-
Notifications
You must be signed in to change notification settings - Fork 4
Technical Details
We shorten 'Encrypted Remote File System' to 'ERFS' (pronounced Örfz) throughout this documentation.
THC provides a free server to test and use ERFSz.
ERFS-CLIENT is available here: https://github.com/hackerschoice/erfs-client.
ERFS-CLIENT is an easy-to-use, easy-to-setup, no-headache secure file system with the encrypted data being stored on a remote server/cloud and inaccessible to a rogue server operator.
- Multi platform support (at least Linux & MacOS).
- Collaboration and the ability to (easily) access the ERFS by multiple users at the same time.
- No Public Key Infrastructure. Everything to work by 'Deterministic Key Derivation'.
- Data to remain secure even if the server is compromised.
- Simple: '1 command' to set up and access an ERFS.
- Use existing tools and applications without any new development (beside a bash script).
- Ad-Hoc/dynamic growth. No need to specify the max size of the ERFS during setup.
ERFS-CLIENT makes use of two existing tools: EncFS and SSHFS. Firstly a SSHFS file system is mounted from a remote server and then EncFS is used to create an encrypted file system on top of the remotely mounted SSHFS file system.
Mounting remote file system is already possible by using SSHFS. SSHFS is an application that utilises FuSE over SSH. FuSE is a novel new feature of most OS that allow Users (without root/superuser privileges) to mount a file system and redirect all I/O operations to an application. SSHFS makes use of this new feature and handles all I/O requests. SSHFS then uses the existing SFTP (SSH) technology to forward the I/O requests to a remote server running OpenSSH.
SSHFS on its own is not sufficient. SSHFS encrypted the data in transit only and the data is decrypted on the server side. It would allow a rogue server operator to access the data.
EncFS is a free FUSE-based cryptographic filesystem. It supports 'ad-hoc' growth and does not require a pre-set size.
The control flow of any access is: Userland(ls) -> Kernel(Fuse) -> Userland(EncFS) -> Kernel(Fuse) -> Userland(SSHFS) -> Network(SSH).
Please note that SSHFS is only used as a convenient transport mechanism to push the data to the server. Any clear-text protocol could be used instead without compromising the data-confidentiality (which is provided by EncFS). Thus SSHFS (unnecessarily) adds a second layer of data encrypted (transport).
THC-RFS uses Deterministic Key Derivation (like Bitcoin does) to remove the need for certificates or a Public Key Infrastructure. A Master-Key (SHARE-SECRET) is generated on the User's computer for a new ERFS. ERFS-CLIENT then uses the Master-Key to derive the EncFS password and SSHFS-keys. This means that only the SHARE-SECRET is needed to access the ERFS. This feature allows multiple users to access the same share without having to share any ssh-keys or encryption keys beside the SHARE-SECRET.
$ erfs init
Server: Creating a new ERFS....
--> You MUST remember this SHARE-SECRET. Access to the data is lost <--
--> *FOREVER* if the SHARE-SECRET is lost. KEEP IT SAFE. <--
##############################################
## ##
## SHARE-SECRET: aDe5F2ik3x35x7pfAEAWdC5Y ##
## ##
##############################################
The server is running in a docker container to allow rapid deployment.
Each share is generated under its own Linux User (created on the fly). The encrypted data is stored in a chroot()-ed directory (different chroot-directory for each user/share).
The server side implementation is open source (for anyone to review): https://github.com/hackerschoice/docker-erfs-server.
Please refer to the GitHub project to run your own server.
Generates a SHARE-SECRET and derives ssh-password, ssh-username, EncFS-password and fs-id. Connects to the server and instruct the server to create a new SSHFS file system with a new user and password.
The client derives the credentials from the SHARE-SECRET and mounts the remote file system via SSHFS. The client then uses EncFS to start the encryption on the mounted file system.
**Two users using the same SHARE-SECRET when using the 'thc-rfs mount' command will both mount and access the same ERFS simultaneously. **
There are some publicly discussed security concerns in regards to EncFS. In summary those are:
- A rogue server operator can observe how many files a user creates and the size of each file.
- A rogue server operator can delete your data (for example by destroying the server).
None of these security concerns are relevant to us. ERFS-CLIENT's focus is on data confidentiality and a rogue server operator can not decrypt the data. EncFS in this respect is as secure as any other encrypted file system.