2. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Introduction
Data leakage (data theft or losing data) is a huge problem these days according to a study commissioned
by Cisco[1]
. 70% of the IT professionals believe that “Unauthorized application use” like Dropbox or
Google Drive is the culprit of data loss incidents. Systems for enterprise file share & sync should answer
to two major requirements in order to be useful, User-friendliness combined with top-notch security.
This is a combination of requirements in which Storgrid Excels.
A user is not aware when a file is encrypted, because the Storgrid client handles this automatically on a
mobile device. However, on a workstation (e.g. a MacBook), it is indicated with the “.sef” (Storgrid
Encrypted File) extension. And can be easily decrypted by either double clicking on the file or using file
context menu decrypt function (select file and right mouse click). No extra software needs to be
installed, a backup of the encryption keys is not needed on the client, it is all part of the integrated
Storgrid solution.
Architecture
In Figure 1 you can see how encryption is implemented in Storgrid. In the next paragraphs we will go
into more detail how encryption globally works. Attribute-based encryption (ABE) is a type of public-key
encryption in which the secret key of a user and the cipher text are dependent upon attributes and
provides the fine-grained access control for the corporate data. ABE is used when files are shared with
users and pushed to endpoints.
Figure 1 Storgrid Architecture
3. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Encryption
Storgrid secures all possible layers that could be responsible for data leakage:
• End-Point Encryption
• In-Transit Encryption
• Server Side Encryption
Storgrid makes use of the latest encryption standards including Elliptic Curve Cryptography (ECC) and
256 Bit Advanced Encryption Standard (AES) encryption. ECC is currently considered the strongest and
most efficient public-key encryption method according to NIST (see FIPS186-4)
End-Point Encryption
In Storgrid you can share files with people, in a secure and efficient way using end-point encryption,
which in turn makes use of Attribute Based Encryption (ABE). ABE is simply a way to control access to
data in a secure way using attributes stored in cryptographic keys. Storgrid uses a hybrid encryption
system i.e. a combination of public key ABE encryption and fast AES encryption in order to enhance the
efficiency of securing large amount of data.
When endpoint encryption is enabled, the server generates a master key and it generates a private key
for each registered user. Also a so called key set is generated (every time a user logs in), the key set
basically contains several cryptographic keys which are needed to decrypt and encrypt endpoint files.
When a client logs in, the key set will be sent to the Storgrid client. The master key and the private key
of the user are used to encrypt files on the server before they are sent to the Storgrid client.
On mobile devices (iOS/Android) Storgrid uses a modified SmartOffice (SmartOffice from Artifex is
basically an advanced app to edit Microsoft Office Documents) version which will encrypt/decrypt a file
in a sandbox. When using End-Point encryption a PIN code is mandatory in the Storgrid client app, when
you are working offline the application checks the validity period of the keys. The keys are only valid for
a certain amount of time before they should be renewed.
The keys are stored in the internal Storgrid database, and it is important to keep a recent backup of the
database, so one can easily recover from an incident. In Figure 2 you can see how a mobile client
handles endpoint encryption. Consult the Storgrid manual regarding the backup details.
4. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Figure 2 End-Point Encryption
Simplified details:
1. User logins on Storgrid server;
2. Server verifies credentials;
3. Server sends key set (The key set contains user group- and sharing attribute keys);
4. User edits file from SmartOffice (Storgrid Client decrypts/encrypts file when open/save);
5. Client pushes encrypted file to server;
6. Server decrypts file.
In Transit Encryption
Data that is travelling from the end point to the Storgrid server is encrypted using Transport Layer
Security (TLS). Storgrid delivers it by default with the Apache webserver but it also runs in combination
with NGINX. NGINX has a lot additional security features, e.g. TLS Certificate Status Request extension,
Forward Secrecy & Diffie Hellman Ephemeral Parameters and TLSv1.2 among others.
Server Side Encryption (At rest)
With Storgrid it is also possible to encrypt the files on disk, a Storgrid server has one or several storages.
These storages can be connected to e.g. a file server, when server side encryption is enabled all these
files will be encrypted using AES-256. The keys are constantly renewed and thus all the files will be
regularly encrypted using random AES-256 keys. The keys are stored in a password protected JKS (JAVA
Key Store) file and are automatically backed up to the main file storage, so in case of an incident the
system administrator can easily restore the keys.
When the physical storage is stolen it is not possible to decrypt the data without having the proper
decryption keys and password. During the storage encryption process, users can continue to work with
the Storgrid server.
In Figure 3, on the next page, the total encryption process is shown from endpoint encryption to server
side encryption.
5. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Figure 3 Endpoint- and server side encryption
Flow Details:
1. User logins on Storgrid server;
2. Server verifies credentials;
3. Server sends key set (The key set contains user group- and sharing attribute keys);
4. User opens file, the server decrypts file from Storage using Server Side Keys;
5. Server encrypts for endpoint usage;
6. File is opened in SmartOffice (Storgrid client Decrypts/Encrypts file);
7. File is pushed to server in encrypted form;
8. Server decrypts file;
9. Server selects random key from database;
10. File is encrypted using selected key;
11. Encrypted file is stored on storage.
6. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Security
Encryption is only part of a secure implementation. Storgrid focuses on the most important security
issues.
