the_simple_computer

Behind the Curtain of Encrypted Cloud Storage

Page 2


This site is no longer being maintained so anything below could still be accurate, or very outdated.


Bitcasa Comodo Cloud Cubby CX.com Cyphertite Dropbox ElephantDrive iDrive Memopal Mozy MyOtherDrive OwnCloud Senditonthenet SpiderOak SugarSync Symform Syncplicity TeamDrive TitanFile Wuala ZenOK

OpenDrive

https://www.opendrive.com

Account activation by emailed link: No

At-rest encryption: "Our own custom encryption", server side.

Can view recent account activity from web interface: No

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: Unknown

File size limit: 100 MB

Free account expiration due to inactivity: 90 days

Free account storage size: 5 GB

Info present in public links: User name and file name & size.

Location: Offices in Palo Alto, California. United States.

Platforms: Android, iOS, OS X, Windows.

Two-factor authentication: No

Software version used: 1.5.0.6

Extras of interest: Set folder/file access permissions, HIPAA compliant, 500 MB/referral.


OpenDrive's client software is very easy to use and the menu systems give you what you need with the least amount of effort to do it. Through the client program you set backup/sync times, file types and locations and you can stream stream audio and video. Then you get a right-click menu for adding files and folders outside of those parameters.


One issue though, OpenDrive creates a system folder entry in My Computer but the drive didn't open for me. I got an error saying to check the internet connection or firewall settings. Strange, since the test machine was using 100% default settings in Windows 7′s networking and security center, and router settings have never given issues with anything in the past...ever. I was otherwise able to use OpenDrive normally and since it's beyond the scope of this writing, I didn't look into it further.


So for encryption, OpenDrive's site says they use some concoction of their own and they did not reply to any inquiries. The activity logs, IP management and theme branding are not available with the free edition and to close an OpenDrive account, you must submit a support ticket through their forums.




OwnCloud

https://www.owncloud.com

Account activation by emailed link: n/a

At-rest encryption: 448-bit Blowfish, server side.

Can view recent account activity from web interface: Yes

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: No

File size limit: n/a

Free account expiration due to inactivity: n/a

Free account storage size: n/a

Info present in public links: User name and file name & size.

Location: Offices in Palo Alto, California. United States.

Platforms: Android, iOS, Linux, OS X, Windows.

Two-factor authentication: No

Software version used: n/a

Extras of interest: Open source.


OwnCloud has a few key points of uniqueness warranting merit. It's fully open source, created by a KDE developer and though there are paid services which use OwnCloud as the interface, you can actually create your own cloud server on your own hardware to use all for yourself. Startup companies in southern California need not apply.


This means that yes, the OwnCloud software encrypts and decrypts server side, but that's not such a bad thing when the server is located in your basement, buried under empty juice boxes and furiously duck-taped to a cinder block. To access your cloud from other devices, you use the OwnCloud client program and from there it's intended to operate like most other services with sharing, sycning and backup. The storage providers listed by OwnCloud don't offer free accounts and I didn't set up my own server so OwnCloud is the only service in this study I did not try myself. There is a demo which runs in a web browser to see how the client software functions.


* * * * *

A perfect example of how code review is changing OwnCloud for the better comes from a Swiss university professor and cryptographer named Pascal Junod. In May 2012, Junod analyzed OwnCloud's source code and found a number of extremely unsatisfactory things, most notably:


  1. The user's encryption key is stored as plaintext in unencrypted session data, server-side.
  2. OwnCloud uses mt_rand, a PHP pseudo-random number generator. This means the Mersenne Twister algorithm also applied, but Mersenne Twister is considered unsuitable for cryptography due to mathematically predictable number iterations and the low entropy it generates.
  3. The password encrypting a user's encryption key file is transmitted in plaintext between client and server.

OwnCloud responded on Pascal's blog saying that OwnCloud version 5 will receive an overhaul. Encryption duties will be moved to the client software and OpenSSL will replace Mersenne Twister. OwnCloud 5 is scheduled for release in January 2013.





