end to end encryption design in nextcloud contents
play

End-to-end Encryption design in Nextcloud Contents Intro Nextcloud - PowerPoint PPT Presentation

Mar 25, 2024 •44 likes •284 views

End-to-end Encryption design in Nextcloud Contents Intro Nextcloud What is E2EE E2EE requirements E2EE technical design Initialization File handling Sharing Edge cases & limitations Nextcloud GmbH 2 What is

  1. End-to-end Encryption design in Nextcloud

  2. Contents ● Intro Nextcloud ● What is E2EE ● E2EE requirements ● E2EE technical design – Initialization – File handling – Sharing ● Edge cases & limitations Nextcloud GmbH 2

  3. What is Nextcloud? ● Nextcloud Files private, self-hosted cloud keeping your data secure ● Nextcloud Talk self-hosted secure video/text chat ● Nextcloud Groupware Easy mail/calendar/contact Nextcloud GmbH 3

  4. Features Open Source Auditing, workfow Easy to use web UI External storage Video/text chat LDAP/ SAML/2FA Collaborative editing Developer APIs Control access rights Mobile/desktop clients Nextcloud GmbH 4

  5. What is End-to-end Encryption Fully protects data/communication from user-to- user so no interception in between can capture data, including servers the data passes through. ● Signal, whatapp, ... ● PGP/GPG for mail Nextcloud GmbH 5

  6. End-to-end encryption in Nextcloud Core goals of our design ● Protect data 100% from the server – Keep data safe in case of fully compromised server or malicious administrator ● Be super easy for the end user – Complexity is enemy of security. Assumption: user makes mistakes, administrator is competent. Nextcloud GmbH 6

  7. Requirements of E2EE in Nextcloud ● Allow secure sharing and ● Ofer optional data recovery – With of-line admin key. Users gets – Guarantee confdentiality warned when this is enabled. ● Only authorized users can have access ● Multi-device support – Guarantee integrity – Friction-less access for all user devices ● Files can not be tampered with ● Easy key exchange undetected – Guarantee authenticity – Sharing should be seamless, secure and not require passwords ● Ownership is always clear ● Versioning of protocol ● Use tested, widely used libraries – Improvements can be made – Available on recent versions of iOS, ● Full activity logging possible for auditing Android, Mac, Windows, Linux, PHP7 Nextcloud GmbH 7

  8. Accepted feature loss ● Only top-folder-level sharing Some of these can, in time, be mitigated. Others are inherent – No sharing of individual fles or folders in an encrypted folder to secure End-to-end ● No group sharing Encryption where the server has no knowledge of the data. ● No public link sharing ● No web access to data Example: web interface access requires code from server → – No collaborative editing which can’t be trusted. Would ● No server capabilities like fundamentally break the versioning, trash, comments, security model. favorites, server-side search. Nextcloud GmbH 8

  9. Next slides: explain design ● Initialization – Create keys, add devices ● File handling – Create folder, fles, download fles etc ● Secure sharing – Sharing, unsharing Nextcloud GmbH 9

  10. Creating a secure identity ● Keys: – Generating – Signing – Encrypting – Syncing ● Adding new device Nextcloud GmbH 10

  11. Initialization – step 1 Nextcloud GmbH 11

  12. Initialization – step 2 Nextcloud GmbH 12

  13. Initialization – step 3 Nextcloud GmbH 13

  14. File handling ● Create E2EE folder ● Upload to server ● Add fles ● Download on other device Nextcloud GmbH 14

  15. File Handling – Create folder Nextcloud GmbH 15

  16. File Handling – Add fle Nextcloud GmbH 16

  17. File Handling – Upload to server Nextcloud GmbH 17

  18. File Handling – Add 2 nd device Nextcloud GmbH 18

  19. Sharing and unsharing ● Sharing ● Unsharing Nextcloud GmbH 19

  20. Sharing Nextcloud GmbH 20

  21. Unsharing Nextcloud GmbH 21

  22. Edge case: complete key loss ● Any user device can recover mnemonic to decrypt Options available in case key the user lost the key. – Lost phone? Add new phone, using laptop to show key ● Optional recovery key Recall: design assumes – When recovery key is enabled, private/public key pair is generated. Users will encrypt all data against public user is weakest link. So: key. Private key protected with mnemonic, shown once to server admin for secure, of-line storage. – User does not choose a – All devices lost? Admin can use recovery key to recover user data. NOT USER KEY or IDENTITY, they are lost. password but is given one – Enterprise use case: employees which have left the company. – User is asked to store ● If CSR/HSM: new user key and identity can be created. password but assumption – A hardware security module can securely generate a is user won’t new user identity. Nextcloud GmbH 22

  23. More information ● nextcloud.com/endtoend – Contains link to detailed design whitepaper ● github.com/nextcloud – /ios – /android – /client – end_to_end_encryption – end_to_end_encryption_rfc Nextcloud GmbH 23

  24. A safe home for all your data Nextcloud GmbH +49.711.896656-0 Kronenstr. 22A hello@nextcloud.com 70173 Stuttgart Germany nextcloud.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NextCloud OnlyO ffj ce Integration ""#"" -""#$% Managed Solutions

NextCloud OnlyO ffj ce Integration ""#"" -""#$% Managed Solutions

BA.net EN . . BA.Net AdBlock VPN JA KO NL GE FR IT PT ES iPhone Speed VPN - BA.net NextCloud . OnlyO ffj ce . AdBlock VPN . Mobile VPN . Config . Video . Privacy . BUY PRO NextCloud OnlyO ffj ce Integration ""#""

