Nextcloud 14: focus on security and compliance

Originally published at: Nextcloud 14: focus on security and compliance - Nextcloud

Nextcloud is designed to keep your data secure while you sync your data and work with other people. With every release, we bring new technologies, visible and invisible, to secure files and enhance collaboration. Nextcloud 14 introduces our innovative Video Verification and Signal & Telegram 2FA support for security. To enhance collaboration, we introduce note shares, search in the content of comments, recovery of deleted group shares and improved federation. This blog post aims to update you on these and other improvements.

HackerOne: paying experts to find issues

While we regularly get praise from customers who have done pentesting on our software, we believe that getting the help from the global security community is important to validate our security efforts. Our HackerOne program pays out money to hackers who find issues in our software and responsibly disclose those to our security team.

A recent HackerOne case study has analyzed our security work and concluded our bug bounty handling is an example for others to follow. Michiel Prins, co-founder HackerOne, had this to say:

Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.

You can learn more and download the case study from the HackerOne website.

New security features in Nextcloud 14

For Nextcloud 14, two main security features are new:

• Video Verification
• Signal/Telegram/SMS 2FA support

We also updated our SAML and Kerberos authentication and introduced a new GDPR compliance app. [caption id="attachment_4458" align="alignright" width="300"] Video Verification[/caption]

Video Verification

Video Verification is our new, unique feature that is meant to ensure that only the right person looks at the data you shared. You might think: well, I put a password on it, won't that do the trick? It is indeed true that a password for a share link, especially when sent through another channel like sms, makes it harder for a third party to get access to the files. But there are certainly scenarios where this still happens: a spouse might use the phone, or a child. For most data, this isn't a big deal. But think of a doctor who wants to make sure an X-ray only can be seen by the patient, not their family?

Just like a bank might require you to physically come in to open a bank account and a doctor would require a visit to tell you the results of an examination, you might want to make sure some data strictly ends up before the intended recipient. This is where Video Verification comes in. When this option is enabled, the user receives only the share link, not the password. The share link page gives a ‘request password’ button, which starts a call using Nextcloud Talk. Your phone will ring and you will be able to see and talk to the intended recipient! Once you have verified who it is, you can give the password and he/she can log in and view the data.

The YouTube video below demonstrates how this works.

Signal/Telegram/SMS 2FA support

The second main security feature in Nextcloud 14 is a new second factor authentication provider. 2-factor authentication improves the security of authentication by using a second way of ensuring only the right person can log in: besides a password, a code from a device like a phone has to be entered. New in this release is the 'gateway' 2-factor provider. It allows use of the secure messaging apps Signal and Telegram as well as various SMS gateways as second factor to secure their authentication. Most up-to-date applications communicating with Nextcloud now use Login flow so you will be able to log in just like you would on the web, including, but not limited to SMS-based authentication. Absent support for the Login flow, your legacy applications will accept device passwords.

Note that especially the Signal authentication support relies on a third party docker container, so take some care with it. You can learn more on this page.

In other 2-factor news, the app now officially supports authentication via NFC (Yubikey NEO)!

SAML and Kerberos

Thanks to a collaboration with the TU Berlin it is now possible to authenticate to Samba servers while using Kerberos authentication. Note that this requires the server to already have a valid ticket to authenticate! The Nextcloud SAML app was updated with support for multiple Identity Providers, allowing a server to have both local users and SAML authentication. The SAML configuration was also simplified.

GPDR

When working with others, it is important to keep data not only secure but also within the legal boundaries set by compliance regulation. Nextcloud has made another step forward in this area. This release introduces a Data Protection Confirmation app and a separate audit log file, complementing to the existing Impressum/legal notice and data request apps available in the Nextcloud Compliance Kit. Using the applications in the kit as well as extensive documentation, supported by our compliance expertise accessible through their Nextcloud Subscription, Nextcloud customers can ensure full legal compliance with a minimum of effort. You can learn more on our website.

Closing

Besides all the big things mentioned above, lots of smaller improvements were made, like the use of the new ARGON2I hashing algorithm - if you don't know what that means, don't worry, that is a healthy thing! It simply means our team makes sure to take care of both the small and large things. If you have any feedback or want to contribute, you can contact us over github or get preferential access to our developers through a Nextcloud Subscription.

To get a big-picture overview of all our efforts to keep your data secure, check out the security page on our site or download a whitepaper.

Dear Nextcloud core team,

What about also focusing on server-side encryption and fixing the issues related to this feature?

Server-side encryption is still buggy and can lead to data loss. Nobody of the Nextcloud core team is taking care of this topic which in my opinion should be a priority.

Or does nobody use server-side encryption on their server and hence there is no interest in fixing things there?

Thank you very much in advance.

Agree, haven’t really touched server-side encryption after a first bad experience earlier this year. Actually more interested in end-to-end encryption so user don’t even have to trust me as the hosting party.

Perhaps it is harder to find developers working on encryption related developments due to the increasing worldwide governments pressure to push companies to introduce backdoors. See: https://www.homeaffairs.gov.au/about/national-security/five-country-ministerial-2018.

Will be interesting indeed to hear about Nextcloud’s position regarding ongoing development of end-to-end encryption and server-side encryption for Nextcloud. Perhaps a roadmap?

For what reason you came to the conclusion that none of the NC core team member is workling on that topic ??

