Linked by Thom Holwerda on Fri 21st Mar 2014 16:56 UTC
Internet & Networking

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

Right. Because, as we all know, European governments did not fully comply with the US spying programs, nor have they similar programs of their own.

High time some smart company develops a very simple and straightforward 'personal cloud'; a simple, large box with loads of storage that you dump in the basement somewhere, with pre-configured email, internet storage, and so on. Also offer the ability to have multiple of these things tied to the same account for data duplication, so you can, say, dump one of them at a trusted friend's home. Make it platform-agnostic and encrypted, et voila.

Doesn't sound like something that's terribly hard to do.

Order by: Score:
And can you trust...
by Arawn on Fri 21st Mar 2014 17:20 UTC
Arawn
Member since:
2005-07-13

... the firmware?

Don't get me wrong, the idea is great and I think it's the way to go. What I say is that it has to be with verifiable open source hardware, open source firmware and open source software.

A thought crossed my mind yesterday as I was reinstalling a recently designed laptop. It has Windows 8.1 pre-installed and it crossed my mind the problem that Secure Boot poses to open source O.S. And it dawned on me that we might be witnessing a rift opening in what has been basically a single platform for 30 years: the IBM PC compatible, based on x86 compatible processors and capable of running not only MS Windows but also a lot of other O.S. With this latest move from MS with Secure Boot, we might well witness the dawn of computers designed specifically to run other O.S. beside MS Windows, eg. Linux based distros or Haiku.

That would be very interesting development indeed.

Reply Score: 6

static firmware
by TechGeek on Fri 21st Mar 2014 17:39 UTC
TechGeek
Member since:
2006-01-14

Time to go back to static firmware. Back in the days of the Pentium 166, processors couldn't really be updated. Time to go back to a time when chips had to be changed to make firmware changes. Then, on top of open source firmware, you have some measure of security.

Reply Score: 3

RE: static firmware
by jgagnon on Fri 21st Mar 2014 19:19 UTC in reply to "static firmware"
jgagnon Member since:
2008-06-24

When was the last time you disassembled your firmware? All static firmware does is promote the idea of getting it wrong in subtle ways the first time that could be capitalized on later. And don't forget that back in those days you could still pop out the ROM/PROM/EEPROM chip and replace it with another (or reprogram it with the right hardware).

Reply Score: 4

RE[2]: static firmware
by p13. on Fri 21st Mar 2014 22:32 UTC in reply to "RE: static firmware"
p13. Member since:
2005-07-10

Ummm ...

You guys are talking about microcode, not firmware.
Remember the f00f bug, and the HLT bug? Yeah glad microcode is update-able now.

However ... it is not stored on ROM. It's loaded in runtime.

Edited 2014-03-21 22:33 UTC

Reply Score: 6

Super private clouds
by peejay on Fri 21st Mar 2014 17:48 UTC
peejay
Member since:
2005-06-29

...so you can, say, dump one of them at a trusted friend's home.

This assumes you have friends. ;)

Reply Score: 9

RE: Super private clouds
by Lennie on Sat 22nd Mar 2014 14:58 UTC in reply to "Super private clouds"
Lennie Member since:
2007-09-22

I've never understood this friend's house suggestion.

When you store it at off-site (friend or payed hosting, read: cloud) you need to encrypt it first.

It's just a backup, right ? So encrypt it before it leaves your home.

Trying something like:
http://duplicity.nongnu.org/

(and maybe one of it's friends like: deja-dup)

No, you're real problem is: key-management.

When you encrypt something, you have a key/passprase/something. And if you want proper encryption, it can't be something small like an 8 character password.

Do your print it on paper and store it somewhere, maybe in a save deposit box ?

That really is what some people do with Bitcoins, it's called a paper wallet.

Reply Score: 5

RE[2]: Super private clouds
by woegjiub on Sat 22nd Mar 2014 22:22 UTC in reply to "RE: Super private clouds"
woegjiub Member since:
2008-11-25

Key management is no problem at all - it's 2014, you're using a password manager, right?

Reply Score: 1

RE: Super private clouds
by spudley99 on Mon 24th Mar 2014 13:02 UTC in reply to "Super private clouds"
spudley99 Member since:
2009-03-25

...so you can, say, dump one of them at a trusted friend's home.

This assumes you have friends. ;)


And even more implausibly, that you have trusted friends.

Edited 2014-03-24 13:08 UTC

Reply Score: 2

why this is really a US problem
by TechGeek on Fri 21st Mar 2014 17:51 UTC
TechGeek
Member since:
2006-01-14

As much as I see people like Thom blaming everyone, this is and always has been primarily a US problem. Let me explain why.

The telecomm industry grew out of the US. Lets face it, we invented telecomm. From stringing our country with miles of copper to creating the internet at DARPA, we really started the telecomm industry. As a result, most if not all major IT players are based in the US. If we want to talk about hardware, we have Intel, IBM, and Cisco. If we want to talk about software we have Microsoft, Oracle, IBM. If you want to talk services, we have Google, Facebook, SalesForce, Microsoft, etc.

We are a one stop shopping mall of companies that can be co-opted into doing whatever the US wants. Do you honestly think that Brazil, Canada, Ireland, or any other single country has the leverage to make Cisco or Intel put back doors into their systems like the US?

As such we hold more power then anyone else, and we are the ones that need to change.

