CLOUD BACKUP SECURITY
ThinkBackup Offsite Backup Server –
“Secure, Robust and Reliable”
Secure 128-bit SSL communication
All communications between ThinkBackup Backup Server and your
computer are transported in a 128-bit SSL (Secure Socket Layer) channel.
Although all your backup files travel through a public network (internet),
eavesdroppers have no knowledge of what has been exchanged.
Backup data are securely encrypted
All of your files are first zipped and encrypted with your defined encrypting
key before they are sent to ThinkBackup backup server. To all people but
you, your files stored on ThinkBackup backup server are no more than
some garbage files with random content.
Encrypting key are well protected
The encrypting key used to encrypt your files resides only on your
computer and is known only to you. Thus, even the system administrators
will not be able to decrypt and view the content of your files stored on the
backup server without your permission. This unfortunately means if the
encrypting key is lost, you will never be able to recover your backup files.
Technical Details
The encrypting key for the different backup sets are stored the config.sys
file, which is encoded by a proprietary algorithm:
(Windows) %USERPROFILE%.obmconfigconfig.sys (Linux)
~/.obm/config/config.sys (Mac OS X) ~/.obm/config/config.sys
If client software cannot locate the config.sys (due to accidental deletion or
logon to a new machine with the same account), it will prompt the user to
re-enter the encrypting key for the backup set and then store it in the local
config.sys.
Best encryption algorithm is used
Currently, the algorithm that we are using to encrypt your files is Advanced
Encryption Standard (AES), with 256-bit block ciphers. It is adapted from a
larger collection originally published as Rijndael. AES is the first publicly
accessible and open cipher approved by the National Security Agency
(NSA) of USA for top secret information.
Require 1.46 x 1054 years to crack the 256-bit
encryption
A 256-bit key size has 2256 or around 1.16 x 1077 possible combination.
Even if you have the world best super computer, Tianhe-1A, with 14,336
Xeon X5670 (6 Core, 2.93GHz) processors developed by the Chinese
National University of Defense Technology as of October 2010, it would
take 1.46 x 1054 years to test all combinations. Assuming you have the
super computer, Tianhe-1A which totals a capability of 2.507 petaflops
(quadrillion of operations/second), available to you. Also it just needs one
computer operation to test a possible combination (which is already faster
than what it can do). To use brute force attack (checking all combinations)
on this encryption algorithm, it would take:
1.16 x 1077
————– seconds ~ 4.621 x 1061sec 2.507 x 1015
i.e. 1.46 x 1054 years
to successfully try all combinations. Let alone Tianhe-1A cannot process
as fast as what described here. You can be sure that your data stored on
our server is 100% secured.
Restrict access to data by IP addresses
You can also restrict access to your backup files from the set of IP
addresses you defined. If someone tries to access your data from an IP
address not on your defined list, their access will be denied. This additional
security ensures backup files are not open to all location, even username
and password are known.