In this thesis we introduce Tresorium, a cryptographic file system that is designed to run in the cloud. We then show a directory, key and file structure alongside with a synchronization algorithm. The synchronization algorithm is an algorithm that keeps a locally, changing directory synchronized with the cloud. The synchronization uses no locks, but only a server side service called the Etag, that only allows a client to modify an object in the cloud, if the client knows the most recent Etag of that object.
Comparing the Tresorit service that implements Tresorium with other services, we conclude that the Tresorit service is secure, however, it lacks some features. We primarily define the service being secure where at no point in time can any of the service’s entities see decrypted user data.
To add these features we propose a public directory structure, with as much functionality put in the cloud as possible. In this new structure we have a security drawback whereby the directory structure is revealed, but allows much more flexibility. Adding as much responsibility and logic as possible into the cloud, means that there will be less responsibility and logic needed within the synchronization clients.