I was asked by a customer to provide a solution for the following scenario:
- Protect files on a laptop or desktop against unauthorized access
- Secure Online Backup
- Secure file sharing over the internet
- Secure file editing from mobile devices
While this is not overly complicated, there are a couple of things that need to be considered. In the following I will explain the concept, and as always I will keep it as simple as possible. This is not a detailed guide how to actually implement the system. Instead, I want to provide a better understanding how it basically works.
If you are interested in more details, or if you would like us to implement such system for you, kindly contact us.
1. Protect files on your computer
There are several ways how files on a computer can be protected against unauthorized access. One very effective protection is achieved by a combination of
- Strong Encryption
- Strong Password
“Encryption” means that the content of a file is modified in way that makes it impossible for anyone to read it. The only way to gain access to that file is by “de-crypting” it. Additionally, a password is needed.
Such protection is important in order to keep your information secret in case a computer gets lost or stolen, or even just to avoid that other people who work on the same computer can access the files.
This way of encrypting data can be compared to a safe which requires both a key and a pin code to be locked and unlocked:
Since the objective is to backup individual files to the internet (and share and synchronize them), we can’t have just one single safe where all files are put. Instead, every file is protected individually, which means that for every file, its own safe is created. Obviously, it would be very tedious if you had to provide a password every time you want to access a file, for example a Word document. Fortunately, it works much simpler. We just need a program that asks once for the password and the key, and then uses this information to encrypt and decrypt a file every time it is being accessed.
For this purpose, we recommend a program called Boxcryptor. The following chart illustrates how Boxcryptor just needs key and password once, and then re-uses this information every time a file is being accessed.
BoxCryptor will show a new hard drive (the same way you see a new drive when you plug in a USB stick into your computer), for example drive X:. You will then only work on drive X:, all encryption and decryption is being done in the background, without you even noticing it.
Please note that “drive X:” is not a real physical drive (like drive C:). It is only used by Boxcryptor to show the unprotected (decrypted) files. When a file is being opened from drive X:, Boxcryptor automatically opens the file from the protected drive C: and makes it accessible by showing it on drive X:. When saving a file on drive X:, Boxcryptor encrypts (protects) the file immediately, and saves it on drive C:.
In other words, files are always protected, even while you work on them. Files are never saved unprotected on the hard drive. When Boxcryptor is closed, it is impossible to access any of the protected files.
2. Online Backup
In general, a solid backup strategy needs to make sure that you have a copy of your files in case you accidentally deleted a file, or even worse, if your computer gets lost, stolen, or it crashes. Backups don’t necessarily have to stored online, they can be created for example on external hard drives, but there are a few risks and disadvantages to consider.
- Somebody who steals your computer might as well steal the backup drive
- In case of fire (or any other disaster), both computer and backup might be destroyed
- Backups should be done in realtime, or at least once day, which requires the backup drive to be connected to the computer
These problems can be solved by storing backups online in the cloud. There are of course security and privacy concerns that need to be addressed. The biggest concern is usually information privacy. You want (and should!) keep your files (and the information in them) private.
There are many hosting companies out there, and they may (or may not) do their best to keep any intruders away. But whatever measures they take, it is simply not possible to protect any 100 % against intrusion. There is always a risk that somebody might break into their system, gaining access to all files. Be careful even when they promise that they store your files on an encrypted drive. When they are able to EN-crypt the, then they are also able to DE-crypt them, which would put your files at risk.
Actually, that is not really a problem. In step 1 we learned how files can be protected against unwanted access from other people by encrypting the files yourself, and additionally protecting them with a password. Since it is literally impossible to read such files, it is safe to store them online. Even if an attacker would gain access to the files, they would be totally useless. As shown before, in order to make those files readable again, both
- key file
are needed. The “key file” is a special text file that is needed to decrypt the files, just the way a key is needed in the above example to open the safe.
This means, even if a potential hacker would gain physical access to your files, it would be impossible to read them. You may have heard of so called “brute force attacks”, which means that the attacker simply tries out a huge number of different passwords. Even in the very unlikely event that the attacker would guess the correct password, this would not provide access, because without the “key file” it is impossible to unlock a protected file.
For these (and many more) reasons, we do recommend to backup files online in the cloud, but ONLY if the uploaded files are encrypted and password protected as described above.
There are many companies offering online storage, our preference is “Livedrive” for the amazing features they are offering.
The chart below shows how the system we described so far works. In a nutshell, only protected files are stored on the computer, and only protected files are sent to online storage.
Livedrive’s backup feature basically works like a mirror. Files stored on the computer are always uploaded to the Online Backup. If a file is being deleted on the computer, it will be kept for 30 days in the Online Backup. This means if you accidentally delete a file, you have 30 days to retrieve that file from the Online Backup, before it will be removed.
One particularly interesting feature of Lifedrive is its “Versioning”. Let’s say you create a new Word document, then you save this file, and it is being uploaded immediately to the Online Backup. Then, later you open the same document, you delete some text in it, and you save it again. The file is now again being uploaded to the Online Backup. However, in the Online Backup the initial file will not be overwritten. Instead, the modified file is saved as a different version of the same file.
This means if you later notice that you deleted the wrong part of your text, there’s no need to reason to panic. From the online storage, you can simply download an earlier version of that file that still contains the text you deleted at a later point.
