PhantomFiles.io Security and Threat Model

Overview

PhantomFiles.io is designed to provide secure, ephemeral file sharing with end-to-end encryption. This document outlines the security measures implemented and the threat model considered in the design of the service.

Security Measures

1. End-to-End Encryption

• All files are encrypted in the user's browser before upload.
• Encryption method: PBKDF2-HMAC-SHA512 with 600,000 iterations.
• The encryption key NEVER leaves the user's device.

2. Filename Encryption

• Filenames are also encrypted using the same key as the file content.
• This prevents information leakage through filenames.

3. Secure Storage

• Encrypted files are stored on Cloudflare R2, which provides additional encryption at rest.

4. Secured File Room Concept

• Files are organized into "Secured File Rooms" AKA "File Rooms".
• Each room has a unique identifier: five random English words (e.g., "dash-level-car-baker").
• Room names are hashed using SHA-256 before being uploaded to our system.
• There are 100,000,000,000,000,000,000 different possible room names, and a Secured File Room is only accessible for 24 hours, before being securely deleted, along with all the files within it.
• Secure File Rooms are intended to share files, so they are publicly acessible if someone knows the room name. Note that someone still needs the encryption key to decrypt the file. Deriving this key will be tremendously difficult given the key derivation function used, as well as a 16 chararacter minimum for the password.

5. Ephemeral Storage

• Each Secured File Room has a lifespan of 24 hours.
• Files are automatically deleted from R2 storage after 24 hours.

6. Rate Limiting

• To ensure the integrity of our services and protect your Secured File Room files from unauthorized access, we rate limit critical API endpoints (Secured File Room access, User login paths) to prevent brute forcing of Secure File Room files. Note that the "My Vault" feature is not publicly accessible, and cannot be accessed by other users other than the account owner.

7. Authentication

• Sign-in is handled through Google OAuth.
• Only the user's email and name is stored, used for correlating with Stripe accounts for paid users.

Threat Model

What We Protect Against

1. Unauthorized Access to File Contents: Files are encrypted client-side, making them unreadable even if intercepted during transmission or accessed directly in the R2 storage bucket(s).
2. Metadata Leakage: Filenames are encrypted, limiting the information an attacker could gain from them.
3. Long-term Data Persistence: The 24-hour lifespan of Secured File Rooms ensures file data doesn't persist indefinitely. Note that this doesn't apply to the My Vault feature.
4. Brute Force Attacks: Rate limiting on key endpoints makes it difficult to brute force room names or file listings.
5. Service Operator Access: As the service operator can only see encrypted filenames, file sizes, and upload timestamps, they cannot access decrypted file contents or original filenames.

Potential Vulnerabilities and Limitations

1. Secured File Room Security: (As stated earlier) If a Secured File Room name is guessed or intercepted, an attacker could potentially access and download the encrypted files within the 24-hour window.
2. Client-Side Security: The security of the encryption key depends on the security of the user's device and browser.
3. Timing Attacks: An attacker might infer the existence of a room by timing differences in responses, even with rate limiting.
4. Legal Compliance: While the service operator cannot access file contents, they may be compelled to provide available metadata (encrypted filenames, file sizes, timestamps) to legal authorities.
5. Cloudflare R2 Security: The service relies on the security of Cloudflare R2 for storing encrypted files. If malicious actors were able to exfiltrate user-uploaded files, they would likely be unable to decrypt them given our derivation settings and password requirement for generating encryption key

Best Practices for Users

1. Use strong, unique passwords for encryption.
2. Keep Secured File Room names confidential and transmit them securely.
3. Be aware that Secured File Rooms and their files are currently only available for 24 hours.
4. Understand that while the service is designed for security and privacy, it's not intended for storing or transmitting illegal content.

Last updated: October 3rd, 2024