Uploading files to the cloud and Security

Kai Engert kaie at kuix.de
Thu Nov 24 20:30:53 UTC 2011


During MozCamp Berlin I listened to JB's presentation about TB.

He presented the idea, instead of sending large files by email, TB could 
assist the user by uploading the files to a Cloud service, and sending 
the email containing a link.

I like that idea in general, but I would like to comment from a 
security/privacy point of view, and give some additional inspiration.

Email is a point-to-point communication. Using a Cloud service adds 
another party to the communication, and could easily lead to 
unintentional publishing of information.

I believe most email used today is unencrypted. But still, unless there 
is a man-in-the-middle that is deliberately watching all your 
communication, sending a personal email usually won't result in 
automatic uploading or publishing.

Worse, if the person is actually using encrypted email (either using the 
built-in S/MIME or using an Add-On such as Enigmail), the user might 
forget about the fact that the intended attachment will travel without 
such protection.

Because of these risks, I would like to propose to combine Cloud 
uploading with some sort of automatic encryption.

Here is a proposal how it might work. On sending:
- TB automatically creates a random symmetric key
- TB encrypts the file using the key
- TB uploads encrypted file
- TB sends email that contains both an URL and the key required for 
decryption

This would retain the current point-to-point semantic of email, and the 
current level of security.
- If an email is sent in plaintext, then the protection will be 
identical to today - all receipients can find and access the file, and a 
MITM can, too
- If an email is sent using S/MIME or Enigmail encryption, then the 
password protecting the cloud file is protected in the same way

The remaining question is about the receiving side.

If the recipient uses TB, too, then TB can offer to automatically 
download from the cloud and decrypt it.

In addition, for users not using encryption, the same could be achieved 
using a Firefox Add-On for decryption.

For example, the availability of Add-Ons like 
https://addons.mozilla.org/en-US/firefox/addon/fire-encrypter/
demonstrates that having an Add-On to decrypt a file should be doable.
Receipients, not using TB, could be offered to download the file using 
their preferred way, and use Mozilla+Add-On for decrypting.

Best Regards,
Kai




More information about the tb-planning mailing list