Introduction

Cloud storage is a model of data storage where the digital data is

stored in logical pools, the physical storage spans multiple
servers (and often locations), and the physical environment is
typically owned and managed by a hosting company. These
cloud storage providers are responsible for keeping the data
available and accessible, and the physical environment protected
and running. People and organizations buy or lease storage
capacity

from

the

providers

to

store

user,

organization,

or application data.
Cloud storage services may be accessed through a co-located
cloud computer service, a web service application programming
interface (API) or by applications that utilize the API, such as
cloud

desktop

storage,

cloud

storage

gateway or Web-

based content management systems.

Dropbox is a file hosting service operated by Dropbox, Inc.,
headquartered in San Francisco, California, that offers cloud
storage, file synchronization, personal cloud, and client software.
Dropbox allows users to create a special folder on their
computers, which Dropbox then synchronizes so that it appears
to be the same folder (with the same contents) regardless of
which computer is used to view it. Files placed in this folder are
also accessible via the Dropbox website and mobile apps.
Dropbox uses a freemium business model, where users are
offered a free account with a set storage size and paid
subscriptions for accounts with more capacity.

Dropbox consists of cloud-based services for user identity and

management,

data

storage,

access,

management,

and

programmatic interfaces (APIs); clients for data access and

storage on desktop and mobile operating systems; and web
applications for data and service management.
The Dropbox client enables users to drop any file into a
designated folder. The file is then automatically uploaded to
Dropbox's cloud-based service and made available to any other
of the user's computers and devices that also have the Dropbox
client installed. Users may also upload files manually through the
Dropbox web application.
Originally, both the Dropbox server (running on the cloud) and
desktop client software were primarily written in Python. From
mid-2013 Dropbox began migrating its backend infrastructure
to Go. The

desktop

client

uses

Python

GUI

toolkits

such

as wxWidgets and Cocoa. Other notable Python libraries include

Twisted, ctypes, and pywin32. Dropbox ships and depends on
the librsync binary-delta library (which is written in C). Dropboxs
full browser-side codebase is written in CoffeeScript instead
of JavaScript.
The Dropbox client supports synchronization and sharing along
with personal storage. It supports revision history, so files
deleted from the Dropbox folder may be recovered from any of
the

synced

computers. Dropbox

supports

multi-user version

control, enabling several users to edit and re-post files without

overwriting versions. The version history is by default kept for 30
days, with a 12-month recovery option called "Pack-Rat"
available for purchase.

2.0 Purpose of cloud storage

According to comedian George Carlins word says humans seem to spend their
lives accumulating "stuff". Once, theyve gathered enough of stuff they will
have to find a place to store all of it. And nowadays, we could make a same
observation about computer information. Everyone with a computer is spending a
lot of time to acquiring information and application data, and will try to find some
place to store like a thumb drives, external drive or compact disc. But there isnt
unlimited space for their logical device, usually people will have to update or
deleting the old files and replace by the new files, but it could be a real challenge
when there some files they would like to duplicate or keep longer. But some
people are choosing to rely on a growing trend called cloud storage. What is
cloud storage? It sounds like some kind of system related to the Weather
Forecast, wrong. It is refer to saving application data or computer information to
an off-site storage system maintained by third party. The internet provide a
connection between your device and the database, all data will be save to a
remote database. Compare to the traditional data storage, cloud storage system

are able to connect to your device and let you locate to your data at any location
that has internet access.

There are hundreds of different cloud storage systems and some of it is have a
specific focus and task such as storing Web e-mail message or digital picture. But
some cloud storage are able to store any forms of data or information and the
facilities that house cloud storage systems are called data centers. For example
like iCloud, iCloud is a cloud storage and cloud computing service from
Apple.Inc and launched on October 12, 2011. Why they have the cloud storage
even running on the phone? Because iCloud allows all their user to store their
data and information if there isnt any available space on their device, they save
the data such as photo, document, music remote servers for download to IOS.
Macintosh or Windows devices, to share and send date to other users, and to
manage their Apple devices, to share and send data to other users, and to manage
their Apple devices if lost or stolen. So could storage is more convenient and
offers more flexibility services.

2.1 Advantages of Cloud Storage

Cloud Storage is a service where data is remotely maintained, managed, and
backed up. The service allows the users to store files online, so that they can
access them from any location via the Internet. According to a recent survey
conducted with more than 800 business decision makers and users worldwide, the
number of organizations gaining competitive advantage through high cloud
adoption has almost doubled in the last few years and by 2017, the public cloud

services market is predicted to exceed $244 billion. Now, lets look into some of
the advantages of Cloud Storage.

