1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
\chapter{Introduction}
\epigraph{From a security perspective, if you're connected, you're
screwed.}{\textit{Daniel J. Bernstein}}
Internet companies have made it trivial for computer users to store
data/information on their computers and at the same time there is a
lot of evidence of governments and other powerful organizations being
able to access information/data stored on the Internet companies'
computers\cite{website:wikileaks-spyfiles}. Also most companies add a
standard clause in their privacy policy that allows them to disclose
information about users or information stored/created by users to
``third parties'':
\begin{quote}
\emph{Law \& Order}. We may disclose your information to third
parties if we determine that such disclosure is reasonably necessary
to (a) comply with the law; (b) protect any person from death or
serious bodily injury; (c) prevent fraud or abuse of Dropbox or our
users; or (d) protect Dropbox's property rights. -- Dropbox Privacy
Policy\cite{website:dropbox-privacy}
\end{quote}
In this type of world, it did be good to have a program that would
encrypt all the data/information before storing it on the storage
provided by Internet companies. combox aims to be one such program
which not only encrypts but stores only a part of the encrypted
data/information on the Internet company' storage, thus making it
non-trivial for ``third parties'' get access the user's
data/information. Section \ref{1-sec-b} gives a conceptual
introduction to combox; Section \ref{1-sec-cb-diff} enumerates how combox
is different from Combo-Box; lastly, section \ref{1-sec-using-cb}
contains information on how one can start using combox.
\section{What is combox?}\label{1-sec-cb}
combox allows the user to store all her files in the ``combox
directory'' and combox picks each file stored in the combox directory,
splits them into N shards, encrypts each of the N shards and spreads
the shards to N node directories. A ``node directory'' is the
directory of the file storage provider (Dropbox directory is a node
directory). Figure \ref{fig:1-combox-overview-0}, illustrates how a file
called \verb+strunk-white.pdf+ is split, encrypted and spread across
N node directories; shards \verb+strunk-white.pdf.shard0+ to
\verb+strunk-white.pdf.shardN+ are encrypted.
\begin{figure}[h]
\begin{verbatim}
__________________________
| |
-->| strunk-white.pdf.shard0 |
| | |
___________________ | |_________________________|
| | | node directory 0
| strunk-white.pdf | /
| | | __________________________
|__________________| |\ | |
combox directory || | strunk-white.pdf.shard1 |
||->| |
| |_________________________|
| node directory 1
| .
| .
| .
|
| __________________________
| | |
--->| strunk-white.pdf.shardN |
| |
|_________________________|
node directory N
\end{verbatim}
\caption{combox overview - file splitting}
\label{fig:1-combox-overview-0}
\end{figure}
combox does not sync encrypted shards stored in the node directories
to the respective file storage provider's server and it depends on the
respective file storage provider's client program to sync the
shards.
combox can be used on all of the user's computers. For instance, the
user can install combox on her second computer and combox will
reconstruct the file from the encrypted shards stored in the node
directories into the combox directory; figure
\ref{fig:1-combox-overview-1} illustrates this. Here too, combox
depends on the client program of the respective file storage provider
to sync shards to/from the file storage provider's server to/from the
respective node directory on the user's computer.
\begin{figure}[h]
\begin{verbatim}
__________________________
| |
| strunk-white.pdf.shard0 |
| |\
|_________________________| \ ___________________
node directory 0 \ | |
|->| strunk-white.pdf |
__________________________ |-->| |
| | | ->|__________________|
| strunk-white.pdf.shard1 |-- | combox directory
| | |
|_________________________| |
node directory 1 |
. |
. |
. |
|
__________________________ |
| | |
| strunk-white.pdf.shardN |----
| |
|_________________________|
node directory N
\end{verbatim}
\caption{combox overview - file reconstruction}
\label{fig:1-combox-overview-1}
\end{figure}
As of combox \verb+v0.2.2+, combox is compatible on GNU/Linux and OS
X, it supports just two file storage providers -- Google Drive and
Dropbox.
\section{How is combox different from Combo-Box?}\label{1-sec-cb-diff}
Combo-Box by Wesley Vollmar\cite{vollmar-combo-box} was the first
implementation of the idea storing encrypted shards of a file on the
computers different of different file storage providers. Differences
between Vollmar's Combo-Box and combox are enumerated below:
\begin{description}
\item[Platform] Combo-Box runs Microsoft Windows, whereas combox runs
on GNU/Linux and OS X and is not compatible with Microsoft Windows.
\item[File splitting] Combo-Box splits a file into shards based on the
space available on each node directory\cite{vollmar-combo-box},
while combox is not yet cognizant about about space left in each
node directory and splits the file into N equal shards, where N is
equal to the number of node directories.
\item[User Interface] Combo-Box is graphical application while combox
mostly a commandline program; combox's configuration wizard has a
graphical interface and the wizard has a commandline interface for
users who just like to do everything from the commandline.
\item[Database] Combo-Box uses a SQL traditional database with two
tables to keep track of files' shards, files' hash, files' last
``sync time'' and for ``security and stability'' uses stored
procedures that retrieve/store information in the
database\cite{vollmar-combo-box}.
combox on the other hand uses a no SQL key-value data store to track
the files stored in the combox directory using the pickleDB
library\cite{pylib:pickledb}. The key-value data store is a JSON
file and all access to this data store is done through an instance
of \verb+combox.silo.ComboxSilo+ which enforces synchronization
through a lock (\verb+threading.Lock+). In the data store, combox
keeps track of the hashes of all the files stored in the combox
directory; the data store also contains dictionaries that track
number of shards which have been create/moved/modified/deleted on
another computer.
\item[Installation] Combo-Box uses the proprietary
InstallShield\cite{nonfree-installshield} to install the program,
setup shortcuts and registry settings\cite{vollmar-combo-box}.
combox is a python package, it either be installed through python's
package manager (\verb+pip+\cite{py:pip}) with
\verb+pip install combox+ or it can be installed from the source
with the standard $python setup.py install$.
\item[Configuration] Combo-Box saves its configuration inside the
Combo-Box directory and this configuration is shared by all
computers on which the user chooses to run Combo-Box, by virtue of
this the file providers' directories must be in the same locations
on all the computers.
combox stores its configuration at
\verb+$HOME/.combox/config.yaml+; the configuration file is not
shared on computers on which the user runs combox and therefore is
independent; this makes it possible to keep the combox directory and
the directories of the file storage providers' (node directories) in
different location on each computer. The configuration file is a
YAML file and can be directly edited by the user if she wishes to.
\end{description}
\section{Using combox}\label{1-sec-using-cb}
Installing and running combox is relatively easy for Unix users:
\begin{verbatim}
$ pip install combox
$ combox
\end{verbatim}
For detailed information on installing combox, see
https://ricketyspace.net/combox/setup/.
\subsection{Caveats}
combox is extremely event-driven and depends on file-system events to
do the right thing when a file is created/modified/moved/deleted, so
the user must sure to start combox before starting the file storage
providers' client programs that sync encrypted shards to the
respective node directories; on most GNU/Linux distributions this can
be automated through by using the distribution's startup system (most
GNU/Linux distributions seem to use
\verb+systemd+\cite{website:systemd} these days).
|