Data privacy and security

Keep your data in your own servers with the Æoncase Sync Appliance, avoiding the security pitfalls and privacy issues from the public cloud. This page documents the techniques used to secure your Sync Appliance.

Unless configured to use external storage backends, none of the data stored in the Sync Appliance ever leaves the boundaries of your organization (except as the result of regular sync and sharing activities).

The Sync Appliance only connects to servers for specific purposes such as retrieving updates or helping sync clients locate the server.

File transfer and client-server communication

All communications between the sync clients and the Sync Appliance are encrypted using the TLS protocol. So as to prevent man-in-the-middle (MITM) attacks, the certificate used by the appliance is:

The connections will use strong cipher suites when supported by the client’s OpenSSL library, such as ECDHE-RSA-AES256-GCM-SHA384.

The web service is accessed via HTTPS (TLS protocol), and the server is equally configured to use strong cipher suites whenever supported by the web browser used to access it.

Side-channel attacks on the server

The Æoncase sync engine features source-based deduplication, which allows a sync client not to transfer a file when it is already available at the server, both speeding up syncing and decreasing bandwidth usage and system load.

Deduplication in downloads

Source-based deduplication also works in the server-to-client direction, but in real-life scenarios it's the other direction that yields the greatest savings.

The sync engine incorporates specific security measures against attacks on source-based deduplication.

Since the Sync Appliance is installed in your organization’s premises and access to it (i.e. user accounts) is tightly controlled, the scope of these attacks is greatly reduced compared to public cloud-based services.

Technical details

Naïve client-side deduplication allows these attacks:

(1) access to file contents given their hash: when a small hash value is used as a proxy of the entire file, a malicious user could attempt to trick the system into giving access to such file if it was uploaded by another user.

(2) side channel attacks to learn whether a particular file exists in the system: by observing whether a file is transmitted or not (deduplicated at the source), a malicious user could try to figure out whether the file was already uploaded by another user.

The Sync Appliance counters these attacks with specific techniques, which take place automatically during regular sync:

Deduplication is safely performed when the two following conditions hold:

  1. the user uploading the file has read access to the space
  2. the data exists already in the space

When these are fulfilled, the user can already access the file anyway, so there is no harm in optimizing sync via source-based deduplication.

System security

A number of techniques are used to make the Æoncase Sync Appliance as secure as possible:

Attack surface

By and large, the greatest threat to the security of the system comes from the file processing performed on the data uploaded by the users.

Even though the components of the Sync Appliance are updated regularly as security fixes are released, processing images for instance represents a large attack surface. Such processing can be disabled in the Security tab from the admin page for increased security against zero-day vulnerabilities.

Since services offered by the Sync Appliance are not open to the public, the threat is limited compared to public cloud services, however.