June 12, 2014

New Private Cloud Devices Aim to Block Cyber Spies

lima cloud deviceSuddenly, consumer-oriented private cloud storage devices are everywhere, with many -- if not most -- running Linux. The market segment has blossomed thanks to growing concerns over government cyber-spying, notably in the case of the U.S. National Security Agency and the Chinese military. There is also growing unease about sharing of user data by mobile carriers, financial firms, and high-tech companies, as well as fears about cyber-criminals.

We've already seen privacy-minded, encryption-ready Linux distributions like Tails, as well as Linux-based Tor peripherals like Safeplug. An Android derived Blackphone, meanwhile, claims to be resistant to prying keyboards. Even Google -- which is often singled out by critics as a privacy abuser -- jumped on the trend last week by announcing Chrome End-to-End extensions that will make it easier to use OpenPGP email encryption within the browser.

Now, cloud storage is coming under scrutiny, despite relatively few cases of successful hacker exploits of sites like DropBox. You're more likely to have your data stolen from less protected retail sites like Target.com. Still, we store a lot more personal information on our hard drives than we commonly offer up to retailers.

In recent years, server-based private clouds have been growing in popularity among companies that want more control, performance, and potentially reduced costs compared to cloud services. Platforms include the open source OwnCloud.

Now, we're seeing smaller scale systems aimed at consumers and small businesses. They don't require a PC, let alone a server, but instead use standalone private storage gizmos. These devices let users securely store and access their data while providing access to friends. They also avoid storage fees, and are often touted as being faster than cloud services. Most systems offer mobile app access, providing secure mobile access to synced files, and some even support streaming video.

The four Linux-based systems covered here range from mainstream network-attached server (NAS) devices such as Qnap's TS-X51, which has added private cloud functionality, to simple devices like the Lima that lack onboard storage. Two other Linux-based systems that fall somewhere in between include the Sherlybox and the OPI cloud deviceOPI.

4 Linux-Based Private Cloud Devices

Lima (Cloud Guys Corp.) -- This Paris-based startup surpassed its Kickstarter funding goals in July 2013, and then quickly ran into delays. The commercial version, expected to cost about $150, is not yet available for pre-orders, but Lima's 12,840 Kickstarter supporters, who paid $69 and up, should receive the device this summer.

The Lima device itself is a tiny embedded computer running OpenWRT Linux, equipped with an Ethernet port and a USB port that supports up to eight connected drives. The secret is in the software. Once the Lima app is loaded on your device, whether a PC, tablet, or smartphone, it commandeers the operating system's virtual file system, redirecting access to the Lima's USB-attached storage.

By intercepting filesystem access, Lima redirects data reads and writes over the Internet to the device's attached USB drives. Authorized files appear to a mobile device user like local storage, with files sync'd between devices. The system offers automatic backup, and can stream to media players. Because there is no copying of files as in DropBox, access times are claimed to be much faster.

Whereas products like the Linux-based PogoPlug do something similar, they require a cloud service that provides a dynamic DNS intermediary. To avoid this potentially hackable site, Lima uses a decentralized, encrypted VPN similar to OpenVPN, so every node participates in the process.

OPI (OpenProducts) -- OPI has a few days left to reach its flexible funding goal on Indiegogo. The device goes for $119 with 8GB, with products said to be shipping within the month.

Unlike the Lima, which depends on USB storage, OPI uses microSD storage encrypted with LUKS and AES. The Ubuntu-based private file and email server is limited to a maximum of 64 GB of storage, but offers optional USB or cloud backup.

sherlybox cloud deviceOPI not only provides synchronized access to files to multiple users, it adds encrypted email accounts and shared calendars and contacts for multiple users. No multimedia streaming is supported, however. Access to data is available via web browsers and email programs like Thunderbird, as well as an Android app.

OPI has more levels of encryption than most, including Transport Layer Security (TLS) for communications. Other open source components include the Nginx web server, Dovecot IMAP server, Roundcube mail client, and Owncloud for contacts, calendar, and file sync. S3QL is used for backup, and a free dynamic DNS service is available.

Sherlybox (Sher.ly) -- Polish startup Sher.ly tapped the Raspberry Pi as the foundation for a privacy-oriented NAS device. The Sherlybox has already snagged its Kickstarter funding, but new funders can pile on for another few weeks, with products available for $149, or $199 with 1TB of built-in storage.

The Sherlybox creates a private cloud network that lets invited visitors share public data or add their own synced files. The device uses the same Sher.ly app already available for PC file sharing, and similarly sets up a peer-to-peer VPN. The file-sharing protocol is said to be 20 times faster than most CIFS/SMB based protocols. The Sherlybox also supports mobile device access, and provides streaming capability, supporting Plex.tv and XBMC.

The Sherlybox is equipped with WiFi, Ethernet, an HDMI port and audio jack. In addition to the 2.5-inch HDD bay, there's a USB 2.0 hub. The Raspberry Pi will eventually be swapped out for the new Raspberry Pi Compute Module. Sher.ly says it will publish APIs to enable third-party app development, but there are no open source promises.

TS-X51 Turbo NAS (Qnap) – Announced at last week's Computex show and due later this year, the TS-X51 is claimed to be the first NAS to offer private cloud sharing and advanced virtualization. In addition to the extensive suite of servers and other applications in the device's mature, Linux-based QTS stack, the TS-X51 adds video transcoding features.

The product family includes the dual-HDD bay TS-251, 4-bay TS-451, 6-bay TS-651, and 8-bay TS-851. Personal clouds can be created with a myQNAPcloud SmartLink Service that lets users control multiple Turbo NAS units from a single interface, and publish content to invited users from QTS services like Photo Station, Music Station, and File Station. For security, the VPN-like application provides SSL certificates up to 2,048 bits.

The TS-X51 doesn't go as far as the other private cloud devices in controlling all processes from the local device. The application uses Qnap's cloud server-based myQNAPcloud service as an intermediary for pointing users to authorized content. Yet, Qnap claims the files are encrypted and kept completely under the NAS owner's control. Another limitation is that it currently supports Windows desktop users only.

Qnap's solution may not work for everyone, but it introduces the private cloud concept to a much broader audience. Perhaps this will encourage other vendors of mainstream NAS devices, the vast majority of which run on embedded Linux, to develop further innovations.