Secure and Selective Backup/Restore on Cloud

Just an Idea for simple utility that helps to take Secure and Selective Backup/Restore on Cloud

Helpful Features
Backup on Cloud

1.       User identifies selective backups to be taken.
2.       The backups may pertain to File or Email or Database.
3.       The files may exist in Traditional or Hosted or Cloud Environment.
4.       Processing
a.       SHA-2, a set of cryptographic hash functions will be used to calculate cryptographic hash value for backup files.
b.      Compression of Backup files
c.       Hybrid Encryption
                                                i.      Compressed backup files will be encrypted with AES-128bit. AES is a faster encryption technique. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
                                                             ii.      The algorithm described by RSA is an asymmetric-key algorithm, meaning the different key is used for both encrypting and decrypting the data. We will generate Public and Private Key. AES symmetric-key will be encrypted with the use of Public Key. Private Key will be made available to user.
                                                            iii.      Essentially, AES encrypted data and RSA encrypted AES keys will be stored on cloud. If user doesn’t have private key, he/she can’t decrypt the AES keys and thus encrypted data won’t be of any use to person who doesn’t have the Private Key.
5.       Once the processing is completed; Backup data (Full + Incremental) will be copied to local machine as well as Public Cloud. Backup files will be available on Private Cloud. If Storage space is not available on Private Cloud; backup files will be stored on Public Cloud.
6.       Obsolete backups are removed after specified time period.
7.       Backup files will be stored in multiple regions.
8.       Completely processed files will be stored in Public or Private Cloud else they will be removed.

Restore from Cloud

1.  Backup datasets will be fetched from the local (For current month’s data restore) or cloud environment.
2.       Processing
a.       Backup files will be decrypted.
                                                               i.      With the use of Private Key, AES symmetric keys will be decrypted. With decrypted AES key, backup files will be decrypted.
b.      All decrypted files will be uncompressed.
c.       Cryptographic hash value will be computed on files and verified against the original one.
                                                               i.      If message digest calculation fails then it can be considered and integrity has been compromised at some level and that restoration will be discarded.
3.       Once we have all backup files after integrity verification; restoration process will be done.
4.       Backup drills will be performed to verify the restoration process.

5.       Restore Utility will be locked if process fails thrice.

Labels: ,