[Sussex] Dropbox like system

Chris Edmunds chris.edmunds at gmail.com
Wed Dec 5 09:14:46 UTC 2012 

Hi all (please forgive the top posting and jumping around),

I did something like this recently (albeit on a single user basis) using
owncloud / s3 / encfs / my home NAS. Owncloud has multiple sync clients
(win/mac/linux), the ability to mount multiple storage points (nas, s3,
gdrive, dropbox) and the source is available.

"Just set up a secure connection between the server and the client to
secure the data during transmission.  VPN software is the way to go here"

It's been a while since I set up my instance of owncloud, but it uses a web
service to transfer data, so SSL can be used to protect the session rather
than setting up a VPN (although I did manage to get it working with
OpenVPN).  Even an SSH tunnel would simpler IMHO.

"If the server is located in a safe place (your home)"

This of course assumes that you're comfortable with the risk of compromise
via burglary.

"If the server is not trustworthy then you will need do
encryption/decryption client side only.  The server just stores the
encrypted data it is sent."

If you can mount the remote server as a filesystem (a la s3 via s3fs) then
encfs works reasonably well as client from my limited testing.

Chris

On 5 December 2012 08:47, John Crowhurst <info at johnscomputersupport.co.uk>wrote:

> Hi Steve,
>
> On 5 Dec 2012, at 08:17, Steve Dobson <steve at dobbo.org> wrote:
>
> > Hi John
> >
> > On 04/12/12 22:38, John Crowhurst wrote:
> >> Hello,
> >>
> >> I'm thinking of setting up a Dropbox like system for my backups. I have
> >> some software that can do synchronisation on Windows and Mac computers
> >> but have a couple of stumbling blocks that will need to be addressed.
> >
> > What software is that?  I ask because it might be useful to me as a
> > cloud storage system for my Android devices.
>
> I was using SyncBack for a while, I'm now using something called
> syncovery. However, it's proprietary and not free.
>
> I just wondered how Dropbox like services work and whether it is easy to
> setup on a remote host.
>
> >
> >> How do I organise the storage? Is there a file system that does account
> >> based encryption/decryption on the fly? Does it have a facility to show
> >> how much a user has used or is that managed through quota?
> >
> > I don't think that account based encryption/decryption is the right
> > solution here.  If the server is doing encryption/decryption then that
> > suggests that the data is being transmitted over the ether in plain text
> > - a security hole.
> >
> If the user uses SSH, then the link is encrypted.
> >> I looked at ecryptfs but that is an encryption layer that encrypts the
> >> partition by encrypting file contents but that doesn't stop someone who
> >> has root access from seeing their files.
> >
> > File system encryption is a good fit if the storage device is not
> > secure, and where the key can be kept safe when the data is not being
> > used.  Laptops are a good example here.
>
> I think that depends on what you are wanting. I've noticed that ecryptfs
> works as an intermediary layer and encrypts the file contents, rather than
> the whole drive. Without the layer, the files are useless.
>
> I would have thought something like a true crypt or tcfs volume would be a
> better choice for a laptop as nobody can see inside the drive but the
> person with the key.
> >
> >> I hope someone has ideas to point me in the right direction.
> >
> > The first question is: Whom do you trust?
> >
> > If the server is located in a safe place (your home) and you trust
> > everyone that has access to that location (your family) then there is no
> > need to encrypt on the server.  Just set up a secure connection between
> > the server and the client to secure the data during transmission.  VPN
> > software is the way to go here
>
> A home setup probably wouldn't need a VPN since everyone is effectively
> trusted, and wouldn't need encryption either.
> > .
> >
> > If the server is not trustworthy then you will need do
> > encryption/decryption client side only.  The server just stores the
> > encrypted data it is sent.
> >
> > Security is all about key management.  You need to keep the key safe and
> > only on systems that are trustworthy.
>
> I wondered how Dropbox does it, the connection is obviously encrypted but
> is it client side encryption or server side?.
>
> Best,
>
> John
> --
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> E-mail Address: sussex at mailman.lug.org.uk
> Sussex LUG Website: http://www.sussex.lug.org.uk/
> https://mailman.lug.org.uk/mailman/listinfo/sussex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/sussex/attachments/20121205/119d3a62/attachment.html>

More information about the Sussex mailing list