Академический Документы
Профессиональный Документы
Культура Документы
from
the
providers
to
store
user,
organization,
or application data.
Cloud storage services may be accessed through a co-located
cloud computer service, a web service application programming
interface (API) or by applications that utilize the API, such as
cloud
desktop
storage,
cloud
storage
gateway or Web-
data
storage,
access,
management,
and
desktop
client
uses
Python
GUI
toolkits
such
synced
computers. Dropbox
supports
multi-user version
are able to connect to your device and let you locate to your data at any location
that has internet access.
There are hundreds of different cloud storage systems and some of it is have a
specific focus and task such as storing Web e-mail message or digital picture. But
some cloud storage are able to store any forms of data or information and the
facilities that house cloud storage systems are called data centers. For example
like iCloud, iCloud is a cloud storage and cloud computing service from
Apple.Inc and launched on October 12, 2011. Why they have the cloud storage
even running on the phone? Because iCloud allows all their user to store their
data and information if there isnt any available space on their device, they save
the data such as photo, document, music remote servers for download to IOS.
Macintosh or Windows devices, to share and send date to other users, and to
manage their Apple devices, to share and send data to other users, and to manage
their Apple devices if lost or stolen. So could storage is more convenient and
offers more flexibility services.
services market is predicted to exceed $244 billion. Now, lets look into some of
the advantages of Cloud Storage.
1) Usability: All cloud storage services reviewed in this topic have desktop
folders for Macs and PCs. This allows users to drag and drop files
between the cloud storage and their local storage.
2) Bandwidth: You can avoid emailing files to individuals and instead send a
web link to recipients through your email.
3) Accessibility: Stored files can be accessed from anywhere via Internet
connection.
4) Disaster Recovery: It is highly recommended that businesses have an
emergency backup plan ready in the case of an emergency. Cloud storage
can be used as a backup plan by businesses by providing a second copy
of important files. These files are stored at a remote location and can be
accessed through an internet connection.
5) Cost Savings: Businesses and organizations can often reduce annual
operating costs by using cloud storage; cloud storage costs about 3 cents
per gigabyte to store data internally. Users can see additional cost savings
because it does not require internal power to store information remotely.
Swapping providers can be very difficult. Your company would need to download
all data to your local network then upload it again to the new provider, which
would require storage capacity, enough to store all of the data you were hosting
with the third party, this could get expensive and consider all that redundant
hardware, look for companies which can migrate your data for you from your
previous provider.
Certifications Dropbox uses Amazon Web Services (AWS) for storage and
transfer which is SAS 70 Type II certified.
3.2 Features
Copy During the installation of the client application, the user has to choose a
local Dropbox folder. All les in this folder and all subdirectories will be uploaded. The process starts immediately after installation and runs permanently in
the background.
Files can be added to the backup by adding them to the Dropbox folder. It is not
possible to include les or folders outside of the Dropbox folder. Files can also be
uploaded through the web interface. Files can be restored from the web interface.
Dropbox keeps records of previous versions of a file and can restore to any
version. This restoration can only be done in the web interface and for single les
only. The records are kept for 30 days. Unlimited undo support is available for
additional charges.
Backup Dropbox does not support a backup feature as defined in Section 2.1.2
by default.
Synchronization The user can install the client application on multiple
computers and the data will automatically be synchronized on all these
computers. Dropbox recognizes conflicts during synchronization. In case of a
conflict, a new copy of the file is created and stored in the user's Dropbox folder.
Conflicting files are renamed including the date of the conflict and the device
from which the conflicting version was uploaded. The user has to compare the les
by himself and resolve the conflicts manually.
Sharing Files can be shared with subscribers of Dropbox. Further, files can be
copied in a public folder in order to obtain a URL that allows access for nonsubscribers of Dropbox. The service is unclear, whether this creates a closed user
group or is meant as file publication. The statement It is possible, however
unlikely, that someone could guess your link if they knew the file name. makes
thinking that a closed user group is intended. On the other side, Dropbox says
Everything in your Public folder is, by definition, accessible to anyone. which
may be seen as an indicator for file publication. This ambiguity can cause a
problem.