Senditonthenet

https://www.senditonthenet.com

Account activation by emailed link: Yes

At-rest encryption: 256-bit AES, client-side.

Can view recent account activity from web interface: Sent/received, IP addresses of prev. access.

Client automatically updates: n/a

Client proxy support: n/a

File name and metadata encryption: No

File size limit: 80 MB

Free account expiration due to inactivity: No

Free account storage size: n/a

Info present in public links: n/a

Location: Offices and servers in Manchester, United Kingdom.

Platforms: See below.

Two-factor authentication: No

Software version used: n/a

Extras of interest: Web based, requires Flash, HTML5, open code.


Senditonthenet comes to us from a small UK company who emphasizes transparency and confidentiality. However, Senditonthenet must first be dialed into perspective—it's primary purpose is transporting encrypted files between recipients. You can enter messages to accompany your packages and the text is unencrypted, but it's still sent over HTTPS. You can not store files in an account and you can't share like with most other services. You can only send files to users in your contact lists because without a Senditonthenet account, your recipients won't have your public key. After activating your account, you receive an email at the confirmation address with your public key as an attachment.


Senditonthenet really excels with putting their info out for analysis. Their security information is outlined in a single, concise and easy-to-digest page of their website. Account authentication, key generation and storage, descriptive processes; it's like they read my mind for what I'd be asking. Senditonthenet uses the Stanford JavaScript cryptographic library for RSA, AES and SHA2 generators. They even give you some basic pointers on auditing their code.


* * * * *

There were a few additional things I learned from email inquiries which were answered quickly, fully and informatively. Internet Explorer users should know that Senditonthenet uses HTML5 WebWorkers and the HTML5 File API so it will not immediately work in IE. There is an IE plugin called Google Chrome Frame, which runs Chromium's Webkit and V8 JavaScript engine in IE. However, V8 is only available for Windows in x86 so you'll only be able to use Senditonthenet in 32-bit Internet Explorer.


Senditonthenet genuinely and pleasantly surprised me. While it does have limitations and it's no replacement for any other service in this list, it's a valuable tool in its own right. I wanted to include it here because with Senditonthenet, you get secure file sharing through a verifiable code base entirely accessible with only a web browser.




SpiderOak

https://www.spideroak.com

Account activation by emailed link: Yes

At-rest encryption: 256-bit AES, client-side.

Can view recent account activity from web interface: Yes

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: Yes

File size limit: No

Free account expiration due to inactivity: No

Free account storage size: 2 GB

Info present in public links: User name, file name & size, date modified.

Location: Offices and servers in Northbrook (Chicago) Illinois, United States.

Platforms: Android, iOS, Linux, OS X, Maemo (Nokia N900), Windows.

Two-factor authentication: Yes

Software version used: 2.1.8.0

Extras of interest: Zero-Knowledge storage, Blackberry and Windows mobile support in development, HIPAA compliant.


SpiderOak is usually one of the first names that comes up when someone asks about secure cloud alternatives to the big names. It stands high on the shoulders of most other services because of their client-side encryption and personal key management. I had high hopes for SpiderOak's documentation containing thorough information for me to devour, especially a layout of their "nested system of many small scoped encryption keys".


Take a look here (see encryption specifications); AES, RSA, PBKDF2, round counts, salt length. Looks good, until you try to figure out how it all fits together. The description reads like your files are encrypted with the outer level keys using AES-256. Then it seems PBKDF2 is applied to your password and the resulting key decrypts the outer level keys which gives you access to your files.


This link seems to verify that (but the author looses credibility in exchange for sensationalism. He writes that Dropbox was not encrypting files when they actually were. Dropbox got into hot water in early 2011 because of hash based file-level deduplication of user data (i.e. convergent encryption), not because they didn't have encryption at all.)


Anyway, this forum post (by the way, you need a SpiderOak account to view the forums) does specify that their AES uses CBC mode, but there are still many blanks which need to be filled. A representative responded to my questions about these things, saying that they were forwarded to a developer who never got back to me. This rep even asked the dev to give my questions "special priority".


