Something More for Research

Explorer of Research #HEMBAD

Cryptographic Cloud Storage

Posted by Hemprasad Y. Badgujar on February 25, 2013


survey the benefits such an architecture would provide to both customers and service providers and give an overview of recent advances in cryptography motivated specifically by cloud storage.
http://research.microsoft.com/pubs/112576/crypto-cloud.pdf

 

Cloud Storage Vendors Offering Encryption as a Service

Cloudfogger: The current version is more versatile and easier to use than the original. You access most Cloudfogger functions from the right-click context menu in the file system (e.g., Windows Explorer). Security is of course the most important aspect of encryption software, and Cloudfogger has that well covered too with AES 256-bit encryption algorithm and PBKDF2 key derivation. It also provides client-side password recovery.

Cloudfogger provides client-side encryption for all files in any folders (up to 5 for the free version) you want to select. It integrates seamlessly with Dropbox, SkyDrive, Box, Google Drive, or any other cloud storage service. The cloud only sees encrypted files since that is all that actually exists in the folders. The files are visible locally as unencrypted files when you are signed in to the Cloudfogger app though. Cloudfogger implements these two views – internal and external – using on-the-fly encryption. Folders that you “Fogg” (auto-encrypt) serve as encrypted file containers. Fogging also applies a file system overlay that presents the folder contents to the user as unencrypted files.

Cloudfogger has quickly become part of my backup solution. I use Cloudfogger to encrypt a few selected folders in Dropbox, SkyDrive and Google Drive. Now my encrypted files are synced between all the computers that I install Cloudfogger on. Because Cloudfogger encrypts one file at a time, open files are synced as soon as you save them.  Cloudfogger currently provides client apps for Windows, Mac OS X and Android, with iPad and iPhone coming soon.

You can also encrypt and decrypt non-synced folders or single files via the Windows Explorer context menu. That’s handy when you only want to encrypt a few files. For example, when you want to take them with you on a USB drive.

BoxCryptor provides most the same functions as Cloudfogger does. It is integrated with the file-system in a different way though. BoxCryptor uses an encrypted virtual-drive interface that is linked to an ordinary folder. Cloudfogger encrypts a single folder that it augments with a virtual-folder overlay to give cleartext access. I prefer the single folder solution, but other users prefer the virtual drive. For Windows, Mac, iPhone, iPad, and Android

However, the BoxCryptor approach leaves users open to fatal mistakes. All files to be encrypted must be placed in the virtual drive or they will not be encrypted. Any files placed directly in the “encrypted folder” [their name] are not encrypted. You must go through the virtual drive to encrypt the files. That could be hard to remember, and there is no indication of mistakes. Of course files you see in the “encrypted folder” that were inserted there by the virtual drive are encrypted.

TrueCrypt is a top-rated product for most uses, but there is a potential backup trap when it is used for files that will be synced or stored in the cloud. Encryption programs that create encrypted “volumes” (files that contain encrypted files) do not change the size of the volume (container file), and often – intentionally – do not change the modified date of the volume, even though files in the volume have been changed or added. The result can be that your cloud service does not recognize that the volume file has changed, and will fail to update the online copy.

TrueCrypt is an example of an encryption program that does not change the modified date of volume files (encrypted file container). However, some cloud backup services – Dropbox for example – check the hash value of volume files, not the date, and if that changes Dropbox stores the latest copy of the volume file. If you’re using Dropbox, that makes TrueCrypt an excellent way to implement client-side encryption for your most sensitive files. SkyDrive, monitors the modified date – not a hash value – so TrueCrypt volumes are not updated in the cloud by SkyDrive after their content changes client-side.

“With encryption use increasing, it prompts the need to better control and unify the management of data and policies, while reducing capital and operational costs,” he said. “These are weighed down by disparate encryption technologies arising from varying security, compliance and risk requirements.”

Standardizing the way data is encrypted in data centers will contribute to reducing costs. “Through the ‘crypto-as-a- IT-service’ model, organizations can deploy highly secure and standardized crypto services to individual businesses units, while ensuring protection, control, and governance of data, as well as cost efficiency,” he added.