3.2 Security
Registration and Login
Both the registration and the login process use secure communication channels
(TLS). During the registration, which can either be done on the website or during
the client installation, the user has to enter a first and a last name (both arbitrary
strings), an email address, and a password. The email address will be used to
login to the service and there can only be one account associated with this email
address. If an already registered email-address is used during the registration, the
message This email address is already taken." is shown to the user. Dropbox
accepts weak passwords; the only restriction is a minimal password length of six
characters, the email address must not be used as password. (see Figure 1).
When logging in to the client application for the first time, the user is prompted
to enter his email address and the password. After the user is authenticated, a
token is sent by the server and stored on the client which is used to authenticate
the user from there on. Note that up to client version 1.1.35, an attacker who
succeeds in copying a victim's configuration le to his own machine, will have
access to the victim's Dropbox account.
Dropbox repels brute force password attacks: Dropbox temporary locks an
account after too many failed logins in a given time frame.
If the user forgets his password, Dropbox sends an email to the email address
registered with the user's account. This email contains a link to a secure website
for entering a new password. The account will not be changed unless the entire
password reset process is completed by the user.
Dropbox' registration process has some minor weaknesses and therefore does
not completely meet the requirements defined in Section 4: Dropbox accepts
weak passwords and the email address used to sign up for the service is not
verified.
Dropbox measures to prevent information gathering could be improved;
especially during the registration process, gathering of email addresses of already
registered users is possible.
A bug in the client application which will enable an attacker to get access to a
victim's Dropbox account is fixed in the current version.
Transport Security
Dropbox uses TLS to encrypt the communication between the client application
and the server. The communication between the browser and the web interface is
encrypted by using HTTPS.
Encryption
Dropbox uses AES-256 to encrypt data stored on its servers. The data will not be
encrypted at the client; instead Dropbox encrypts the data after the upload on the
server-side using its own encryption key.
While the encryption of data in transit meets the requirements, Dropbox has not
optimally implemented the encryption of the stored data. Since Dropbox itself
encrypts the data on the server-side, users cannot be sure by cryptographic means
that all stored data is highly confidential.
Sharing
Dropbox has some problems when sharing les with non-subscribers / everybody.
(1) Sharing files with subscribers. This meets our requirements.
(2) Sharing les with non-subscribers / everybody. The shared URLs look like
http: //dl.dropbox.com/u/n/f, with n being a 7-8 digit number, and f the
filename, as described above. URL analysis of multiple les being
published revealed that the numbers seem to be incremented but the lack
of le name obfuscation enables easy access by anyone. Using a simple
script which iterated through possible URL combinations we were able to
search for the existence of specific les inside the Public folder.
Additionally, the shared files are not excluded from search machine
indexing. We downgrade Dropbox write sharing because of the unclear
definition of sharing.
Deduplication
Currently, Dropbox only uses single user deduplication which has no privacy
issues. The switch to single user deduplication was made when the program
Dropship became available, which enabled users to share large les via Dropbox
simply by exchanging small hash values. The author of Dropship reverseengineered the Dropbox deduplication protocol and used this information to
create the program. Dropbox plans to enable this function again, but so far has not
given any specific time line.
Multiple Device
It is possible to access a Dropbox account from different machines. After the
installation of the Dropbox client, the user has to link the machine to the account
by entering username and password, no additional activation is required. A list of
all devices currently linked to the account is provided via the web interface. This
list shows the computer names, the time of last activity, and the IP address last
used. Using the web interface, the user may rename and unlink computers (see
Figure 5).
Update Function
Dropbox has a high update frequency (sometimes as low as one week, see the
re-lease notes for more details). Dropbox automatically updates the client
software without any user interaction.
Server Location
According to the Dropbox Help Center, all files are stored on Amazon S3 servers
in the United States. This has been confirmed by our analysis.
Conclusion
Dropbox is a free service that allows you to easily store and share your documents, videos,
and photos and always have them on-hand when you need them. Although, there are other
Cloud services available, I use Dropbox because it is simple and functional. I mainly use it
store important documents, pictures of my kids that I share out to family and friends, and
enjoy the convenience of not having to sync anything.