* * * * *

It might come as a surprise then, that SpiderOak's description for the client authentication process is very detailed (see User Authentication Process). Beyond the initial first login when an account is created, a challenge is issued from server to client software. It's elaborated on further in the above link, but simply put, if the client extracts the correct response from the challenge package, SpiderOak allows the client access. The concept of the exchange is called a zero-knowledge password proof. SpiderOak stores all account encryption keys on its servers, and the password is what locally decrypts the master key.


SpiderOak's blog outlines how signing up for a new account is handled in the browser, but you can also do this through the client. Your password is hashed in the browser with a JavaScript implementation of bcrypt, then sent to SpiderOak's servers where it's compared with a hash of the password which it received when you installed the client. The bcrypt hash is only used for this purpose and only if you create the account through their webpage.


Managing your account through SpiderOak's web interface is intentionally limited. You cannot upload, but you can download, deauthorize devices attached to the account and then of course, do normal account management stuff like changing email addresses and cancellation. When accessing your account or the forums from an internet browser, your password is sent to SpiderOak to decrypt your keys into RAM for the duration of your session. (See Instant Access From Anywhere.) SpiderOak is upfront about how this stretches thin the zero-knowledge concept and because you're giving SpiderOak your account password, they stress the importance of using the client software whenever possible.


* * * * *

SpiderOak's client deduplicates your data by uploading only the changed file journal entries. This is before the encryption is applied and only within your own account, not cross-user. SpiderOak released some libraries as open source, but their software as a whole is closed. Sharing can happen in two ways. First, by the familiar right-click, create link which gives you a direct download link, but it expires after 3 days. The second way is to set up a Room for your account, analogous to a public folder. You do this through the client, you can create as many rooms as you like and each room has its own web link you can give out.


SpiderOak handles the security well for the processes it does disclose. I'd like to know more about how the keys all mesh together. For example, how many keys per file? What uses RSA and what uses randomly derived AES? I found little on how metadata is managed other than that it's encrypted separately of the file. That would imply at least two keys per file, and I found nothing on file encryption process itself. I'm also not thrilled about how SpiderOak's forums aren't public for viewing. Business-wise, it's an arguably small edge to have people create the account first, but it's annoying when just searching for information and SpiderOak's website is not adequate. This could all be easily remedied by either modifying a few web pages or consolidating all their security info.




SugarSync

https://www.sugarsync.com

Account activation by emailed link: Yes

At-rest encryption: 128-bit AES, server-side.

Can view recent account activity from web interface: Recent uploads.

Client automatically updates: No

Client proxy support: Yes

File name and metadata encryption: Unknown

File size limit: No

Free account expiration due to inactivity: 90 days

Free account storage size: 5 GB

Info present in public links: User name and file name & size.

Location: Offices in San Mateo,California. United States.

Platforms: Android, Blackberry, iOS, OS X, Symbian, Windows (mobile and desktop).

Two-factor authentication: No

Software version used: 1.9.80.99361.20120921

Extras of interest: One of their backup centers is to Amazon S3, 500 MB per referral, 6-step task list for 125 MB per task, media streaming.


My first impression of SugarSync's software was it's the kind of program which would be quick to figure out for people who think computers hate them. If you like big buttons, accessible, simple and useful, then SugarSync's client would make you happy. A quick pointer: though you can somewhat work with your account through the file system, it's extremely limited so don't expect to do anything productive through the Magic Briefcase folder created on the desktop. You can drop files into it for upload and delete items, but that's all. You can manage your account much more efficiently through the SugarSync client.


SugarSync's web interface gives you a page for recent account activity but it only showed me one photo upload from when I first created the account, even though there had been numerous syncs and uploads since then. SugarSync gives you media streaming and file previews over the web but their software does not encrypt anything on your computer. The AES is applied server-side. SugarSync also does not deduplicate user data.


* * * * *

SugarSync's customer support provided a rare piece of true entertainment. To set the tone, picture yourself as a psychologist with a new patient. You ask this person why they think they react the way they do to certain stimuli. Your patient simply answers, "Giraffe."


