Storing data in a cryptocontainer on a remote server and working with them from Android devices

Once we were approached by our long-standing client using the corporate version of CyberSafe . For a sufficiently long period of joint cooperation, we were able to make sure that the issue of information security in his company was far from last for him. The meeting once again confirmed this.

As it turned out, all the corporate information in his company is stored encrypted on a 4-Bay NAS Server. However, he did not want to store some data inside his company and decided to place their rented VPN server somewhere overseas. Thus, this would allow him not to keep these files in his office and he would not have to worry about their safety, as well as that they would attract unnecessary attention (in case of an unexpected check, for example).

Along with this, preferring mobility and the ability to have constant access to encrypted files, the ability to work with them not only from the office, but also outside it from any smartphone on Android was important for him.

This conversation led us to the idea of ​​developing a mobile application that would not only support basic encryption functions, but would also allow working with encrypted files in a transparent mode, while these files are not located on the device itself, but on some remote server. The task looked quite interesting and could only translate it into reality. As a result, jointly created an Android application called CyberSafe Mobile .

The application can create cryptocontainers (we call them safes), which you can mount and work with the files recorded in them in transparent mode. Encryption algorithms: AES or GOST at the choice of the user. The created safes can later be used on the local computer in the PC version of the program and vice versa.

The problem described above was solved as follows.

1. Rent a server somewhere abroad. For example, here for € 74 you can rent a server in Germany with already installed Windows Server 2012 R2.
2. Configure VPN .
3. Create a network folder on the server.
4. Create a cryptocontainer in this folder (or add an existing one). In the screenshot, this was done using CyberSafe Top Secret:



5. Connect the phone to the VPN:



6. Connect the created network folder to CyberSafe Mobile:



7. On the “Safes” tab in the connected network folder, we find the safe we ​​created, select it and mount it:



Now all the files placed in the container are available to us on the smartphone in transparent encryption mode, while they are on a remote rented server. As you know, one of the main drawbacks of cryptocontainers is that they become vulnerable for the time of mounting . However, when storing files on the server, this drawback does not manifest itself in any way, and maintenance personnel cannot in any way access the encrypted files, since the container is mounted on the user's device.

If necessary, several people can work with files in the container at the same time, for this they will need access to the VPN, as well as the password to the container.

The disadvantage of this scheme is the low data exchange rate - it requires a high-speed Internet connection, and also does not provide for working with large cryptocontainers.

As for the user who contacted us, he was satisfied with this decision and, quite possibly, now stores his information somewhere on the servers of sunny and warm Puerto Rico, and works with it on his smartphone from rainy and cloudy Moscow.