The Most Secure Cloud Storage Provider

Slides:



Advertisements
Similar presentations
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Advertisements

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Secure storage for your data in the Internet! If you have any question, you can contact us on: om.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Privacy in a Public World ISACA North Alabama Chapter March 11, 2008.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Electronic Mail Security
Computing Hardware Starter.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Chapter 15: Electronic Mail Security
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
Instructional Technology & Design Office or Box at U of I: Cloud Services Presented by Kate Rojas.
Pretty Good Privacy (PGP) Security for Electronic .
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
INTERNET SAFETY FOR KIDS
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
CS101 Storage Information Storage The zeros and ones in the input devices, output devices and process devices are in _______ form and are lost when the.
© GCSE Computing Computing Hardware Starter. Creating a spreadsheet to demonstrate the size of memory. 1 byte = 1 character or about 1 pixel of information.
Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
| nectar.org.au NECTAR TRAINING Module 9 Backing up & Packing up.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Endpoint Encryption Methodologies Ed Underwood Dell Data Protection.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
E sign Requirements: How to make sure an esignature is valid
UNM Encryption Services in Development
iTWIN The Limitless - Pen drive
Web Applications Security Cryptography 1
Virtual Private Networks (VPN)
Trusted Computing and the Trusted Platform Module
Security is one of the most widely used and regarded network services
Common Methods Used to Commit Computer Crimes
Ways to protect yourself against hackers
Amazon Storage- S3 and Glacier
Online password manager By: Anthony diveronica
e-Health Platform End 2 End encryption
Trusted Computing and the Trusted Platform Module
Security and Encryption
Presented by, K.K.Radhika.
0_kit End to End encryption in your app
Fundamental Concepts in Security and its Application Cloud Computing
Introduction to Computers
Tutorial on Creating Certificates SSH Kerberos
Introduction to Computers
Uses Of Encryption Algorithms
Overlay Networking Overview.
SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer
How to Protect Big Data in a Containerized Environment
Secure and Private Event-Photo Sharing Made Scalable and Reliable Thanks to Microsoft Azure “With Microsoft we found a good partner we trust, and with.
The Internet of Unsecure Things
Chapter 3: Windows7 Part 3.
Network Security – Kerberos
Rivest, Shamir and Adleman
Introduction to Symmetric-key and Public-key Cryptography
Files Management – The interfacing
Online software and backups
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Multimedia Training Kit
Utility Software compression; defragmentation; backing up; encryption Revision YouTube clip:
O.S. Security.
RUBIDEX Blockchain Overview RUBIDEX.NET-A reliable Blockchain Solution.
Partitioning & Formatting
INTERNET SECURITY.
Presentation transcript:

The Most Secure Cloud Storage Provider Anton Titov CTO CyberCon, June 2018, Sofia

Client-side encryption Zero-knowledge privacy Multi-layer protection Absolute Security with pCloud Crypto Client-side encryption Only the user has access to the encrypted content Zero-knowledge privacy pCloud does not know what is saved in Crypto Folders Multi-layer protection Additional protection layers & keys pCloud Crypto Hacking Challenge with $100,000 award. For 6 months 2,800+ hackers - Berkeley, Boston, MIT and 523 other organizations None of them succeeded.

Mission Client-side encrypted cloud storage Accessible from multiple software clients / platforms All user needs to access encrypted data are account credentials and encryption passphrase Efficient read/write random access

Everybody do encryption, don't they? Encryption of in-transit data Encryption of stored data with provider's keys Client-side encryption

Still, it should not be that hard, right? What is actually encryption? What is authentication? Encryption and authentication of data connection - fairly trivial. Block device (hard drive) encryption - fairly trivial. Authentication may degrade performance, but you can live without it. Encryption of randomly accessible data - fairly trivial, authentication is however tricky.

How to authenticate a file as a whole? Split file into blocks of some size, say 4Kb Use a Merkle tree to authenticate the file Since we are working with disk storage, don't use a binary Merkle tree, but say 256-way one Files with reasonable size will have a tree-depth of 2-4 levels Wouldn't it be great to also have a Merkle tree of directory structure?

Technological overview Each user has 4096 bit RSA key, private encrypted with AES256 key derived from passphrase with PBKDF2, public and encrypted private parts stored in the cloud Each folder and each file has its own AES256 and HMAC-SHA512 key, encrypted with RSA and stored in the cloud Folder keys used to encrypt file names and sign keys of in-folder contents File keys encrypt and authenticate the file data

So the private key is actually stored in the cloud? Yes, but it is in turn encrypted There are alternatives but those are slow and messy

Future work: Share-Able encryption 24/7 Access to files We don't really need RSA in the picture now Big challenge: trust, MITM Just encrypt every folder/file key with public keys of all users that have access Linear scaling by number of users is not ideal, but public RSA operations are ~100 faster than private ones anyway Collaboration

Anton Titov, CTO anton@pCloud.com Thank You Questions? Anton Titov, CTO anton@pCloud.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.