1) Usability: All cloud storage services reviewed in this topic have desktop
folders for Macs and PCs. This allows users to drag and drop files
between the cloud storage and their local storage.
2) Bandwidth: You can avoid emailing files to individuals and instead send a
web link to recipients through your email.
3) Accessibility: Stored files can be accessed from anywhere via Internet
connection.
4) Disaster Recovery: It is highly recommended that businesses have an
emergency backup plan ready in the case of an emergency. Cloud storage
can be used as a backup plan by businesses by providing a second copy
of important files. These files are stored at a remote location and can be
accessed through an internet connection.
5) Cost Savings: Businesses and organizations can often reduce annual
operating costs by using cloud storage; cloud storage costs about 3 cents
per gigabyte to store data internally. Users can see additional cost savings
because it does not require internal power to store information remotely.

2.2 Disadvantages of Cloud Storage

To access your cloud storage, you will need an Internet connection up and
running, or choose a provider with offline sync (which has its own draw backs).
In areas with no internet connectivity, be that 3G or POTS retrieving this data
could be impossible, we would also need to think about connectivity failure
scenarios too. With a cloud storage solution, you are relying on a third party to
effectively secure your data. It is important to thoroughly check the security
features offered by any cloud storage provider you are considering, read reviews
and compare providers before making choices.
Bandwidth constraints limit the amount of data exchange that happens, when
youre in an office with a local server the cables or wifi can (usually) pass data
much faster than traditional internet connections, if you transfer large files and
have a slow connection then cloud storage is probably not an option for you right
now.

Swapping providers can be very difficult. Your company would need to download
all data to your local network then upload it again to the new provider, which
would require storage capacity, enough to store all of the data you were hosting
with the third party, this could get expensive and consider all that redundant
hardware, look for companies which can migrate your data for you from your
previous provider.

3.0 Analysis of Cloud Storage ( DROPBOX )

3.1 Availability
Dropbox is operated by Dropbox Inc, which is located in San Francisco, US.
Operating Systems. The client application runs on Windows, Mac OS X and
Linux. A web interface is provided which may be used for account management
as well as data access. Android, Blackberry, iPhone and iPad applications are also
available.
Client Software Version The client software that has been used in our tests was
version 1.1.35. The latest version is 1.2.49.
Pricing Dropbox offers a free service providing up to 2 GB storage space
(Drop-box Basic). Additionally, premium services providing up to 1 TB (1,000
GB) storage space (Dropbox Pro, $ 9.99 per month). Dropbox for Teams is a
special offer for companies and organizations, and comes with additional
administration features ($15/ user/ month). As much storage as you need, the
unlimited file recovery, file sharing controls and priority support.

Certifications Dropbox uses Amazon Web Services (AWS) for storage and
transfer which is SAS 70 Type II certified.

3.2 Features
Copy During the installation of the client application, the user has to choose a
local Dropbox folder. All les in this folder and all subdirectories will be uploaded. The process starts immediately after installation and runs permanently in
the background.
Files can be added to the backup by adding them to the Dropbox folder. It is not
possible to include les or folders outside of the Dropbox folder. Files can also be
uploaded through the web interface. Files can be restored from the web interface.
Dropbox keeps records of previous versions of a file and can restore to any
version. This restoration can only be done in the web interface and for single les
only. The records are kept for 30 days. Unlimited undo support is available for
additional charges.

Backup Dropbox does not support a backup feature as defined in Section 2.1.2
by default.
Synchronization The user can install the client application on multiple
computers and the data will automatically be synchronized on all these
computers. Dropbox recognizes conflicts during synchronization. In case of a
conflict, a new copy of the file is created and stored in the user's Dropbox folder.
Conflicting files are renamed including the date of the conflict and the device
from which the conflicting version was uploaded. The user has to compare the les
by himself and resolve the conflicts manually.
Sharing Files can be shared with subscribers of Dropbox. Further, files can be
copied in a public folder in order to obtain a URL that allows access for nonsubscribers of Dropbox. The service is unclear, whether this creates a closed user
group or is meant as file publication. The statement It is possible, however
unlikely, that someone could guess your link if they knew the file name. makes
thinking that a closed user group is intended. On the other side, Dropbox says
Everything in your Public folder is, by definition, accessible to anyone. which
may be seen as an indicator for file publication. This ambiguity can cause a
problem.

Sharing files with subscribers. This is done by inviting the users by

entering their user name or email address. If there is no account
registered with an invited email address, a registration invitation is
sent to this email. It is not possible to assign individual permissions
for the invited users, but invited users are not able to permanently
delete files or remove versions of individual files. The sharing tab
inside the web interface provides an overview about folders that are
currently being shared by the user or folders to which the user has
been invited. It is possible to leave the folder while keeping a local
copy of the les. The inviting user can remove invited users from the
folder and can chose whether the removed users should be allowed to
keep local copies of the files inside his Dropbox folder.
Sharing files with non-subscribers / everybody. File are shared by
copying them to the specific Public folder. This folder is mapped to a
URL like http://dl. dropbox.com/u/n, with n being a 7-8 digit number.
Links to files include their original filename :
(e.g. http://dl.dropbox.com/example.jpg).