Livedrive keeps the last 30 versions of every file, which can be an amazing “life saver”. Obviously this feature might require a lot of backup space (up to 30 times the size of all your files), but this is no concern because there is no limit to the backup space they offer.
Last but not least, Livedrive Online Backup allows to share files with others. File sharing only makes sense when the others are able to read the files. The topic of this post is how to make a SECURE online backup, that’s why we are only looking at protected files. However, you could of course also store unprotected files, e. g. photos, and then share those files with others with a few simple mouse clicks.
In a nutshell, these are the features they offer:
- Unlimited online storage space
- Keeping last 30 versions of every file
- Keeping deleted files available for 30 days
- File sharing
Of course also protected files can be shared, and even synchronized between different devices, but this requires some additional preparation. Keep reading, that’s our next topic.
3. File Sharing
“File Sharing” means that two or more people (or devices) have access to one and the same file. Sending a photo or a text document to somebody (for example by email) is not considered file sharing, because now there are several copies (versions) of that file, and changes made to one copy have no impact on the original file. When sharing a file, you give others access to this particular file. This way you can make sure that everybody always sees the same file. If text is added to a shared text file, then everybody will see the additional text.
In our scenario, the target is to share the encrypted files with a mobile phone. In order to achieve this, on the mobile phone an application is needed which is able to access the online files. Since the online files are encrypted, the application needs to be able to decrypt them. As stated before, files can only be decrypted if the password is known and the “key file” is present. Therefore, the mobile phone should use the same application that what used to decrypt the files, using the same key file and the same password.
“File sharing” usually means to allow others to read files. However, our target is to even make changes to files directly from mobile phone. This is called “File Synchronization”, and in the next chapter I will explain how to do this.
4. Editing Files From Mobile Devices
As stated before, on the mobile phone it should not only be possible to read the files, it also has to allow to
In order to achieve this an application is needed that synchronizes files between different devices. Livedrive offers a tool which allows exactly that: Briefcase.
The Livedrive Briefcase becomes the pivot point, any file change made on one of the devices will be synchronized with Briefcase first. Then, Briefcase will be synchronized with all other devices. This way, all connected devices will always show the same content.
4.1 Synchronization between Computer and Briefcase
There are several ways how a computer and Briefcase can be synchronized. Livedrive offers a software which creates a new drive L: on your computer, which will be synchronized with the online Briefcase. However, for our scenario this turns out to be somehow cumbersome and confusing. I won’t go much into details, because there is another way how local files on a computer can be synchronized with Briefcase: Briefcase can be accessed via FTP (“File Transfer Protocol”). If you are not familiar with “FTP”, don’t worry too much about it. All you actually need to know is that FTP allows to exchange files between computers. All you need is to install an FTP program (“client”) on your computer, which then connects to the online Briefcase.
There are plenty of such FTP programs available, some for free, some need to be purchased. At the end, it boils down to personal preferences.
Our first choice is BestSync, which offers both free and paid licenses. The free license does not allow for FTP synchronization, so at least the “Basic License” (USD 12.95) is needed. Given the amazing features of this program, we consider this a fair price.
Another option could be GoodSync, they also offer both paid and limited free versions.
But there are many more options, a simple Google search will provide plenty of results.
4.2 Synchronization between Mobile Phone and Briefcase
With a mobile phone, synchronization works slightly differently, due to common limitations:
- Limited storage space on the phone
- Limited data bandwith
Usually not all files are needed permanently on the phone. Access to all files should be possible, but only when needed. Therefore, we will only download a file to the mobile phone when it is actually needed. And that is another reason why we recommend the use of Boxcryptor. Boxcryptor’s mobile app allows direct access to the Livedrive Briefcase.
In the briefcase, all files are encrypted. However, Boxcryptor’s application will present all files and directories in a readable way, once you provided the password.
As shown before in Illustration 1 and 2, two things are needed in order to make the file readable:
- Key File
The password will be typed in by the user, but what about the key file? That’s again where Boxcryptors “magic” comes in: It takes the key file from your online account and stores it on the mobile phone. Only then – with both password and key file provided – access to the protected files on the Livedrive Briefcase it possible, as shown in the following Illustration 5.
We achieved our goal: Files are protected on local devices and at the online storage. Yet, they can be shared and synchronized over the internet.
This is a very safe and secure environment. As always in life, there are additional security measures that could be taken.
On your phone, you could (and should!)
- Use a password to access the phone
- Encrypt the entire phone
- Put an additional password protection on certain apps, e. g. for Boxcryptor
- Remotely track or even wipe your phone in case it gets stolen
On your computer, you could consider creating an additional encrypted drive, where all the encrypted Boxcryptor files are stored. This would provide ultimate security, and the program you want to use is TrueCrypt.
Truecrypt would significantly increase the security on your computer. It not only adds another encryption layer, but it would make files on your computer literally invisible. If somebody would try to investigate your computer, they would not even see the encrypted files.
It is beyond the scope of this post, but if ultimate security and privacy for a desktop or laptop computer is your target, then TrueCrypt is the way to go.
I hope I could show that privacy and security are possible even over a non-secure internet.
If you have any question, or remarks, kindly post them below, or contact us directly.