Encrypted Cloud Storage
Introduction
We cannot disclose the name of the product that we built as we are under an NDA at the moment. At the same time, we are extremely proud to be a part of this project and would like to describe the solution we proposed.
Our partnership began with a request to create a mechanism of remote administration of FileVault, a disk encryption software for MacOS. That was a task that we found rather easy to accomplish, and our collaboration moved on.
During the discussion, the Adoriasoft team proposed a solution for secure cloud data storage using such services as DropBox, Google Drive, etc. At that time, the solution was rather innovative.
We offered to develop an encrypted cloud storage that, in addition to storing data securely, allowed encrypted access to the data by other members of the system. The solution was designed with a user-friendly and intuitive interface where any user could easily secure their data.
Our partners appreciated our initiative, and we began scientific research that laid the foundation of further development.
Solution
We started with the research and architecture design and used the research results to build the project plan.
Our first step was the creation of a virtual volume for two operating systems – MacOS and Windows – together with a special file system. The volume could be encrypted with a stream cipher using the AES symmetric encryption algorithm.
Next, we implemented volume synchronization between the user’s machine and a cloud storage, such as DropBox, Google Drive, etc. At the synchronization stage, the user’s data was already encrypted to prevent unauthorized access.
Now, the main problem was to enable key sharing, because sharing an AES key, especially over an open network, is extremely insecure. This is where our profound cryptography expertise came in useful, and we decided to use asymmetric cryptography. Each user was provided a key pair consisting of a public and a private key. To share the AES storage key, we used the receiving user’s public key which we encrypted with elliptic curves.
This way, an encrypted key could be shared with other users over an open network. The recipient could decrypt it with their private key getting access to the corresponding data in the cloud storage.
We also adapted this solution for enterprise applications. We built a second version of the product using the Master Key. The Master Key allowed administration of the enterprise network and provided access to data within it, when necessary.
At the final stage of the project, we created a transparent and intuitive user interface that required no special technical skills to use our solution and ensure data security.
Technology Stack
We believe that a technology is merely a tool that shows its full potential only in skilled hands. For this project, we selected the following technologies:
C++, Qt, QML, AES, ECIES (Elliptic Curve Encryption Scheme), Diffie Hellman
OpenSSL, SHA1, SHA2, MD5
Dokan, FUSE, Objective C
CorePlot, PackageMaker
Summary
As a result of this project, our team built a new business model and a new technical solution. The team’s expertise allowed to create an effective architecture capable of solving complex cryptographic tasks.
- Development of a local virtual volume for MacOS and Windows together with a file system that is encrypted with a stream cipher using the AES symmetric encryption algorithm.
- Synchronization of the encrypted local virtual volume with cloud storages, such as DropBox, Google Drive etc.
- Sharing of the AES key encrypted by the Elliptic Curve Encryption Scheme
- Enterprise solution using the Master Key
- User-friendly, intuitive interface and backend for mass use
We hope this use case is of interest to you. We are always open to new tasks and challenges. Should you need more information about Encrypted Cloud Storage, contact Adoriasoft, and our experts will be glad to provide it.