3.2 Security
Registration and Login
Both the registration and the login process use secure communication channels
(TLS). During the registration, which can either be done on the website or during
the client installation, the user has to enter a first and a last name (both arbitrary
strings), an email address, and a password. The email address will be used to
login to the service and there can only be one account associated with this email
address. If an already registered email-address is used during the registration, the
message This email address is already taken." is shown to the user. Dropbox
accepts weak passwords; the only restriction is a minimal password length of six
characters, the email address must not be used as password. (see Figure 1).

Figure 1 Dropbox: Validation of registration and login

When registering on the Dropbox web site, Dropbox gives a hint about the
quality of the chosen password in the form of a blue colour signal bar (see Figure
2). To get an indication for a strong password, the user has to choose a password
consisting of characters from different categories (lowercases, uppercases, digits,
and special characters). However, selecting more than three different characters
from the same category does not continue to increase the indicated password
strength. The user is not prompted to repeat the password in order to prevent
typos. The registration process during the client installation slightly differs: The
client application has no password strength indicator and the user has to repeat the
password. Dropbox does not send any activation emails after registration. This
enables an incrimination attack. The user may use the new account immediately
after completing the registration form.
During the login process, the user has to enter his email address together with
his password. In case of an incorrect login attempt, Dropbox only informs the
user, that one of the two is incorrect but not which one (see Figure 3).

When logging in to the client application for the first time, the user is prompted
to enter his email address and the password. After the user is authenticated, a
token is sent by the server and stored on the client which is used to authenticate
the user from there on. Note that up to client version 1.1.35, an attacker who
succeeds in copying a victim's configuration le to his own machine, will have
access to the victim's Dropbox account.
Dropbox repels brute force password attacks: Dropbox temporary locks an
account after too many failed logins in a given time frame.
If the user forgets his password, Dropbox sends an email to the email address
registered with the user's account. This email contains a link to a secure website

Figure 2.Dropbox: Hint about password quality

for entering a new password. The account will not be changed unless the entire
password reset process is completed by the user.

Figure 3. Dropbox: Failed login attempt

Dropbox' registration process has some minor weaknesses and therefore does
not completely meet the requirements defined in Section 4: Dropbox accepts
weak passwords and the email address used to sign up for the service is not
verified.
Dropbox measures to prevent information gathering could be improved;
especially during the registration process, gathering of email addresses of already
registered users is possible.
A bug in the client application which will enable an attacker to get access to a
victim's Dropbox account is fixed in the current version.

Transport Security
Dropbox uses TLS to encrypt the communication between the client application
and the server. The communication between the browser and the web interface is
encrypted by using HTTPS.

Encryption
Dropbox uses AES-256 to encrypt data stored on its servers. The data will not be
encrypted at the client; instead Dropbox encrypts the data after the upload on the
server-side using its own encryption key.
While the encryption of data in transit meets the requirements, Dropbox has not
optimally implemented the encryption of the stored data. Since Dropbox itself
encrypts the data on the server-side, users cannot be sure by cryptographic means
that all stored data is highly confidential.

Sharing
Dropbox has some problems when sharing les with non-subscribers / everybody.
(1) Sharing files with subscribers. This meets our requirements.
(2) Sharing les with non-subscribers / everybody. The shared URLs look like
http: //dl.dropbox.com/u/n/f, with n being a 7-8 digit number, and f the
filename, as described above. URL analysis of multiple les being
published revealed that the numbers seem to be incremented but the lack
of le name obfuscation enables easy access by anyone. Using a simple
script which iterated through possible URL combinations we were able to
search for the existence of specific les inside the Public folder.
Additionally, the shared files are not excluded from search machine
indexing. We downgrade Dropbox write sharing because of the unclear
definition of sharing.

Deduplication
Currently, Dropbox only uses single user deduplication which has no privacy
issues. The switch to single user deduplication was made when the program
Dropship became available, which enabled users to share large les via Dropbox
simply by exchanging small hash values. The author of Dropship reverseengineered the Dropbox deduplication protocol and used this information to
create the program. Dropbox plans to enable this function again, but so far has not
given any specific time line.

Figure 5 Dropbox: Device access Dropbox account

Multiple Device
It is possible to access a Dropbox account from different machines. After the
installation of the Dropbox client, the user has to link the machine to the account
by entering username and password, no additional activation is required. A list of
all devices currently linked to the account is provided via the web interface. This
list shows the computer names, the time of last activity, and the IP address last
used. Using the web interface, the user may rename and unlink computers (see
Figure 5).

Update Function
Dropbox has a high update frequency (sometimes as low as one week, see the
re-lease notes for more details). Dropbox automatically updates the client
software without any user interaction.

Server Location
According to the Dropbox Help Center, all files are stored on Amazon S3 servers
in the United States. This has been confirmed by our analysis.

4.0 Data Flow

Conclusion

Dropbox is a free service that allows you to easily store and share your documents, videos,
and photos and always have them on-hand when you need them. Although, there are other
Cloud services available, I use Dropbox because it is simple and functional. I mainly use it
store important documents, pictures of my kids that I share out to family and friends, and
enjoy the convenience of not having to sync anything.