That basically sums up SugarSync's reply to anything I asked, or maybe my support ticket was MITM'd by Spongebob Squarepants. The exact replies on security were literally cut and pasted from SugarSync's website and did not even begin to address my questions. And yet, the representative was cognizant enough to conclude his reply with, "I hope the above information was helpful." Either I was trolled by an unparalleled master, or there needs to be a meme for a facepalm so spectacular, you feel karmic shame for the other person.


Why not just say they can't specify due to whatever kind of reason I have no way of verifying? Why even bother responding? I was veritably perplexed. SugarSync did, however, say they're working on a Linux client.




Symform

https://www.opendrive.com

Account activation by emailed link: Yes

At-rest encryption: 256-bit AES, client side.

Can view recent account activity from web interface: Synced devices and folders.

Client automatically updates: Yes

Client proxy support: No

File name and metadata encryption: Unknown

File size limit: No

Free account expiration due to inactivity: 90 days

Free account storage size: 10 GB

Info present in public links: n/a

Location: Offices in Seattle, Washington. United States. Servers worldwide.

Platforms: Android, iOS, OS X, Windows.

Two-factor authentication: No

Software version used: 3.9.7.0

Extras of interest: Can allow or disallow access by IP address and/or range, allows folder/file access permissions, HIPAA compliant, extensive account log reports


Symform is another backup & sync service whose biggest perks are redundancy, decentralization and a 10 gig free account. They've developed what they call their Resilient Storage Architecture to distribute chunked up user data throughout their network.


Symform's client encrypts each individual folder with its own key, then divides the folder into 64 MB blocks. If a folder is under 64 MB, it's partitioned into smaller sizes. These encrypted chunks are then split up again into 96 fragments and distributed to 96 different nodes of Symform's network throughout the world. They have a nice graphic to illustrate this. If you're wondering about server-side disk failures loosing your data, Symform says, "...you're protected from the failure of up to 33 unrelated, geographically separate disks." Nice.


Each file and folder is encrypted with its own randomly generated key, but Symform did not reply to my inquiries asking for any further explanation.


Symform's client only gives you a Start Menu entry, no right-click options, but it's intended to work as a background service with minimal user interaction. You can specify bandwidth limits and Symform does deduplicate data within an account, but not cross-user and there is no public link sharing. To close a Symform account, you must delete all contents and it will deactivate after 90 days of inactivity.




Syncplicity

https://www.opendrive.com

Account activation by emailed link: Yes

At-rest encryption: 256-bit AES, server side.

Can view recent account activity from web interface: Shared link and synced device activity.

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: Unknown

File size limit: 2 GB

Free account expiration due to inactivity: 3 months

Free account storage size: 2 GB

Info present in public links: File name & size.

Location: Offices in Menlo Park, California. United States.

Platforms: Android, iOS, Kindle Fire, OS X, Windows.

Two-factor authentication: No

Software version used: 2.1.4496.0

Extras of interest: 1 GB referral program.


Syncplicity has a white paper for an overview on their security. Encryption keys and account authentication info are stored in two separate datacenters, and each file and file version has its own randomly generated key. An interesting note from the document is their mobile access pin policy. You can secure a file with a 4 digit PIN code and it says, "Failure to properly enter the 4-digit PIN will automatically delete user data."


To create a Syncplicity account, you must enter a phone number with a first and last name. They can be random. Syncplicity's client allows you to edit photos in Picnik, documents in Zoho or Google Docs (Google Drive) and preview documents in Scribd. The client is simple and intuitive. You can pick sync folders from a file tree or create new ones. There's a right-click menu entry for adding an item or folder to your account, and for creating share links, which can be deactivated through the browser. A free account can share up to 10 public links.


With Syncplicity, you must first create the account through their website and then you're given a download link for the client program, you can't do this the other way around. You need Flash in your browser to work with your files through the web interface and though it's laggy, you have full control over the account and its contents.


Syncplicity's client didn't behave well for me. After the install, it uploaded a few things but after, the client froze and would not upload anything further. Hovering the mouse pointer over the Syncplicity icon in the taskbar said "100% synchronized, synchronizing" and the green progress bar moved side-to-side as if there was an upload taking place, but there was no network traffic and no way to revive the program. Killing the service or rebooting didn't solve and the trace window (ctrl+click on the taskbar entry) just said I was uploading to my account, no error or status reading.


