Jump to content

Coming Soon! Arkham Storage is a new end-to-end encrypted cloud storage platform


steven36

Recommended Posts

Arkham provides an increased level of security and privacy while not compromising ease of use. This blog post briefly outlines some of the more technical features that make this possible.

 

original-c283947fc40745dd99282fa382e0d74

End-to-end Encryption

What is it and why should I care? Well, end-to-end encryption means that your files are encrypted before they leave your devices and are not decrypted until downloaded on your devices. Some storage providers claim to encrypt your information in transit and on disk, but this does not mean that they don’t have access to your information.

In order to fully protect your information, your files need to be encrypted before they leave your device. Arkham does just that. User files are encrypted using AES 256-bit symmetric key encryption before being uploaded and each file uses a different key generated with a pseudorandom number generator (PRNG).

Not only are user files encrypted end-to-end, but API requests and responses are encrypted as well. Each API request made by the client is signed and encrypted before being sent to our servers by utilizing fully hashed Menezes-Qu-Vanstone (FHMQV). Arkham servers then decrypt and verify each request as well as perform the same actions on the response. This allows for every request and response made to and from the desktop client to be authenticated and provides for additional security on top of the TLS 1.3 connection. This increased level of security is well beyond many of the cloud storage providers’ capabilities who prioritize convenience over the protection of your information.

Zero-Knowledge

How is my data protected? Your personal information never touches our servers. Period. This includes your password, your answers to security questions and even your email address.

Your password is secured before it leaves your device instead of sending it in plain text. Many web applications send user passwords in plain text at both sign up and for login. Arkham does neither. Additionally, when you log in, the client requests a pseudorandom login challenge which is used alongside your password to validate your identity. In simple terms, this means your authentication request is never sent the same way twice.

Answers to security questions are also secured before they are sent from the client via the hashing algorithm scrypt. Lastly, user emails are maintained by our payment processor and are not stored alongside the uploaded files or even the user account metadata.

Anonymity

How much information about my identity does Arkham store? Due to how Arkham handles your personal information, we cannot discover your identity or correlate files to your offline identity. This is by design. We cannot ultimately provide security without also providing anonymity.

Unlike many of the major cloud storage providers, Arkham seeks to know as little about you as absolutely possible. The Arkham client has been painstakingly designed with your privacy in mind at all times. To us, your identity is no more than a random set of alpha-numeric digits.

Key Management

How are my encryption keys secured? Arkham utilizes a patented and novel technology called Secure Regenerated Keying (SRK). SRK is an encryption technology which allows for the use of symmetric key encryption while simultaneously securing the symmetric key via public-key cryptography.

For example, when a user needs to encrypt a file (or an API request), an AES 256-bit symmetric key is generated using a PRNG. Then the user’s asymmetric encryption keys are used in conjunction with the symmetric key to produce a set of numbers called reference numbers. These reference numbers are stored alongside a file’s metadata (such as it’s encrypted name, HMAC, etc.). When the user needs to decrypt a file, these reference numbers are used with their public-private key pair to regenerate the symmetric key used during the encryption. This same key is then used to decrypt the file.

SRK thus provides a mechanism to encrypt and decrypt data using AES-256 without needing to store the actual symmetric key. Each key is first generated and then regenerated each time it is needed before being deleted from memory. This helps to minimize the attack surface on the file’s encryption key by providing a more ephemeral key management solution.

As a side note, SRK has been granted the level 1 FIPS 140-2 certification.

File Sharing

File sharing is scheduled to be included in a later version of Arkham. Here’s a short of the features we plan to include:

  • Granular and revocable permissions
  • Broadcasting - encrypt once for multiple recipients
  • Automated uploads for directories being watched
  • Bi-directional authentication
  • And much more…

If you have any questions or feedback, feel free to hit us up on Twitter @ArkhamStorage.

 

4 GB Storage  for free  optional  to buy more
 

https://blog.arkham.io/post/TechnicalFeatures/

https://arkham.io/

 

Link to comment
Share on other sites


  • Views 830
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...