Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Transcription

1

2 Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe. Data in Cryptelo is immediately available to your colleagues and the entire team can store files in one place, so there is no longer a need to keep different versions of one file. Easily upload and share files, directories, and sections of the directory structure. No one except authorized users (including the creators) are able to access data. Each Cryptelo user has their own hidden private space that neither the owner nor the administrator can see. Even the very existence of communication between specific users is concealed. However, only the Cryptelo Drive owner can determine who has access to the system. The Cryptelo system is completely designed and developed by our company. Cloud and Server Cryptelo Drive can be used as a cloud service or as a specially designed server. oth options guarantee identical levels of data encryption. The Cryptelo server can be installed on your own hardware and be placed in your home or office, giving you full control over where your data is physically located. Thanks to precise designed cryptographic solutions, data cannot be decrypted even if someone physically gets into the server (whether it s a hacker, an administrator or an owner of Cryptelo Drive). Everyday Encryption Data security can be ensured through a variety of sophisticated methods, but a heavy demand is placed on the user s knowledge and discipline. Cryptelo Drive uses the most reliably tested existing encryption algorithms. Made for everyday business use, Cryptelo has been designed to be intuitive, extremely comfortable to work with and instantly accessible to regular employees and external contractors. External workers cannot connect to the corporate LAN network, and therefore cannot compromise the entire network. Connected from everywhere There is no need to install special applications in order to work with Cryptelo Drive. Thanks to this, you re able to instantly access your data from any device - laptops, tablets, mobile phones. Cryptelo Drive is a web application, so all you need is a web browser (Chrome, Mozilla Firefox, Internet Explorer 11) for your data to always be available to you. Cryptelo completely protects your data Cryptelo Drive protects the data itself during transmission between devices. A Cryptelo user, unlike users of other cloud services, does not have to rely on a third party when transferring data to and from the server, ensuring security. There is no need to protect the connection channel or depend on the physical protection of the Cryptelo server itself. Data is encrypted and decrypted only by the end users. The entire time they are transmitted via Internet or are in the cloud, everything is always encrypted. Therefore, with respect to its protection, it s irrelevant where it s located and in what way it is transmitted. Absolutely reliable Cryptelo Drive protection Data transmitted to the server Data sharing (both files and directory structure) Without Cryptelo protection Devices that work with data in an unencrypted form Decrypted data on client devices after they leave Cryptelo User security (anonymous user, file and directory names User privacy (no one except the user can see their own data) 2 Cryptelo Drive

3 Comprehensive security of your data and communication is only ensured in combination with other Cryptelo data protection products you are working with. For more information and recommendations, visit our website /security Encryption We guarantee safety, we don t promise it reaking our encryption algorithm is harder than finding one specific atom in the galaxy. How do we know? Cryptelo is based on proven algorithms that can t be broken other than through guessing an encryption key. The probability of locating the exact key by way of trying every possibility is 1 : ( 1 : 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,66 5,640,564,039,457,584,007,913,129,639,936 ). Each file encrypted using Cryptelo is given a unique randomly generated key. Even if an attacker manages to crack an encrypted key for one file, this does not automatically give him access to other data. Unique cryptografic design and precise implementation Unique cryptographic design by Vlastimil Klíma, one of the world s foremost cryptologists. Klíma led a successful attack on the MD5 algorithm, the SSL Protocol and OpenPGP. Precise implementation by experienced SW developers - developers of the worlds best browser based encryption. Constructing a quality system based on cryptographic design is an integral part of having a reliable solution. Most attacks on security systems are not directed at the cryptographic concept, but on its implementation. We recognize that reliability and credibility is very important to our clients. Implementation of reliable filesystem is hard. Implementation of reliable filesystem with strong cryptographic properties is almost impossible. To ensure data in Cryptelo are really safe, not lost nor compromised, we use several strategies: standard unit tests randomized tests and cross-tests between different implementation and different platforms to ensure, that what you encrypt you can also decrypt anywhere simulation testing of random end-to-end scenarios performance tests and load tests penetration tests and code review by independent 3rd party Top Secret Security Level Through the use of applied cryptography methods, Cryptelo solves the problem of how to ensure the transmission and storage of sensitive data is under all circumstances accessible onlyto authorized personnel. According to the NSA classification system, Cryptelo meets their top secret security level criteria, a level of security used by armies and governments to protect their most critical data. 3 Cryptelo Drive

4 Algorithm Function Specification Parameters Advanced Encryption Standard (AES) Encryption FIPS Pub bit keys for SECRET 256 bit keys for TOP SECRET Elliptic Curve Diffie-Hellman (ECDH) Key Exchange NIST SP A Curve P-256 for SECRET Curve P-384 for TOP SECRET Elliptic Curve Digital Signature Algorithm (ECDSA) Digital Signature FIPS Pub Curve P-256 for SECRET Curve P-384 for TOP SECRET Secure Hash Algorithm (SHA) Hashing FIPS Pub SHA-256 for SECRET SHA-384 for TOP SECRET Encryption method Cryptelo is based on a combination of symmetric and asymmetric encryption. Its asymmetric encryption uses elliptical curves, making it possible to use shorter keys and achieve much higher levels of security than in comparison to RSA. Symmetric encryption One key is used to both encrypt and decrypt the data Asymmetric encryption Different keys are used to encrypt and decrypt the data AES-256 Elliptical curve P-384 How Cryptelo Drive works External keychain token In order to store keys and user authentication, Cryptelo Drive uses an external token - the Cryptelo ID application either on a mobile telephone or a US flash disk. Logging into Cryptelo Drive The Cryptelo ID application replaces a traditional password when logging into Cryptelo Drive, securely verifying that it s you who is working with your encrypted files. Data stored in the Cryptelo ID application is encrypted with a strong user password (so-called master password ). Security is enhanced through a combination of passwords and salt - a random string of characters - practically eliminating the possibility of an effective brute force attack. 4 Cryptelo Drive