Syncplicity and security can be summed up in one word&ironic. It's ironic that a company who published a paper called Securing Data in the Cloud. 10 Critical Questions to Ask Your Cloud Provider (which recommends that potential customers find out as much as they can about a prospective service) does not respond to in-depth questions about their own service. Flash is a technology known for security and privacy problems but unlike Java's crypto libraries, Flash doesn't have any redeeming benefits in this context. Therefore it's ironic and unfortunate that Syncplicity chose Flash to power their web interface.




TeamDrive

https://www.teamdrive.com

Account activation by emailed link: Yes

At-rest encryption: 256-bit AES, client side.

Can view recent account activity from web interface: Date & time last accessed.

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: Yes

File size limit: No

Free account expiration due to inactivity: No

Free account storage size: 2 GB

Info present in public links: n/a

Location: Offices & some servers in Hamburg, Germany.

Platforms: Android, iOS, Linux, OS X, Windows.

Two-factor authentication: No

Software version used: 3.0.7 build 226

Extras of interest: Uses OpenSSL for AES-256 (CBC mode with ciphertext stealing (CTS)), MD5 and RSA-2048, supports WebDav over HTTPS, uses Amazon EC2 servers, 250 MB referral program up to 10 GB.


TeamDrive is an independent company based in Germany and they offer a client program for backup and syncing and a server edition to host your cloud on your own hardware. The security page of their website shows that every other year since 2005, TeamDrive been certified by a German data protection agency called the Independent Regional Centre for Data Protection of Schleswig-Holstein (oder, der ULD-Schleswig-Holstein). Their first study lays out the different libraries and processes TeamDrive uses which was great to see, but the most eccentric choice of TeamDrive's implementation was recently changed.


Previous software versions created a Diffie-Hellman key pair using OpenSSL. TeamDrive does not use HTTPS to secure transfers between the client and servers so this key pair took the place of SSL or TLS, so to speak. For version 3.0 of TeamDrive's software, they now use 2048-bit RSA keys instead of Diffie-Hellman. The end result still is that anyone listening in on your transfer will see only ciphertext.


* * * * *

When you start the client for the first time, you can create your account and your RSA keys are generated. TeamDrive is sent your public key and of course, your private key remains on your computer, stored encrypted with AES-256. The client calls your storage directories Spaces. Spaces sync between your devices and TeamDrive's servers and you can turn any folder into a synced space. Each space (with all metadata) is encrypted by the client with AES and those keys stored on the user's computer, encrypted again. These account keys can be exported and then imported to a fresh system after the client authenticates your account.


When you enter your account info for the first time with TeamDrive's client, your password is salted and MD5 hashed. This checksum and your username are your login credentials which are stored on your computer, AES encrypted. Each subsequent time you start the program, it connects automatically by checking your locally stored hash with the one TeamDrive has on their servers. While this is the most convenient method, I think that ideally, users should have the choice to auto-login or not. If they choose to manually enter their password, it should be processed on each login instead of storing the checksum locally.


TeamDrive's web login is only for basic account management. You can change your password and language, delete a storage space and invite friends. There is no file access and everything performed through the website can also be done through the client. For login through the website, your raw password is sent over HTTPS to TeamDrive's servers; the salting and hashing process is performed server-side. TeamDrive acknowledges that sending your password anywhere represents a risk and they recommend that users work in the client program whenever possible.


* * * * *

User registration and account info is stored on TeamDrive's servers in Germany, but depending on your location, uploaded files will be stored in different places. All TeamDrive's European customer data will be stored on Amazon Europe's servers in Ireland. American accounts will use an Amazon server in Virginia and accounts in Asia are stored again in Amazon centers in Hong Kong. The factor which decides this backup location is the client version you're served when downloading their software. Regardless of your region, you can contact TeamDrive and ask your data be moved to a specific datacenter of your choice.