Storgrid currently supports the following security features:
1. Advanced password requirements
2. Auto Block IP address
3. Multi Factor Authentication (MFA)
4. Only allow whitelisted devices
5. PIN Code on mobile devices
6. Remote Wipe
7. Restrict Access jail broken mobile devices
8. Server Policies
9. Session tokens on clients (instead of username and password)
Advanced password requirements
The Storgrid server has the ability to enforce a password policy, therefor it is possible to align it with
company policy.
Auto Block IP Address
Storgrid has a fully configurable IP blocker, which by default blocks 5 failed login attempts with the same
username from a certain IP address for 5 minutes. The blocking time will increase when the failed
attempts also increase. This is very useful e.g. if botnets are trying to brute force crack the passwords.
Multi Factor Authentication
Storgrid fully supports the use of external authenticator like the Google authenticator, therefor at least
two credentials are needed, one password and one randomly generated token.
Only allow whitelisted devices
You can configure to only allow certain devices to connect to your domain. This is useful if you need an
isolated domain with specific confidential data.
PIN Code on mobile devices
The mobile Storgrid client can be protected using a PIN code. When using Endpoint encryption this is
mandatory, a PIN code can also be enforced using a domain setting.
Remote wipe
When a device is stolen or an employee is no longer working for your company, the device can easily be
wiped using the interface of the domain manager.
Restrict Access jail broken devices
If a company prefers to solely have NON jail broken devices to connect, this can be configured per
domain.
7. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Server policies
Storgrid has a lot of server policies that you can configure per domain which helps in securing your
server. These policies can be set in such a way that they follow company policy.
Currently Storgrid server supports the following policies:
• Encryption on clients
• Share
• Share to external
• SmartOffice usage on clients
• Synchronize android
• Synchronize iOS client
• Third party usage on android
• Third party usage on iOS
• Third party usage on java desktop
• Third party usage on OS X client
• Third party usage on windows desktop
• Use android client
• Use iOS client
• Use java desktop client
• Use OS X client
• Use web client
• Use WebDAV
• Use windows desktop client
E.g. an organisation may choose to not allow to open encrypted documents on your mobile device with
disabling “Third party usage on iOS”. This policy simply disables the possibility to open a document on
an iPhone or iPad in another editor, other then SmartOffice. Consult the Storgrid manual for the details
and an up to date list.
Session tokens on clients
Storgrid does not store usernames and passwords on the client, instead it uses a token. By using tokens
an attacker cannot extract your password.
8. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Common attacks and mitigations
• Brute-force attacks
• Data leakage or theft of endpoint/server
• Ransomware
Brute-force attacks
The most common attack is a password dictionary attack, which is done by a piece of software that tries
out many possibilities based upon dictionaries in order to guess the password of a user. Other methods
include crypto analytic attacks, which forcefully find the key to decrypt the files on an endpoint.
Multi Factor Authentication solves the password dictionary attack in most cases. Since you need to have
both the password and the login token at a certain moment. Which makes it harder to acquire both
information.
The crypto analytic attack is close to impossible because we use the latest encryption standards. On top
of this Storgrid can easily change encryption parameters (like key strength) where needed to minimize
these risks.
Another attack vector could be the PIN Code. But the PIN code is limited to 5 tries. After these failed
attempts the user will be locked out and will need to enter the credentials again.
Data leakage or theft of endpoint/server
There could be scenarios where malicious individuals could capture sensitive information from an
organisation. This could be done by either capturing an endpoint or storage (which is less likely).
Another option could be that an employee leaks data by opening a sensitive document in a third party
application on a mobile device. In this case the data leaves the secure environment of Storgrid and it is
leaked to another application.
To minimise data leakage, Storgrid has endpoint encryption in place, as soon as a device is missing or
stolen an organisation can simply deactivate and remotely wipe a device. Additionally, a PIN code is
mandatory, so the data is protected and can not be accessed without this code. Furthermore, there are
policies to prevent users from opening documents in a third party application, e.g. Pages on the iPhone.
When storage is physically compromised, the data cannot be opened without having the proper
encryption keys. The data is encrypted with a 256 Bit AES (AES is included in the ISO/IEC 18033-3
standard) key, it is currently considered one of the most secure and strong encryption standards used
world wide. Endpoint encryption uses a combination of ABE based on ECC and AES-256.
9. W WWW.STORGRID.COM E INFO@STORGRID.COM
Technical White Paper
Ransomware
Ransomware is a type of malware that restricts access to the infected computer system in some way,
and demands that the user pay a ransom to the malware operators to remove the restriction. Some
forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or
impossible to decrypt without paying the ransom for the encryption key, while some may simply lock
the system and display messages intended to coax the user into paying. Ransomware typically
propagates as a trojan, whose payload is disguised as a seemingly legitimate file.[2]
Ransomware aims in most cases at documents, e.g. Microsoft Office documents, to mitigate these kind
of issues, Storgrid has Endpoint encryption in place. This way the malware is not aware that the file is a
document for example, unless first decrypted.
In the latter case where a document might get decrypted and infected, it is possible to revert to a
previous version in Storgrid, thanks to version management. But it is always recommended to install a
virus scanner on all types of workstations (Windows, OSX and Linux) and additionally have a good
backup in place.
As an extra line of defence, Storgrid detects when a lot of files suddenly change, in most cases this
deviates from the ordinary and therefore a notification will be sent to the administrator and the device
in question will be locked.
References:
1. http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-
prevention/white_paper_c11-499060.html
2. https://en.wikipedia.org/wiki/Ransomware