Cloud Puzzle Lock is a new secure way to store and share files using cloud drives. It splits files into encrypted puzzle pieces that are distributed across multiple cloud drives. This makes the files much more secure against hacking or surveillance, as an attacker would need to compromise all of the cloud drives to reconstruct the file. The system aims to provide government agencies and companies with an easy yet highly secure method of accessing and sharing files remotely.
1. Cloud Puzzle Lock
Senad ARUCH
SENIOR SECURITY SPECIALIST
Communication Valley - Reply
Davide Cioccia
Nicola Gobbo
Alessandra Pranzo
2. 2
Why we are using the cloud drive services?
• always online, backup, redundancy.
• possibility to share files in faster way
• more space than classic email services
• flexibility and easy share
3. 3
What we store in this cloud drives?
• to store our documents, photos and other files
• to backup our mobile devices
• to share our company documents
• for online backup
and more …
4. 4
How we protect our files:
• Encryptions.
• Hiding somewhere
• Password protection.
5. 5
How secure is this cloud drive?
• username and password
• some of them offers 2 way authentication
• some of them are encrypted
8. 8
Why we build and our aim here….
Cloud Puzzle Lock helps users to use the cloud drives in
more secure way. NSA interceptions and industrial
espionage is main risk against todays privacy and
integrity. The biggest challenge in this project is to use
the technology that we have in our hands.
Why?
CPL use more than four security levels distributed
around the globe. Every file that users upload using the
CPL solution will became a real puzzle with multiple
encryptions.
How?
9. 9
Why we build and our aim here….
How it works?
When we request a file stored on distributed system the CPL with collect the puzzles,
decrypt and build the whole puzzle “file” for us in full automatic way. CPL is also capable
to use Two-‐man rule to encrypt and distribute a confidential data.
How secure is?
CPL security will be very hard to crack because all
well know cloud drives like DropBox and
GoogleDrive uses a two-‐way authentication. And
the attacker must hack all four cloud drives to
retrieve the all encrypted puzzle pieces. This is like
impossible.
10. 10
Why we build and our aim here….
Who is the target?
CPL can be sold like service or like appliance with preinstalled CPL based on Hadoop
clusters distributed around the globe for Government, Intelligence agencies and big
companies where they need to access and share files in easy and secure way.
…but why not you?
11. 11
More than one person encryption and decryption NATO standard.
How secure you want to make
your files?
The two-‐man rule is a control
mechanism designed to achieve a
high level of security for especially
critical material or operations.
Under this rule all access and actions requires the presence of two authorized people at
all times.
For Cloud Puzzle Lock this is the minimum. It can simulate the N-‐man rule option to
grant more protection. If you want, you can open the file only if you have all people
acknowledgement.
12. 12
Classic Way of stored files in the cloud drives.
The risk in this case is that the files are in
WHOLE so if your login details get
compromised you files are accessible.
secret.pdf
10.MB
File Browser:
13. 13
Classic Way of stored files in the cloud drives.
Even if your files are encrypted they are not
in safe because of the NSA, we all know that
NSA can crack any type of encryption.
secret.pdf.gpg
10.MB
File Browser:
14. 14
Classic Way of stored files in the cloud drives.
Without the Cloud Puzzle Lock the file
structure is like this.
secret.pdf
10.MB
File Browser:
prototype.pdf
6.MB
Plan.docx
2.MB
15. 15
Cloud Puzzle Lock way of stored files in the cloud drives: process.
secret.pdf
10.MB
secret.pdf.pl4
2.5MB
secret.pdf.pl2
2.5MB
secret.pdf.pl3
2.5MB
secret.pdf.pl1
2.5MB
C.panel
secret.pdf
10.MB
secret.pdf.p1
2.5MB
secret.pdf.p4
2.5MB
secret.pdf.p3
2.5MB
secret.pdf.p2
2.5MB
drag&drop
Splitting the file
multiple to how
many cloud
drives user have.
secret.pdf.pl4
2.5MB
secret.pdf.pl2
2.5MB
secret.pdf.pl3
2.5MB
secret.pdf.pl1
2.5MB
Encrypting the
puzzle piece with
1th private PGP key
Encrypting the
puzzle piece with
4th private PGP
keyEncrypting the
puzzle piece with
3th private PGP key
Encrypting the puzzle
piece with 2nd private
PGP key
1
2
3
3
3
3
4
4
4 4
17. 17
…and in your private FTP Server
FTP server
You can store one puzzle piece
in your private FTP Server.
With this solution no-‐one who hack your cloud repository
can rebuild your private file.
There is only one-‐way: Hack your private FTP Server
18. 18
Puzzle lock is a new way to store and share your
TOP Secret files with unique technology against the
interceptions.
The system uses the storage and computing power
of the well knows cloud drive providers.
The system is splitting the files to a puzzle on the
cloud drives its like a HDFS from Hadoop.
Every puzzle piece is encrypted with different private key
Every puzzle piece is stored on separated cloud drive
But you will see one file&one drive