Browse Prior Art Database

Cloud file syncing encryption system

IP.com Disclosure Number: IPCOM000239206D
Publication Date: 2014-Oct-20
Document File: 8 page(s) / 119K

Publishing Venue

The IP.com Prior Art Database

Abstract

This publication describes an encryption system for a file syncing system (a “cloud”) allowing sharing and access from different apps, protocoles and devices.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 32% of the total text.

Page 01 of 8

Cloud file syncing encryption system

Linux Defenders October 1, 2014

Abstract

  This publication describes an encryption system for a file syncing system (a "cloud") allowing sharing and access from different apps, protocoles and devices.

Keywords. encryption - cloud - data - syncing -

Introduction

File storage services ("cloud services") offered to the public are mainstream. Many users store sensitive or confidential material on these spaces, and em- ployees have also integrated these services in their workfLow to store and share business data. In order to increase the confidentiality of such data, encryption is needed.

However, encryption can be difficult to achieve in a system where

• data can be shared among several users of the same system • data can be made accessible to third-parties • data can be accessed from different apps, using different protocoles (e.g. WebDAV).

This publication describes the encryption system implemented in ownCloud1, a cloud file storage and syncing system.

1http://owncloud.org/

The encryption system was announced Schießle (2013) and is accessible publicly online at https://github.com/owncloud/core/tree/master/apps/files_encryption

1


Page 02 of 8

The system described in this publication covers an encryption system that is mainly server-side. That is especially interesting for cloud storage using multiple storage providers including services offered to the public. Combining the external storage app with the encryption system enables users to use external storage without giving any third-party provider access to their data.

The system could also be extended so that some encryption is made client- side.

Description of the system

A user of a file-syncing server uploads a file to such server, which stores it directly on the server or at an external storage space, e.g. provided by a public cloud service.

The server then relies on an encryption library, e.g. openSSL, to encrypt the file to store or to decrypt the stored file.

Keys

Encryption keys stored in ownCloud

 Stored keys in ownCloud (stored in user/data/files_encryption)

    Per-User Keys (generated during first log-in)

Share Keys

(every user has a share key for every file he has access to)

Encrypted file-key

(every file has exactly one)

Per-File Keys

Private Key

(Stored encrypted with the users login password)

Public Key

Figure 1: Keys stored


• The server generates a private/public key pair for each user.

All keys are stored on the server. Each user has a private and a public key. The private key is encrypted with each user's login password, so that the server can decrypt the private key during login.


• For each file stored by the server, the server generates one file-key.

Instead of encrypting the file directly, the system uses a file-key which is a 256 bit strong random passphrase. This key is used to encrypt and

2


Page 03 of 8

decrypt the user's files. The file-key again is encrypted with the public keys of all users with access to the file....