TeamDrive's software lets you add additional servers (including those on your own hardware) to manage through their client. You can not share public links with TeamDrive's free version, sharing can only occur between multiple TeamDrive accounts. TeamDrive does not deduplicate user data and their free client has a banner ad at the bottom. To close a TeamDrive account, you must email them from the address you used to open the account and ask it be deleted.


My experience with TeamDrive's support was superb. They were fast to answer questions, very thorough and open about processes and spared no technical verbiage.




TitanFile

https://www.titanfile.com

Account activation by emailed link: No

At-rest encryption: 256-bit AES, server-side.

Can view recent account activity from web interface: Yes, previous 7 days.

Client automatically updates: n/a

Client proxy support: n/a

File name and metadata encryption: Yes

File size limit: 100 MB

Free account expiration due to inactivity: 6 months

Free account storage size: Unlimited

Info present in public links: n/a

Location: Offices Toronto and Halifax, Nova Scotia. Canada. Servers in Halifax.

Platforms: All major browsers.

Two-factor authentication: No

Software version used: n/a

li>Extras of interest: Uses server-side Truecrypt containers, SaaS 70 certified, HIPAA compliant.


TitanFile is a unique creation among the others on this list. Though you can use your account as simple storage, TitanFile's highlight is secure file sharing within trusted groups. I hate to use the term, but you could even call TitanFile a Lite social network if you really wanted to.


There is no client program, it's all managed through an internet browser. What happens is, you create a Channel, which you can think of as a workgroup and you have up to 5 channels with Titanfile Basic (free). Then you upload files to your account and share them in a channel where your contacts can comment on them (and you on theirs). It's a different perspective on collaboration than we've seen so far. Their overview video is much better than my brief description.


* * * * *

TitanFile encrypts all on its disks, but in a different way than you're expecting. TitanFile uses Proxmox, an open source virtualization platform on its servers. Inside Proxmox run Linux operating systems and in these, each new account creates an AES-256 Truecrypt volume for itself with SHA-512 hashing. TitanFile developed their own application for interfacing between the Truecrypt volumes and their website which preserves Truecrypt's functionality and security. TitanFile doesn't allow user info written to disk outside the Truecrypt volumes.


TitanFile chose not to disclose info about the login process but said that, "...usernames and passwords are indeed encrypted with a two part company key. One known to the company CTO and the other to our board chairman so that one individual cannot compromise the integrity of data on their own."


Currently, TitanFile can not share files outside of the TitanFile cloud, but this is something they're working on so public links are in their future, as is two-factor authentication. TitanFile was spectacular with support requests. Replies came quickly and directly from their CEO who showed no hesitation and much knowledge about TitanFile's account security. Even better, TitanFile said they plan on writing up whitepapers on security processes for easy access through their website. Bravo, TitanFile!




Wuala

https://www.wuala.com

Account activation by emailed link: No

At-rest encryption: 256-bit elliptical AES, client-side.

Can view recent account activity from web interface: Yes

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: Yes

File size limit: 40 GB

Free account expiration due to inactivity: 90 days

Free account storage size: 5 GB

Info present in public links: User name and file name & size.

Location: Offices in Bazel, Switzerland. Servers in Switzerland, Germany and France.

Platforms: Android, iOS, Linux, OS X, Windows.

Two-factor authentication: No

Software version used: 1.0.411.0

Extras of interest: Requires Java, owned by LaCie which is owned by Seagate, 1 GB referral program but the space only lasts 1 year, accepts bitcoins for paid accounts.


Wuala is one of the more well known secure cloud storage options, generally held in the same esteem as SpiderOak. Wuala is not intended to be open source and most of its processes indeed are not, but it uses several open libraries and the code is available for both their Java Web Start applet and their hash map used for deduplication.


All Wuala's AES is in CBC mode with a 256 bit key length. Each account starts with a master key created by the client using AES and 100,000 rounds of PBKDF2 on the account's user name and password. This master key is again encrypted with your password key and stored on Wuala's servers. The password key uses your password as the input, with the same AES/PBKDF2 process above and it's generated on each login or stored locally if you choose the autologin option in the client. The master key's purpose is to decrypt your root files which are made available to the client on login.


