 https://www.duplicati.com

11. Restic - Backups done right
- Single go binary
- Backup to SFTP, REST, object stores (S3, B2, GC, Azure, … )
- Deduplication (Sliding Window with Rabin Fingerprints)
- AES-256 CTR, integrity by Poly1305-AES MAC
- Snapshots + Tags
- Simple setup, easy to use!
- Well documented!
11
https://restic.net

12. BorgBackup - Resistance is futile!
• Requires ssh target or Borg Server to host repository
• Encrypted: AES-256 CTR + HMAC-SHA256
• Follows the Horton Principle: A directed acyclic graph of
authentication from the manifest to the data chunks of individual files
• Deduplication over all client machines on same repo
• Compression (LZ4, zlib, LZMA, zstd)
• Mountable backups with FUSE
• Graphical Front End BorgWeb
• Well Documented
12 https://www.borgbackup.org

13. Arq Backup
• Closed source. macOS + Windows.
• Versioned file backups
• Bring-your-own-storage (sftp, *cloud drives, S3, …)
• https://www.arqbackup.com/arq_data_format.txt
• AES256/CBC
13
https://www.arqbackup.com

14. Backblaze
• Personal / Business Backup + Cheap cloud storage plans
• https://www.backblaze.com/blog/how-to-make-strong-
encryption-easy-to-use/
• AES-128 (2008)
14

15. Perkeep - "your personal storage system for life"
• Your data is entirely under your control
• Open Source
• Paranoid about privacy, everything private by default
• No SPOF: don't rely on any single party (including
yourself)
• Your data should be alive in 80 years, especially if you
are
• Append only blob store (max 16MB, content and data
blobs)
• Encryption: NaCl + Secretbox: XSalsa20 and
Poly1305
15
https://perkeep.org

16. Sync & Share

17. BDrive - Sync & Share
• Bundesdruckerei - Cloud Computing „Made in Germany“
• BSI zertifiziert: CC EAL 4+
• CloudRAID (erasure coded to multiple clouds)
• End-to-end encryption
• Multi-factor auth. Identity Management by
Bundesdruckerei
• Certificate galore
17

18. tresorit
• Closed Source. Payed plans for individuals and busninesses
• “Swiss Privacy + EU data centers”. ISO 27001, GDPR,
HIPAA
• Zero knowledge, end-to-end encryption, client-side integrity
protection
• AES256 CFB, HMAC-SHA512
• https://tresorit.com/security/encryption
18

19. KBFS
- By keybase.io , very alpha, 250GB for free
- Public, signed directories for everyone in the world
- /keybase/public/yourname
- end-to-end encrypted folders
- /keybase/private/yourname
- /keybase/private/yourname,meatz@twitter,fnord
- Crypto algo galore https://keybase.io/docs/crypto/kbfs
19

20. Nextcloud
20
• 📱☁💻 A safe home for all your data – community-driven,
free & open source 👏
• enterprise-grade encryption features. recovery, audit, …
• Client: end-to-end. Enabled per folder. Encrypts content,
file names, directory structure. Shareable.
• Server side encryption. Per file keys, encrypted by server
wide or per user-keys. Encrypts content only.
Authenticated Encrypted.
• Whitepapers available

21. Seafile
- Fast and reliable sync & share
- Open Source: Community & Professional Editions
- Multiple storage backends: local, Ceph, Swift, S3
- Clients for all Major platforms
- Webdav Server
- Client side & storage backend encryption
- AES 256 CBC
- Weak crypto!
- PBKDF with only 1000 iterations
- Client: Only content is encrypted
- Server: all objects will be encrypted with the same global key/iv pair
21
https://www.seafile.com

22. S3QL
• https://bitbucket.org/nikratio/s3ql/
• Fuse file system over object stores
• supports hardlinks, symlinks, standard unix permissions, extended attributes
and file sizes up to 2 TB
• Metadata stored in SQLite object -> Only usable by one computer at a time
• Compression, deduplication
• Authenticated encryption: AES256 CTR + SHA256 HMAC
• Immutable Trees, Copy-on-write / snapshotting
• Considered stable and suitable for production use. Linux only
22

23. SAFE Network
• The SAFE network ultimately wants to
“create a secure, autonomous, data-centric,
peer-to-peer network as an alternative to
the current server-centric model.”
23 https://safenetwork.tech

24. Safecoin
• All public/published data on the Network
will be immutable and available on the
Network in perpetuity
• “Farming”. Earn Coins by providing storage
space, CPU, bandwidth, online time
• Earn coins by running Applications
• Spend coins for resource accesses
24
https://coinmarketcap.com / 2019-01-03
https://safenetwork.tech/fundamentals

25. Tahoe-LAFS
• Key:Value Store
• Encrypt, erasure code (3 out of 10, 7 for happyness),
distribute shares to servers
• AES, SHA256, RSA, Merkle Trees
• Capabilities for mutable and immutable files
• File System Layer + Application Layer
• REST API, SFTP, FTP, “Magic Folder”
25
https://tahoe-lafs.org/

26. Tahoe-LAFS
26
https://tahoe-lafs.readthedocs.io/en/tahoe-lafs-1.12.1/about.html#what-is-provider-independent-security

27. MEGA
- Closed Source. Privacy by design.
- Master key, AES-CBC, per file keys
- public file and folder links
- Cheap! 1TB / 9,99EUR/month, 4TB 19,99EUR/month
- https://mega.nz/SecurityWhitepaper.pdf
27

28. Cryptomator + Cloud Storage
- Open Source
- Webdav Server + Crypto Engine for Linux, macOs, Windows
- iOS + Android
- Encrypts Data, Filenames (AES-CTR)
28 http://cryptomator.org/de/security/architecture/

29. BoxCryptor + Cloud Storage
- Proprietary alternative to Cryptomator
- “Dropbox premier partner”
29
https://www.boxcryptor.com/de/

30. Crypto Layer + Cloud Storage
30
https://www.cryfs.org

31. git-based

32. git-secret
- gpg encryption for files
- git secret init
- git secret add <file>
- git secret tell <email>
- git secret killperson <email>
- git-secret-diff helper tool
32
http://git-secret.io

33. git-remote-gcrypt
- PGP-encrypted git remotes
- https://git.spwhitton.name/git-remote-gcrypt/
- git-annex encryption
- https://git-annex.branchable.com/tips/
fully_encrypted_git_repositories_with_gcrypt/#index5h2
33

34. Sparkle Share
- “inotify-git wrapper”
- https://www.sparkleshare.org
- https://github.com/hbons/SparkleShare/wiki/Client-Side-Encryption
- OpenSSL’s AES-256-CBC
- Only encrypts contents, not file names
34

35. Misc

36. dump
- spideroak - commercial, sync & share, backups
- Librevault - “Open source zero-knowledge peer-2-peer file
sync” - alpha, discontinued.
- RetroShare - a Free and Open Source cross-platform,
Friend-2-Friend and secure decentralised communication
platform.
- …
36

37. 37 https://xkcd.com/538/

38. 38

39. Questions?
Stories to share?
Food & Beer?!!
Slides & Feedback: matthias@grawinkel.com