PrivCloud đź”’
Abstract
The privacy and security of your most sensitive information is under threat. Recent incidents such as the crackdown by the UK government on Apple’s “Advanced Data Protection” iCloud feature, and Chinese hackers maintaining access to telecom networks in The United States, not to mention the steady flow of data breaches in Australia and abroad, highlight the need for average people to regain control of their digital information. However, this need must not be met at the expense of important attributes of quality cloud software; for example, reliablity and scalability.
Meet PrivCloud đź”’, an open-source, multi-platform cloud storage solution that supports end-to-end encryption (E2EE) by default. That means you own the keys to your data; no one, not even the administrators, can access your most personal secrets. In addition, MFA (Multi-Factor Authentication) will be mandated during registration to protect you from the vulnerabilities of passwords, with the option of passwordless authentication available in the settings. These features will be coupled with an intuitive user interface across all platforms, limited downtime, and high upload and download speeds, even at peak times.
Author
Name: Blake De Raat
Student number: 47454176
Functionality
- Web client - Access your files on the web through a dynamic user interface.
- Desktop application (Windows, macOS, Linux) - Access and manage your files within a desktop application with a similar user interface to the web client.
- Optional (enabled in desktop app settings): Access files through a Virtual File System (VFS) inside your operating system’s file explorer. A VFS also enables selective sync: the ability to selectively download local copies of remote files while also seeing all of your files in one place.
- Mobile: React Native application for Android and iOS
File Deletion
- There is a cloud trash folder that automatically clears file after being in the trash for 30 days.
Other Features
| Feature ID |
Feature name |
Description |
Platforms |
| 1 |
User Registration |
Create a user account with an email and a password - no phone number or other personal information needed. Optionally, a display name can be added, but it is not used to identify your account. MFA is compulsory; options include an authenticator app (such as Authy or Duo) or a physical hardware key (such as a YubiKey). Account verification done via email. |
Web Client, Mobile App |
| 2 |
Sign in |
Sign in using email, password, and MFA solution |
All platforms |
| 3 |
File upload |
Drag files onto the web interface to upload them. |
Web Client |
| 4 |
File upload |
Press upload file button and select files to upload into the cloud |
Web Client, Mobile |
| 5 |
File List View |
List files in a table view with information like file name, data modified, and file size |
Web Client, Mobile |
| 6 |
File Icon View |
View files as icons representing the file type or showing a small preview of the file. File previews can be implemented as plug-ins of a microkernel architecture. |
Web Client, Mobile |
| 7 |
File List View with File Preview |
List of files and the preview of the file side by side for images, videos, and documents. |
Web Client, Mobile |
| 8 |
Manage files |
Move, copy, and rename files like a normal file system using a three dots menu or dragging |
Web Client, Mobile |
| 9 |
Delete files |
Moving a file from VFS to trash will move the file to the cloud trash folder. |
VFS |
| 10 |
Delete files |
Pressing the three dots next to a file and pressing delete will move the file to the cloud trash folder |
Web Client, Mobile |
| 11 |
Settings Panel - Encryption |
Choose the encryption algorithm (AES_256_XTS or Twofish with 256-bit key and XTS Mode). XTS Mode guards against file corruption. Choose the KDF (Key Derivation Function): The algorithm used to generate the encryption key from the password. |
Web Client |
| 12 |
Settings Panel - Generate Recovery Key |
A recovery key is a phrase used to recover your account if password is forgotten. Once recovery key has been generated, it cannot be accessed again without generating a new one. |
Web Client |
| 13 |
Settings Panel - Change Password |
Enter old password and a new password to change it. |
Web Client |
| 14 |
Settings Panel - Change or add MFA options |
Add, modify, or delete MFA options. There must always be one MFA option enabled. |
Web Client |
| 15 |
Search functionality |
Support for search filters with boolean operators |
Web Client, Mobile |
| 16 |
Bidirectional sync |
Syncing is always bidirectional: data is automatically synced from your device to PrivCloud đź”’ and vice versa. |
Desktop App, VFS |
| 17 |
File version history |
Store old copies of a file as changes are made (changes detected using byte deltas). Use these backups to restore work that was lost due to human error or ransomware, or just to track file changes over time. |
All platforms |
| 18 |
Offline access |
Offline file access with syncing continuing once connection restored |
Desktop App, VFS |
| 19 |
API and integration with other apps |
Create an API key for your cloud account to integrate with interact with account from other apps. |
All platforms |
| 20 |
Storage management |
See the amount of storage used in your cloud vault, with the ability to manage your quotas. |
Web client, Mobile |
| 21 |
Self-host |
Deploy as a Docker container on any host, from home Network Attached Storage (NAT) solutions to large-scale enterprise solutions. |
Backend |
Scope
- The MVP will only implement the Web Client, the Desktop Application , and the Virtual File Systems for macOS and Windows - no mobile app.
