Centralized Folder Control With Btsync

[glennpowers]

Problem: A small business business wants to share documents between employees.

btSync Solution: “The IT person” installs btSync on a company computer system, creates a folder in it and gives the Full Access secret to employees and instructions for setting up btSync.

Problem with btSync solution: an employee is fired. Chaos ensues as new secrets are generated, distributed, changes made to local btsync folders are lost, etc.

Proposed Solution: Client software generates public/private key pair and sends the public key to a “client controller.” Client Controller responds with Full Access Secret(s) for client btSync DB(s), and Full Access Secret(s) for btSync Folders, encrypted with the client’s public key.

Employees setup folder(s) and client software as operates the same as btSync currently does.

Proposed Solution Implementation: “The IT person” installs “btSyncControl.” Employees install “btSyncControl” and send “Requests for Access” to “the IT person.”

Using the Full Access Secret(s) for client btSync DB(s), the Client Controller(s) can monitor the status of individual folders.

Before an employee is terminated, a Client Controller can send a “Wipe” instruction to that employee’s btSyncControl. Once the wipe is confirmed, the employee is informed of the news.

An advantage of this solution is that Full Access Secrets can be securely be sent over insecure networks.

Issues with proposed solution:

Employees can copy files to non btSyncControl folders. They could do this with most solutions.

Folder Full Access Keys will reside on employee machines. The keys could be changed with an extension to this protocol. Although, it is unlikely that “most” employees will attempt to extract the Full Access Key secrets before they are fired.

 

[ChrisH]

I would never use BTSync or any other distribution system without per-user-access control for that scenario. 

If you have to use BTSync, use it in the internal LAN or over a VPN with additional user authentication only.

 

What happens if the employee just stops or blocks BTSyncControl so the wipe command never gets there?

How do you make sure the secret change command (you did not describe that, but you'd need one, right?) reaches all nodes?

How do you stop employees from creating their own shares without them using the control mechanism?

[ad89]

I to would like to see this implementation. I am trying to set up BTSync for a non-profit organisation with a lot of people coming and leaving every year.

 

Our current solution to the people leaving/being fired is changing the key every year. This way people keep their old files but no longer get new files or updated versions. 

 

We are aware of the security issues and are only using it for non-sensitive data that requires the utility of sharing. Still the proposed solution would make this a way better solution than what we currently have. 

[ChrisFPol]

We encrypt all data files. Access to the data files is only possible when running the app on your device to do so. Login into the app is controlled by access codes distributed with (encrypted) file ->file which has to be of the same date (or for. ex. not older than 5 days). So: the data may remain on a device, if the user is no longer in the accesscodefile or this file is to old, the app won't decrypt data.

[ChrisH]

 the data may remain on a device, if the user is no longer in the accesscodefile or this file is to old, the app won't decrypt data.

 

Unless they just reset their system date.

 

Security is hard, people.

[ChrisFPol]

unless your app is a little bit more intelligent and checks if system dat is correct -> if not or not able to check -> no access

[ChrisH]

And how would it "check if system dat is correct"?