540 views • 5 slides
Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

923 views • 51 slides
Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

681 views • 51 slides
Collabora Online in Nextcloud Silva Arapi silva@arapi.tech ROME | 13 October 2017 Agenda

Collabora Online in Nextcloud Silva Arapi silva@arapi.tech ROME | 13 October 2017 Agenda

Collabora Online in Nextcloud Silva Arapi silva@arapi.tech ROME | 13 October 2017 Agenda About me Nextcloud - Why should you use open source cloud services? Collabora Online web-accessible office suite based on LibreOffice

518 views • 9 slides
Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical

930 views • 65 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption principles Encryption quality Cryptography Public key cryptography The art of making Next week: Example algorithms DES, AES, AES

893 views • 78 slides
Nextcloud Decentralize the way we share, sync and collaborate Bjrn Schiele

Nextcloud Decentralize the way we share, sync and collaborate Bjrn Schiele

Nextcloud Decentralize the way we share, sync and collaborate Bjrn Schiele www.schiessle.org @schiessle bjoern@mastodon.social About Me Bjrn Schiele Free Software activist for 20+ years Building free, decentralized and open

922 views • 33 slides
Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should

Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should

Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should not reveal the persons height Shafi Goldwasser and Silvio Micali, 1982 1 Design of Encryption Algorithms Encryption algorithms are

421 views • 7 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David Pointcheval Ecole Normale Sup erieure INRIA June 6, 2019 Table of Contents Background Functional Encryption ABDP Applications of Inner

970 views • 51 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Productivity Applications Small Business Few Employees, Multiple Hats Data Data Data

Productivity Applications Small Business Few Employees, Multiple Hats Data Data Data

Small Business Productivity Applications Small Business Few Employees, Multiple Hats Data Data Data Productivity Limiting Factor on Growth Limited Investment in IT/Infrastructure Goal Today: Share ideas, successes to

634 views • 15 slides
LHSOA Lassiter High School Orchestra Association Welcome, Orchestra Family! Audrey Donahue

LHSOA Lassiter High School Orchestra Association Welcome, Orchestra Family! Audrey Donahue

LHSOA Lassiter High School Orchestra Association Welcome, Orchestra Family! Audrey Donahue President president@lhsoa.org Tonights Agenda General Business Events Treasury Membership Fundraising Lassiter String Academy Communications

1.08k views • 39 slides
Sprint 2 Presentation Dave, Catherine, Nick, Ryan, Travis, Kenny, Davis About Healthy Horizons:

Sprint 2 Presentation Dave, Catherine, Nick, Ryan, Travis, Kenny, Davis About Healthy Horizons:

Sprint 2 Presentation Dave, Catherine, Nick, Ryan, Travis, Kenny, Davis About Healthy Horizons: The Healthy Horizons program started in 2004 with the purpose of promoting healthy living by providing a comprehensive and confidential wellness

310 views • 13 slides
Alpha Presentation Cloud-Based Athletics Operations The Capstone Experience Team Medtronic Evan

Alpha Presentation Cloud-Based Athletics Operations The Capstone Experience Team Medtronic Evan

Alpha Presentation Cloud-Based Athletics Operations The Capstone Experience Team Medtronic Evan Francis Caitlin Russ Chris Paterson Mike Holp Department of Computer Science and Engineering Michigan State University Spring 2011 From

113 views • 9 slides
Infrastructure Enterprise Systems George Dranes, Assistant Director of the Computer Center

Infrastructure Enterprise Systems George Dranes, Assistant Director of the Computer Center

Infrastructure Enterprise Systems George Dranes, Assistant Director of the Computer Center Zach Pratt, Systems Programmer ENTERPRISE SYSTEMS Current Mainframe Configuration Separated into four logical partitions Production

392 views • 14 slides
Preserving Your Family Records Mary Lynn Ritzenthaler Mary Lynn Ritzenthaler will explain how to

Preserving Your Family Records Mary Lynn Ritzenthaler Mary Lynn Ritzenthaler will explain how to

Preserving Your Family Records Mary Lynn Ritzenthaler Mary Lynn Ritzenthaler will explain how to preserve family papers and photographs, how to safely mount them, and how to frame and display them. She will discuss the factors that cause

447 views • 34 slides
5.1 % ResyOS is a complete restaurant reservations and waitlist system. We o fg er cutting edge

5.1 % ResyOS is a complete restaurant reservations and waitlist system. We o fg er cutting edge

LETS CHAT O S www.resy.com/forrestaurants hello@resy.com Welcome to the Future of Restaurant Technology G L O B A L N O - S H O W R AT E 5.1 % ResyOS is a complete restaurant reservations and waitlist system. We o fg er cutting edge

296 views • 3 slides
DigiLabs Leading Photo Publishing Solutions DigiLabs Leading Photo Publishing Solutions who is it

DigiLabs Leading Photo Publishing Solutions DigiLabs Leading Photo Publishing Solutions who is it

Powering an Image Driven World with DigiLabs Leading Photo Publishing Solutions DigiLabs Leading Photo Publishing Solutions who is it for? Are you a Printer? Printer? Professional Photo Lab? Retailer? Retailer? If yes, you can benefit from the

343 views • 13 slides

More recommend