Some of the technologies accelerating the transition to encryption as a service (EaaS) include hardware-based encryption key storage, centralized data protection schemes for applications, databases, storage and virtualized environments, and role-based access controls. These next gen technologies are aimed at improving the encryption solutions available at data center level.

New capabilities for data centers

Encryption involves two parts: algorithms to scramble the data and keys to unscramble it. EaaS involves centralizing the problematic part of encryption: key management. It aims to make cryptographic functions more easily available, both within a network and in cloud environments.

“Enterprise customers want to ensure that nothing leaves their data center without being encrypted and they want to keep control of that encryption by generating and storing their own keys,” said Andres Rodriguez, CEO of U.S. based enterprise storage companyNasuni. “They also want to make sure whatever access control is in place remains in place. This is only possible when dealing with pure data — so storage as a service — and not with complete applications as in software as a service.”

Traditional methods of handling encryption keys become unwieldy if not impossible in this situation because using cloud-based service solutions potentially means sending unencrypted information to the cloud software, and retrieving it in the same way.

“When delivering software as a service customers must trust the people and processes in their service provider,” said Rodriguez. “This security model is not nearly as robust as the cryptographic protection that can be applied to pure data.”

In other words, if users at your company are relying on cloud-based software for processing sensitive data, you can keep it safe by managing the encryption at the data center level. Nasuni’s technology, for example, allows companies to use cloud storage but still encrypt data at their premises with keys they generate themselves.

“The Nasuni storage services allow companies to tap into the cloud’s access to elastic storage capacity, with a built-in data protection model and the power to synchronise data globally,” Rodriguez added. “That’s a big change that makes the cloud enterprise-ready and brings some extraordinary new capabilities into data centers.”

Next gen storage solutions

The Nasuni solution looks just like another file server to users and, because the most frequently accessed files are also stored on site, performance is no different. Storage as a service offerings make use of the best of the cloud: unlimited storage, no requirement to back up, and the ability for multiple sites to access the same storage volume without resorting to complicated replication schemes or WAN accelerators.

Next gen storage solutions that include encryption technology also add in peace of mind.

“With crypto as a service you don’t need to worry,” said Gonen. “You throw data at it and it does all the key management and key backups. It’s all done centrally. All the user needs to know is what data to protect and who needs to be given access. People have been afraid of encryption for a very long time, so the ‘as a service’ model makes it easier for them to consume.”

“Great security is about the transparency of the implementation,” said Rodriguez. He advises looking for products that are based on rigorously tested solutions. “OpenPGP benefits from having had some of the best security minds in the world peer reviewing its specification for the last two decades.”

Enterprise networking and encryption are slowly converging and it will be interesting to see how the disciplines overlap over the next few years. “The last few years have been great; encryption suddenly became cool,” said Gonen. “This is the next generation of information security.”

Elizabeth Harrin is Computer Weekly’s IT Professional Blogger of the Year 2011. She is also director of The Otobos Group, a business writing consultancy specializing in IT and project management. She’s the author of “Social Media for Project Managers” and “Project Management in the Real World.” She has a decade of experience in IT and business change functions in healthcare and financial services, and is ITIL v3 Foundation certified.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Extracts from a Personal Diary

dedicated to the life of a silent girl who eventually learnt to open up

Num3ri v 2.0

I miei numeri - seconda versione

ThuyDX

Just another WordPress.com site

Algunos Intereses de Abraham Zamudio Chauca

Matematica, Linux , Programacion Serial , Programacion Paralela (CPU - GPU) , Cluster de Computadores , Software Cientifico

josephdung

thoughts...

Tech_Raj

A great WordPress.com site

Travel tips

Travel tips

Experience the real life.....!!!

Shurwaat achi honi chahiye ...

Ronzii's Blog

Just your average geek's blog

Karan Jitendra Thakkar

Everything I think. Everything I do. Right here.

VentureBeat

News About Tech, Money and Innovation

Chetan Solanki

Helpful to u, if u need it.....

ScreenCrush

Explorer of Research #HEMBAD

managedCUDA

Explorer of Research #HEMBAD

siddheshsathe

A great WordPress.com site

Ari's

This is My Space so Dont Mess With IT !!

%d bloggers like this: