7. Security and privacy

7.1. Data privacy

Unless configured to use external storage backends, none of the data stored in the Sync Appliance ever leaves the boundaries of your organization (except as the result of regular sync and sharing activities).

The Sync Appliance only connects to aeoncase.com servers for specific purposes such as retrieving updates or helping sync clients locate the server; refer to Network connectivity and outgoing connections.

7.1.1. File transfer and client-server communication

All communications between the sync clients and the Sync Appliance are encrypted using the TLS protocol. So as to prevent man-in-the-middle (MITM) attacks, the certificate used by the appliance is:

  • generated when the appliance is deployed
  • transferred securely to the client when the user enters the link code obtained via the client download page served by the embedded web server from the appliance over HTTPS – refer to Network connectivity and outgoing connections.

The connections will use strong cipher suites when supported by the client’s OpenSSL library, such as ECDHE-RSA-AES256-GCM-SHA384.

The web service is accessed via HTTPS (TLS protocol), and the server is equally configured to use strong cipher suites whenever supported by the web browser used to access it.

7.1.2. Side-channel attacks on the server

The Æoncase sync engine features source-based deduplication, which allows a sync client not to transfer a file when it is already available at the server, both speeding up syncing and decreasing bandwidth usage and system load.

The sync engine incorporates specific security measures against attacks on source-based deduplication.

Since the Sync Appliance is installed in your organization’s premises and access to it (i.e. user accounts) is tightly controlled, the scope of these attacks is greatly reduced compared to public cloud-based services.

7.1.2.1. Security settings

You can choose the deduplication strategy used for normal and guests users in the “Security” tab of the administration page, striking the balance between sync performance and security. The default settings are:

  • normal users: Always, meaning that deduplication is attempted if the file already exists in the system. This is a safe setting assuming there are no attackers within the organization.
  • guest users: Randomized, meaning that a randomized deduplication strategy is used to thwart side-channel attacks.

The deduplication strategy for guest users (or normal users if some are deemed untrustful) can be set to Never to prevent deduplication, at the cost of decreasing the performance of uploads.

Most deployment requirements will be satisfied with the default settings, but the following section explains the attacks in further detail so that the administrator can make an informed decision.

7.1.2.1.1. Technical details

Naïve client-side deduplication allows these attacks:

  1. access to file contents given their hash:

    When a small hash value is used as a proxy of the entire file, a malicious user could attempt to trick the system into giving access to such file if it was uploaded by another user.

  2. side channel attacks to learn whether a particular file exists in the system:

    By observing whether a file is transmitted or not (deduplicated at the source), a malicious user could try to figure out whether the file was already uploaded by another user.

The Sync Appliance counters these attacks with specific techniques, which take place automatically during regular sync:

  • (1) is avoided using proofs of ownership, where a sync client uploading a file already stored in the system is required to provide a proof that it indeed has the file.
  • (2) is avoided using a randomized deduplication scheme that disables source-based deduplication (and thus knowledge on whether the file exists already) until an unknown (to the attacker) number of references to the file contents exist in the system, with additional protection against timing attacks.

Note

Deduplication is safely performed when the two following conditions hold, regardless of the settings:

  1. the user uploading the file has read access to the project
  2. the data exists already in the project

When these are fulfilled, the user can already access the file anyway, so there is no harm in optimizing sync via source-based deduplication.

7.2. System security

A number of techniques are used to make the Æoncase Sync Appliance as secure as possible:

  • all public-facing services are implemented using memory-safe languages to prevent buffer overflows and similar attacks
  • all SQL queries are constructed and analyzed statically, so as to prevent SQL injection attacks
  • HTML generation in the web server is performed using typed structures validated statically so as to prevent HTML injection attacks
  • user passwords (when not using external LDAP/AD authentication) are hashed using the bcrypt key derivation function
  • updates to the Sync Appliance are performed using The Update Framework (see Updates)
  • all services are executed using the resource isolation features of the Linux kernel
  • the libraries and other dependencies used by the appliance internally are kept up-to-date via regular Sync Appliance updates

7.2.1. Attack surface

By and large, the greatest threat to the security of the system comes from the file processing performed on the data uploaded by the users.

Even though the components of the Sync Appliance are updated regularly as security fixes are released, processing images for instance represents a large attack surface. Such processing can be disabled in the Security tab from the admin page for increased security against zero-day vulnerabilities.

Since services offered by the Sync Appliance are not open to the public, the threat is limited compared to public cloud services, however.

Note

Image previews and thumbnails will not be displayed in the web service if the corresponding processing is disabled.