Bdrive — An advanced security solution - explained simply
Security is becoming more and more critical when it comes to file sharing and storage solutions, especially when confidential information is involved.
To illustrate how we are enabling advanced security, we will be describing the encryption mechanism we use to provide you with true peace of mind.
bdrive not only uses state-of-the-art communication security standards, but it also implements its own security protocol enabling maximum confidentiality between the sender and receiver of a file.
End-to-End Encryption in short
Each device using bdrive generates an asymmetric key pair. It consists of a public and private key. In short, data encrypted with a public key can only be decrypted with the corresponding private key.
On upload of a file a new random symmetric key, called file key, is used. This file key is generated with a key length of 256 bit and is used to encrypt the file. The encrypted file is finally fragmented and uploaded to multiple cloud storages.
The receiver can download the fragments and compose the encrypted file. But the receiver also needs the file key. Thus, the sender actually encrypts the file key with the public key of the receiver, and uploads this key to the bdrive server. The receiver downloads the encrypted file key and can decrypt it with his private key, which never leaves his device. Now the receiver can decrypt the encrypted file using the decrypted file key.
This means it is a process of two parts: file encryption and file key exchange. For more details, check out our security whitepaper and dive into the underlying security mechanisms.
In the context of this article we would like to introduce you to two cornerstones of the file encryption, the key length and entropy that make bdrive as secure as possible.
Key length for file encryption
One of the most important attributes of the underlying security is the key length. The key length actually defines the number of possible keys. Imagine an attacker wants to get access to your data without knowing the key. Thus, the attacker has to try out every possible key to actually decrypt your data.
To give you an impression of the implications, let us have a look at the time needed to guess the correct key: If we have an attacker with access to a supercomputer (with ~10 Pentaflops), to actually crack a 56-bit key, it would take 399 seconds. To crack a 128-bit key, the attacker would need the support of everyone on Earth, 7 billion people, each with 10 supercomputers. Even with this massive amount of computing power, it would take 77,000,000,000,000,000,000,000,000 years to crack it. For more details on this calculation check out this EETimes article.
So, given that the number of possibilities grows exponentially, it’s even harder to imagine what amount of time it would take to crack the 256-bit key used in bdrive (3.3 times 1056 years).
True security is based on how big the probability is that an attacker actually guesses the correct key. Hence, it is critical to check how we generate the key: in Bdrive’s case , the key generation is completely random!
Entropy — the quality of randomness for key generation
The central measure of the quality of randomness is called entropy; it measures the unpredictably of our keys. Our challenge is to collect as much entropy as possible. This is very hard, because normally everything in a computer is deterministic, so not random at all. Therefore, we not only use the built-in methods to collect entropy, but also derive it from your mouse movements, your keystrokes, and numerous other random values that can be measured. This also meets the recommendations by official bodies, such as the Federal Office for Information Security (BSI) and the National Institute for Standard and Technology (NIST) for use in highly sensitive areas.
Please check out our security whitepaper to get an in-depth look into bdrive’s underlying security mechanisms. We are always looking for customers, partners and motivated engineers. Get in touch at bdrive.team or via mail bdrive@nexenio.com .