6. September 2018 09:14, “John” noreply@nextcloud.com schrieb:

There are 2 excellent methods of data at rest encryption:

1. LUKS encryption on EXT4 filesystem. It is a Linux file system level encryption that you install the OS and other file systems on top of it. Only the boot sector is fat32. System cannot be booted remotely unless you build your own initramfs to start busybox etc, or are present onsite at consle to enter a pas phrase to decrypt the drive. File data integrity is the only problem here in that the EXT4 system does not have journaling and etc, so as drives or data deteriorates, it is not always repairable. This is where hardware RAID could be of assistance.
2. ZFS encryption is another option. It is a direct to drive data writes, has excellent journaling to detect and repair files etc. It can be set up as software RAID, and only finalises once written to the drive. The ZFS encryption changes along the filesystem, so the data saved in one sector is saved differently in another HDD sector etc.
   Research both and install Nextcloud to store data in an appropriate file system.

mrpinks

Because there are issues opened without any answers, for example this one:

and other issues which have no solutions but answers such as “do not use Nextcloud server-side encryption” or “use OS encryption instead”. These are not solutions or valid answers to the problem.

If Nextcloud server-side encryption does not work properly for local file system and there are no solutions/fixes from Nextcloud then this feature should be removed from Nextcloud. This is not a new problem but has been going on for months and months…

Someone from the core Nextcloud team should take position on this topic.

@jospoortvliet Could you provide some information here regarding the server-side encryption problems?

Solid E2E encryption is a priority for me as well. I am interested in helping out with this project from a community perspective

Here is a good resource for those who find the posting and want to remote buts a LUKS boot drive

http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/

Yes, they are. But that doesn’t answer my question. Even with opensource software you will not see all work at github. So you can’t tell if there is work ongoing or not.

Maybe it would be nicer next time to ask if there is work on it and how it is going at a topic. And not taking a conclusion you can’t guess.

6. September 2018 13:36, “John” noreply@nextcloud.com schrieb:

I don’t know exactly what you mean with ‘core team’. Sure, there’s a team of people who get paid to work on Nextcloud, but they get paid by customers to work on what these customers want. On github and this forum you will only find volunteers.

Of course, some volunteers put in more time than others, I guess you can call them ‘core’ but that doesn’t change their position: everything everyone here does is ‘best effort’.

and other issues which have no solutions but answers such as “do not use Nextcloud server-side encryption” or “use OS encryption instead”. These are not solutions or valid answers to the problem.

If Nextcloud server-side encryption does not work properly for local file system and there are no solutions/fixes from Nextcloud then this feature should be removed from Nextcloud. This is not a new problem but has been going on for months and months…[/quote]

Well, as far as I know, it works just fine for 99% of the users - and bugs get fixed. But there are always corner cases. Fixing bugs that hit a single home user, like yours - it depends on when someone (a volunteer…) has time and interest to look into it.

Of course, if problems hit multiple users or are easy to reproduce, they often gets fixed faster, we all care about making a good product, paid or not. Just like awesome people like our forum team care about getting questions answered, even if they don’t get paid to do it.

As a reminder, you should think about saying ‘thank you’ frequently

In general, we make clear recommendations to use a server-wide key, not per-user key. The former is far more robust and the latter provides very little additional security but loads of issues.

Sorry for not being precise enough. With core team I meant people who have deep technical and security knowledge of Nextcloud such as Lukas Reschke (where is he btw?) and not someone from PR/marketing.

On what facts do you base that this bug is hitting only a single home user? Please cite your sources here and your analysis how you found out that this bug is only affecting one single home user.

What about this server-side encryption issue (503 Encryption not ready: multikeydecrypt with share key failed · Issue #8349 · nextcloud/server · GitHub)? It is open since February, seems to hit more than one user and does not have any solution or fix yet.

I take the opportunity here to thank you for your answer and in advance I would like to thank the developers for taking seriously and fixing these type of server-side encryption bugs which can lead to data loss.

Please cite the sources in the official Nextcloud documentation where these recommendations you are speaking of are written in clear text?
I checked the relevant server-side documentation in the admin guide (e.g.: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html) as well as in the user guide (e.g.: Encrypting your Nextcloud files on the server — Nextcloud 13 User Manual 13 documentation) and could not find anything about this recommendation of using server-wide key and not per-user key you mention.

Again thank you very much all in advance for focusing on fixing current and old serious issues such as server-side encryption instead of new fancy product-marketing features.

Sorry, it is very simple: if customers pay us to improve Nextcloud talk and don’t pay to fix encryption, we improve Nextcloud Talk and the encryption is fixed if somebody feels like it. So unless YOU feel like fixing it, it won’t get fixed, yes. That is how any open source project works, so don’t blame us. If this wasn’t open source you didn’t have anything without paying in the first place…

Sorry for reality.

Umm, journalling was introduced in EXT3, and EXT4 has it too. See here.

@esbeeb The point is you do mkfs.ext4 after/inside LuksFormat, and LUKS (which is one layer closer to hardware) does not do integrity check.

I really do wonder why you do 2FA with Signal and Telegram, but not with the only free messaging protocol XMPP. Whereas Signal and Telegram have a pretty centralized and closed infrastructure XMPP is a free and distributed (and open) infrastructure with very good documentation and a lot of clients for various systems.

It’s probably not the decision to make either one protocol or the other. They just started with two messaging protocols that are widely used on mobiles. There is already a request to add xmpp as well:

XMPP is maybe the most unsecured protocol i ever meet… Not worst signaling large corporation like microsoft discontinuing their messenger app, or google eradicating XMPP from is talk plateform …

It is not F2A whitch is a identification secure app witch will patch the xmpp holes

I hardly understand what you are trying to say. But it seems kind of ridiculous to me to critize security of XMPP in favour of closed-source closed-infrastructure uncontrolled company protocols like Signal/Telegram instead. What you see there is not what you get in fact. You are only creating another dependency instead. Compared to the security of a self-hosted Jabber/XMPP you are lost.