- Other changes can be seen in the table below
| Feature ID |
Changes from Functionality |
| 19 |
No API integration with other apps will be implemented - not essential to the functioning of the application |
| 20 |
For testing purposes, there won’t be the ability to purchase more storage; a certain amount will be provisioned. |
| 21 |
Although very useful, self-hosting is not essential to function. |
Quality Attributes
Reliability
- Summary: The user must trust that their files are safe and always available. They must be able to depend on the syncing working in the background to want to use the product.
- Key Criteria:
- Very minimal file corruption.
- Very minimal file loss.
- The syncing functionality for the desktop app and the Virtual File Systems must work >99% of the time - minimal app crashes, system slowdowns, or other interruptions. No massive backlogs of yet-to-be-synced files.
- Encryption key after generation must always work to decrypt data, otherwise data is lost forever.
- Other attributes considered
- Availability is also arguably very important; however, reliability was deemed more important because, even if the cloud service were to be down for a small amount of time, files from the desktop client can re-sync once the service is back online. Availability is also arguably a subset of reliablity.
Scalability
- Summary: Application must be able to support a large user base in terms of performance and storage for it to have an impact.
- Key Criteria
- File syncing, file uploading, and file management should remain performant even during peak times.
- Scale to meet storage demands
Security
- Summary: Security of your personal data is the entire reason this application was created, providing an end-to-end encrypted service that is not widely available. In such an application, there would be an expectation of excellent security in general. Essential to protect personal data from damage or prying eyes.
- Key Criteria
- Proper identity and access management
- Creating weak passwords should not be possible
- Each user’s provisioned storage space and other metadata should only be accessible to them.
- Encryption keys should be generated using best practices as found in standards
- Files should be protected from ransomware attacks.
- The application infrastructure should be resistant to Denial of Service attacks.
- As much as is possible, the application code base should be free from known vulnerabilities in the CVE database
Evaluation
Reliability
| Criteria |
How it will be evaluated |
| No file corruption or loss |
To avoid malicious loss or corruption, see Security - Ransomware. For non-malicious, perform audits of the AWS set up to ensure they follow best practices in terms of data redundancy and decentralisation. |
| Reliability of syncing |
Run thorough automated tests that check to make sure syncing uses as minimal network resources as possible. Manage CPU and RAM usage of the desktop application; use software like valgrind to look for memory leaks; make sure code can pass audits related to performance. |
| Encryption reliability |
Perform dozens of automated tests of the encryption/decryption procedure, with empty, small, and large storage vaults, to ensure that the keys always work in a performant manner. Simulate the scenario where the decryption key fails or is lost, and that the recovery will successfully recover all the data. |
Scalability
| Criteria |
How it will be evaluated |
| Application-wide performance with increased loads/storage scaling |
Use Amazon CloudWatch to collect metrics such as resource utilisation, performance, and health. Then simulate period of heavy load to see the metrics, and what actions might need to be taken (for example, setting up notifications when utilisation goes beyond a certain threshold, and then subsequently setting up more storage or network infrastructure to handle the load). For more, see here |
Security
| Criteria |
How it will be evaluated |
| Weak passwords/access management |
Enforce a password policy that goes beyond the recommendations of NIST (National Institute of Standards and Technology), including checking for common passwords upon registration. If a strong policy is chosen from the outset, weak passwords will be by and large eliminated. Run automated penetration tests on the internal server that attempt to access or modify files of another user; every test should pass for software to be deployable. |
| Encryption keys |
Choose strong encryption procedure from the outset (e.g., AES, 256-bit key, XTS mode, using argon2 KDF with well-chosen cost parameters). However, as security advice changes, the procedure may need to be changed. Enforce those changes for all new registrations, and deliver notifications to users in the settings to update their encryption key to the best standards. Analyse the uptake of these changes by users and keep working to make sure it achieves a certain threshold. |
| Ransomware protection |
Write automated unit and integration tests for the file versioning part of the application. Then simulate a ransomware attack and run the tests to see how well the files can be recovered (% of files recovered, what is the most recent backup, etc.). Also, check guidelines by AWS on ransomware protection |
| Free from general vulnerabilities |
Use a vulnerability scanner like OpenVAS to look for any vulnerabilities in the code base. This will identify relevant CVEs, sorted by their CVSS rank. Prioritise fixing the most dangerous vulnerabilities. Do not deploy code if vulnerability of a certain danger threshold is found. Can also use other penetration testing tools like the Metasploit Framework for more general testing or ZAP specifically for web application testing, study the results, and make design or operational changes in response. |