5 Key storage The key storage on the mobile phone (external token) is physically separated divided from the storage of encrypted data in the Cryptelo Drive application. Encrypted files can be shared by sending keys from a keychain sender to a keychain recipient, even when some of the recipients are offline, it is possible to transfer keys offline using the Cryptelo server. The keys are naturally encrypted throughout the entire transmission. A1 A2 Client side key generation When encrypting a file, the key is always generated outside the server and on the end user s device. The key is randomly generated directly in a web browser with a secure randomly generated number. Even in the event that an attacker gains physical access to the server, the keys under which the data is encrypted cannot be obtained. The file is encrypted directly within the user s computer. Keys to encrypted files are sent to keychains in the Cryptelo ID application and encrypted files are sent to the server. C - Cryptelo Drive web application C A One-time password for each login When accessing Cryptelo, unique one-time passwords are generated for every login. oth the web application Cryptelo Drive and the mobile application Cryptelo ID use the Diffie-Hellman algorithm to create an encrypted channel that facilitates the transfer of passwords. This prevents passwords from being stolen during transfer. Even if the applications communication is intercepted by an attacker, the attacker is not able to reconstruct the key using the acquired information. Irrespective of the disclosure of a password, the uniqueness of the login password keeps it from being exploited as it is no longer valid for any subsequent login attempts. An encrypted channel between the web application Cryptelo Drive and mobile application Cryptelo ID is created using the Diffie-Hellman algorithm. C A The encrypted channel is used to secure user authentication - secure login to Cryptelo Drive. C - Cryptelo Drive web application 5 Cryptelo Drive

6 Secure file sharing the biggest challenge The biggest challenge in terms of cryptography is ensuring the security of files, or more precisely, of keys to an encrypted file as they are being transmitted to another person. Through the eyes of an ordinary Cryptelo user, the process of sharing is not that interesting - a user uploads a file and adds other users to share the file with. The intended co-workers will then have instant access to the file. Internally, however, sharing is a complex process of transfering data and keys. What happens when sharing files between users? What happens inside Cryptelo? The file is encrypted using the Cryptelo Drive web application and is stored on the Cryptelo server, while the file key is saved to Cryptelo ID The file key is transferred to the Cryptelo ID recipient If the Cryptelo ID recipient is offline, the key is transmitted when the user reconnects The file will only be made available to the specified recipient What we see from the outside? Communication with the server can be detected (data stream) Detection of the type of data being sent to the server is not possible It s impossible for the names of files, directories, or directory structure to be revealed Identifyication of those communicating (sharing data) is not possible If the recipient accepts the shared file, the encrypted file will be downloaded from the Cryptelo server along with the key from Cryptelo ID. The file decryption occurs in the recipients web applicaiton Only authorized recipients can download an encrypted file from the server and open it on their computer using a key sent to their keychain. C - Cryptelo Drive web application A C 6 Cryptelo Drive

7 Cryptelo Drive users User s anonymity No unauthorised individuals are able to access information concerning the data s content, including their creators and those whom the data has been shared with. Cryptelo provides each user with their own undetectable private space which cannot be viewed by anyone else. Even the very existence of communication between specific users is concealed. Private space Neither the administrators nor the owners of Cryptelo have access to the encrypted data of its users. The cryptographic design takes into account the fact that both of them could be potential attackers. Thereby, they cannot give the data to anyone, nor are they not responsible for the data s content - the architecture of the system does not allow it. If even the administrator and the owner of the system are considered potential attackers, than what chance do attackers have via the internet? Owner as initiator The product owner is the one who activates Cryptelo Drive Once the system is activated, new keys are generated to encrypt the drive. User management The owner determines the administrator (assuming it is someone besides themself) who will have the right to authorize users to work within Cryptelo. The administrator also addresses situations where the number of users has been exceeded. New users can create user accounts in Cryptelo ID on the basis of an invitation from the owner. In order to authorize a new user account, the help of the Diffie-Hellman algorithm is used to veryify the authenticity of their identity. Internal users have the ability to add external users temporarily for more efficient cooperation. Who is Cryptelo for? Companies with sensitive personal data in the fields of law, finance and insurance, human resources and health Firms with valuable knowledge in the fields of construction, engineering, chemistry and pharmacy, research, development, and inovation Government and military - state entities which require credible data protection For anyone who wants secure corporate data and communication with the maximum level of security. Contact us CZ iwant@cryptelo.com Cryptelo s.r.o. Pod Hájkem 406/1a Praha Czech Republic Cryptelo April Cryptelo Drive