Cloud Backup Security | Precept IT

  • Home
  • Cloud Backup Security

CLOUD BACKUP SECURITY

ThinkBackup Offsite Backup Server – “Secure, Robust and Reliable”  Secure 128-bit SSL communication

All communications between ThinkBackup Backup Server and your computer are transported in a 128-bit SSL (Secure Socket Layer) channel.

Although all your backup files travel through a public network (internet), eavesdroppers have no knowledge of what has been exchanged.

Backup data are securely encrypted

All of your files are first zipped and encrypted with your defined encrypting key before they are sent to ThinkBackup backup server. To all people but you, your files stored on ThinkBackup backup server are no more than some garbage files with random content.

Encrypting key are well protected

The encrypting key used to encrypt your files resides only on your computer and is known only to you. Thus, even the system administrators will not be able to decrypt and view the content of your files stored on the backup server without your permission. This unfortunately means if the encrypting key is lost, you will never be able to recover your backup files.

Technical Details

The encrypting key for the different backup sets are stored the config.sys file, which is encoded by a proprietary algorithm:

(Windows) %USERPROFILE%.obmconfigconfig.sys (Linux)

~/.obm/config/config.sys (Mac OS X) ~/.obm/config/config.sys

If client software cannot locate the config.sys (due to accidental deletion or login to a new machine with the same account), it will prompt the user to re-enter the encrypting key for the backup set and then store it in the local config.sys.

Best encryption algorithm is used

Currently, the algorithm that we are using to encrypt your files is Advanced Encryption Standard (AES), with 256-bit block ciphers. It is adapted from a larger collection originally published as Rijndael. AES is the first publicly accessible and open cipher approved by the National Security Agency (NSA) of USA for top secret information.

Require 1.46 x 1054 years to crack the 256-bit encryption

A 256-bit key size has 2256 or around 1.16 x 1077 possible combination.

Even if you have the world best super computer, Tianhe-1A, with 14,336 Xeon X5670 (6 Core, 2.93GHz) processors developed by the Chinese National University of Defence Technology as of October 2010, it would take 1.46 x 1054 years to test all combinations. Assuming you have the super computer, Tianhe-1A which totals a capability of 2.507 petaflops (quadrillion of operations/second), available to you. Also it just needs one computer operation to test a possible combination (which is already faster than what it can do). To use brute force attack (checking all combinations) on this encryption algorithm, it would take:

1.16 x 1077

————– seconds ~ 4.621 x 1061sec 2.507 x 1015

i.e. 1.46 x 1054 years to successfully try all combinations. Let alone Tianhe-1A cannot process as fast as what described here. You can be sure that your data stored on our server is 100% secured.

Restrict access to data by IP addresses

You can also restrict access to your backup files from the set of IP addresses you defined. If someone tries to access your data from an IP address not on your defined list, their access will be denied. This additional security ensures backup files are not open to all location, even username and password are known.