* * * * *

Wuala's Cryptree system of encrypted file management picks things up from here. It was developed by ETH Zurich, a Swiss university and Wuala provides a pdf of how it works, but this is an academic paper discussing a complex process. I found it a tedious read which requires a firm grasp on more than just basic cryptographic foreknowledge. I'll summarize some of it here.


Each file in your account actually has three 2048-bit RSA key pairs and each folder has five key pairs. Bear with me here... Wuala's software takes an SHA-256 hash of each file and uses that hash to derive an AES-256 encrypted output. This is key 1, called the file's data key. Each file's metadata is also encrypted with AES-256 which is key 2. The Cryptree paper refers to the metadata's key as the backlink key. The 3rd key is for public access. It's only generated if you designate its parent folder for sharing, so it's not created by default. Each key is then encrypted again with its folder's key.


Now for folder encryption. We have again the data key, the metadata key and the (optional) public access key. We then additionally have a subfolder key and last, a file key to decrypt the folder's contents for display in the client program. The write key is further encrypted with your master key. You may have guessed that a file's data key mentioned above is the RSA counterpart to it's parent folder's file key. This is illustrated in Figure 3 of of the Cryptree article (section 5.2.1). I snipped it out for a direct link. Each time an arrow goes from one key block in the drawing to another indicates an RSA key pairing.


* * * * *

All that so far only explains read access. For write access to your account, three more RSA key pairs are generated and again, keep in mind these are per folder. Let's take this slowly.


First is a write key. This is similar to the subfolder key mentioned above. It decrypts the subsequent folders' write keys, and its own folder's signature key. When you perform a write operation (say, deleting a song from your music folder), the signature key signs that write process for its own folder. The signature key is private to you, stored only on your computer. Next is the verification key and again, one for each folder. This is the RSA public counterpart to the signature key. The verification key is stored in plain text and Wuala's servers also have a copy. Without a copy of your verification key, their servers would not allow you to write to your account because it would have no way to verify your write's signature. Finally, we have the write clearance key, which operates the same way as the clearance key mentioned previously and it's not generated by default.


Alright, now remember that Wuala uses convergent encryption for cross-user deduplication, so where does that fit into things? Well, convergent encryption takes the hash of a file and adds it to a master index which the service provider keeps. So back up a few paragraphs, before a data key is derived from a file. That file's SHA-256 checksum is added to Wuala's index. This index is called the Wuala Persistent Map and its generative process is one of the open source Java bases released by Wuala. Wuala says they do not have any way of knowing who owns which file, only that a specific file exists on their system.


Wuala's web portal uses a Java Web Start application to access your account. This performs all the encryption/decryption services on your computer, so you do need Java's browser extensions for it. To post on Wuala's forum, you must create a username and password separate of your actual Wuala account. To close an account, you must email Wuala from the email address used to create the account and ask them to discontinue it.


* * * * *

The issues against Wuala are nothing new at this point. Their still largely closed platform coupled with the complexity of the Cryptree system has drawn criticism, though it has improved over the years. Since the Fraunhofer article (see Resources on the intro page), Wuala's blog indicated that they may begin email verifications for new accounts, and that convergent encryption will go away at some point. A Wuala account's public folders can also be indexed by search engines.


Though there are still blanks to fill in, Wuala actually has a lot of security info available from the outset. The trouble is that it's scattered amongst forum threads, blog posts, the Cryptree paper and other places. The user must piece everything together and this is disappointing to find from the provider of a security product. Wuala needs a security subpage on their website to act as a mainstay for all available and current information. It would also be great to purge (or at least, indicate) the several year old blog entries and forum posts which point to old and misleading info. They only create unnecessary noise because these are the links which search engines are dredging up for potential customers.


Wuala's support was informative in their responses but it did take some reminding to get answers. I would have liked to know about Wuala's transport security algorithm. Currently, all packages to Wuala's servers are signed by a user's key (which key wasn't specified) and encrypted with the server's public key. A representative informed me this unnamed PKE process will be replaced by traditional SSL in the near future. Wuala also said they will be implementing an account inactivity termination time, but that timespan is still undetermined.




