Encryption For Your ownCloud

ownCloud has been around for a while, offering a file-sharing solution to users who insist on regaining control over their data in the cloud. As an enterprise-controlled web application the user's files are stored inside the organisation and not "somewhere in the cloud". But the most important benefit for users is the ability to sync these files to all kinds of devices, from smartphones to laptops and home computers. Files are easy to access and stored securely, that's the promise.

Now with the new version of the Web Encryption Extension you can take a great step forward by locking files in the cloud using the standard encryption tool GPG with the push of a button.

Putting the user in the driving seat

WEE acts as an extension to an existing ownCloud installation that provides a button for encryption and decryption in the user interface of ownCloud, where users access their files. Naturally, the web encryption extension is open source software that uses the well established gpg program for all encryption on the server.

The web encryption extension really improves the level of control users have over their data as it is the user's own decision whether or not he encrypts a file containing sensitive information, selectively. Users can take encryption into their own hands, without the complexity to install or maintain the infrastructure.

WEE is both easy to use and easy to install, because only one core file of your ownCloud installation has to be modified, to make sure that the encrypt button appears in the user interface.

We have a detailed tutorial on installation and setup of the web encryption extension for ownCloud here.

How secure is Encryption for ownCloud?

Let's dispense with one point from the start. There is no absolute security, not on the server and neither on the local computer.

A malicious system administrator will always be able to intercept your passphrase that protects your secret or private key on the server. There is no protection against someone who can log in as root on the server.

Many come to the conclusion that the only safe solution is to store their keys on a local computer that is entirely under their control. While there is nothing wrong with this decision, for most ordinary users client-side encryption is still too complex and so they end up with no encryption at all, permanently.

If the alternative is not to use encryption at all, server-side encryption really matters, but it requires that the server is administered properly by trustworthy personnel that know what they are doing and take trouble to make the server as secure as possible.

Let's assume that the server administrator is such a trustworthy person. Then there is still a different kind of threat lurking around.

Web applications like ownCloud make files accessible via a web server process, so files have to be stored in a place where the web server user (apache) can read them. The fact that Paul's files won't be served to Jimmy relies on the web application's correctness entirely. But even if the ownCloud software is free of errors, any bug in some other program running simultaneously on the web server can expose the content of files stored with web server access permissions.

Why, because these files are not encrypted.

At this point even running ownCloud on top of an encrypted filesystem won't help. Let me tell you why any automatic "transparent" encryption in the background invisible to the user will (roughly) get you into the same trouble. Because any of these transparent encryption mechanisms need to store the encryption key somewhere on the server in plain text. This is necessary to enable some server process to use it. If the key is stored on the server in a way that the web server can use it, there's the risk of exposure by some malfunction in a number of other web server applications. Very few servers are running ownCloud and nothing else.

The main reason why the web encryption extension may help here is that the secret necessary to decrypt a file will never be stored on the server. The user's private key can be used for decryption only when the user's passphrase is entered via a HTTPS connection to the server.

One can argue that the malicious system administrator can read the passphrase after it has arrived securely at the server. Yes, I know, but our own sysadmin is trustworthy, remember?

All in all, the encryption extension offers much more control for ownCloud users and better protection of their data, although they need to rely on their server admin's professionalism.

The bigger picture

As you know the server is only one part of a bigger picture.

People love ownCloud because it helps "to put the right files at their employees' fingertips on any device". Syncing files is fine, it keeps all the files on different devices in the same state, so that you can enjoy the fruits of your labour wherever you are. But syncing also makes sensitive files available on multiple devices that sometimes have very different levels of security.

Is it easier to steal a plain text file from your smartphone or from your server that is well looked after?

The advantages of being able to encrypt a file if need arises are obvious. Encrypted files are safe even if they are synced to unsafe devices periodically. The secret passphrase needed for decryption is not stored, not on the server and not on the mobile device either. Decryption requires the secure transmission of a secret information via HTTPS to the server. And this secret is in the possession of the user. All decryption is done on the server and only when the plain text result is stored, it will be synced to the other devices.

Even if you cannot protect your files against the owner of your ownCloud, you can do a lot to make sure that your user's files don't fall into the wrong hands by using the Web Encryption Extension for ownCloud.

posted on April 18th 2013