ZenOK

http://www.zenok.com

Account activation by emailed link: Yes

At-rest encryption: 448-bit Blowfish, server side.

Can view recent account activity from web interface: No

Client automatically updates: Yes

Client proxy support: Yes

File name and metadata encryption: Unknown

File size limit: 50 MB

Free account expiration due to inactivity: Unknown

Free account storage size: 2 GB

Info present in public links: File name

Location: Offices and servers in San Antonio, Texas. United States.

Platforms: OS X, Windows.

Two-factor authentication: No

Software version used: 0.9.0.9006

Extras of interest: Monitors hardware life and system resources, can stream media from shared links, versioning, HIPAA & GLB compliant, redundancy servers in Rome, London and Hong Kong.


ZenOK caught my attention for two reasons. The first was its 448-bit Blowfish server-side encryption for storing user data, so it surely would be a worthy inclusion to this list. Second was how ZenOK is a hardware monitoring and back up solution and there's even a version with an antivirus included. I also love the little green umbrella for some reason. It reminds me of gnomes or hobbits, or something...not that I'm especially fond of either. I opted for the client version with no AV.


Here is a direct quote from ZenOK's website which appears when you click on the big yellow Alert button in their homepage. It's a JavaScript bubble so I can't directly link to it.


ZenOK monitors your computer hardware health including your hard drive temperature, computer memory consumption, CPU consumption, hard drive user intensity, system errors, Registry Errors, Operating System Errors, Windows Security Vulnerabilities and related updates to ensure no risk of data loss detection.

I was apprehensive at best. Frequent crashes and lockups, distorted on-screen graphics and boot problems are telltale signs of bad RAM. It's not a subtle thing like a bad disk sector. The CPU is more difficult to determine if failing and has nothing to do with data loss on local disks. I smelled gimmick. I also don't like the thought of a backup program digging so far into the system as to monitor for registry and Windows errors. But that's the point of ZenOK's software and in the spirit of providing a broad spectrum, I pressed on.


* * * * *

ZenOK's client wanted to install "The Official" ZenOK browser toolbar, and set Bing as the default homepage and search engine. How about no. I created my account through the client. It wanted the usual email address and a first & last name, but also a phone number. I entered random numbers and the account activated. ZenOK first emails you a password which you use to sign in to the account through zenok.com, then it can be changed.


ZenOK's client is compact and orderly but I was most interested to see what's in a tab labeled System. It reported CPU and RAM use, and then the model number, temperature and even uptime of the computer's hard drive. My spider senses were tingling, I didnt't see this ending well. The client program does not allow file access. You can only select folders for backup and set a network proxy. Everything else must be done through zenok.com.


A few minutes after I installed ZenOK, I got a popup from the client program. You can see it in the image below on the left. It said my hard drive was suffering seek problems and positioning failure, and that I should back up my data. My risk status was then bumped from green to yellow.


ORLY?? How extremely coincidental. Let's see what HDTune has to say about that.


The result was...nothing. The drive is in perfect health. CrystalDisk confirmed this and, just to build a stronger case against FUD programs, I then ran smartctl from Mint Maya installed on the same drive. Not a single error or point of concern from all 3 programs and the results are shown below. Not to mention that failing disk heads make a variety of sounds and this drive made no unusual noises or vibrations. An embarrassing fail, ZenOK. Better luck next time.


* * * * *

On the next boot, ZenOK's client stopped working for some reason. It would launch but not log in, eventually giving up and saying it can't connect to the server, yet every other program could access the internet just fine and I could log into my account through the browser. There's no way to exit the client program. It's always running in the taskbar and you either can set it to Snooze mode for certain intervals of time, or kill it in Task Manager.


A ZenOK account's main web interface is the same as Memopal's so I guess there is a template for these things. I have little else to add, I have no use for a program which says my hard drive is dying when it clearly is not, then refuses to work properly. ZenOK also did not respond to any of my inquiries asking about encryption, account authentication and by what means their software determines disk health.