Edited 2014-03-21 17:51 UTC

Reply Score: 9

RE: why this is really a US problem
by RobG on Mon 24th Mar 2014 16:41 UTC in reply to "why this is really a US problem"
RobG Member since:
2012-10-17

That's if you ignore the Hungarian who evented the telephone exchange, Innocenzo Manzetti who is often credited with invention of the telephone (Bell just patented it) and many other pioneers.

Reply Score: 2

It's not so complicated
by novad on Fri 21st Mar 2014 18:02 UTC
novad
Member since:
2010-06-10

Once again... Sorry for my english but...

I can only say that this is a blessing to my ears:

High time some smart company develops a very simple and straightforward 'personal cloud'; a simple, large box with loads of storage that you dump in the basement somewhere, with pre-configured email, internet storage, and so on. Also offer the ability to have multiple of these things tied to the same account for data duplication, so you can, say, dump one of them at a trusted friend's home.

This is EXACTLY what I try to do and try do convince my friends to do. When you really look at it it's not so complicated (Even if I agree it's not out of the box)

What do people really need? :

- Mail
- CMS (data not web)
- Website (Far stretched for simple endusers but let's go for it)
- Replication for safety

How can you do that quite easily today? :

1) Virtualisation (Hyper-V 2012R2 free would be a good choice for its replication abilities)
2) Zimbra for mails. It's (resonably) easy to install and rock solid. It can run on Ubuntu LTS.
3) As CMS (Data) you could use plone or maybe Silverpeas (a bit complicated to install but quite nice once it's up and running). It can also run on Ubuntu LTS.
4) For websites there is an infinite choice. Let's just mention Joomla. Once again it can run on Ubuntu LTS

With two boxes installed in the exact same way you can configure replication over slow lines with Hyper-V

Costs:

- Hardware (Can perfectly run on a machine with 8 cores and let's say 12GB of RAM)
- Time: One day to set everything up when you know a bit those tools.

Everything is based on FREE operating systems and software with at least 5 years of support for each OS

I can only encourage everyone with some IT knowledge to do the same.

Reply Score: 4

RE: It's not so complicated
by WorknMan on Fri 21st Mar 2014 18:14 UTC in reply to "It's not so complicated"
WorknMan Member since:
2005-11-13

I can only encourage everyone with some IT knowledge to do the same.


Yeah, doing all that work to secure my grocery list and other random stuff I have stored in the cloud sounds like a swell idea.

Reply Score: 2

RE[2]: It's not so complicated
by novad on Fri 21st Mar 2014 18:25 UTC in reply to "RE: It's not so complicated"
novad Member since:
2010-06-10

You don't have to if you have only a grocery list to keep safe or if you don't want to.

As for myself I use a similar installation since 5 years and have everything on it. I store every single administrative document / pic / video / work stuff / mail / etc etc etc.

And yes... Everything is secured ;)

Wherever I am I just need a connection to access everything I could ever need. It would really be a handicap for me if I had to give that up.

Edited 2014-03-21 18:31 UTC

Reply Score: 3

RE[2]: It's not so complicated
by RobG on Mon 24th Mar 2014 16:42 UTC in reply to "RE: It's not so complicated"
RobG Member since:
2012-10-17

I see a good argument for secure by default - otherwise the presence of something encrypted will raise alarms.

Make them work to see the mundane.

Reply Score: 2

RE: It's not so complicated
by Morgan on Fri 21st Mar 2014 21:38 UTC in reply to "It's not so complicated"
Morgan Member since:
2005-06-29

This all assumes you can trust Ubuntu.

Reply Score: 4

RE[2]: It's not so complicated
by hallux on Fri 21st Mar 2014 22:55 UTC in reply to "RE: It's not so complicated"
hallux Member since:
2013-12-08

This also assumes you can trust Linus Torvalds, et al.

Even if, however, everything we use is potentially compromised, if we use as many layers of security as we're willing to tolerate, one assumes at least that it will make it markedly more difficult for the spies. If you make it difficult enough, maybe they'll only have the resources to spy on a select subgroup of EVERYONE and will therefore have to pick and choose whom they spy upon.

It's not a perfect solution, but forcing spies to think carefully before spying on Americans versus indiscriminately spying on everyone would mean that at least SOMEONE is paying attention to what they're doing, which would be better than the situation we currently have, in which NO ONE knows what they're doing, because the way the laws are written now, the US intelligence services are functionally answerable to NO ONE, and that's NOT how it's supposed to be.

Without freedom--of speech, of thought, of movement, and of association, and the right to vote, THERE IS NO democracy. Without democracy, there can only be tyranny of one form or another. Even benign-seeming tyranny, as for example under a "good king" is still tyranny. No matter how good he might be, no matter how noble and virtuous and fair, you have now way of knowing how his KID is going to turn out, and in a hereditary monarchy, you're stuck with him.

We owe it to ourselves, we have a moral obligation to each other, to our children and the world at large, if not in fact a legal obligation, to maintain control over the slavering beast that is the United States Government, for it is more fearsome than anything else on this Earth.

Said control can only realistically be exercised if we are free both to talk and to listen, and if we exercise and defend vigorously every right we have, for rights are the legal framework upon which are written the rules and regulations that protect us from our government. If our rights can be ignored, pushed aside, suspended, revoked, or twisted and perverted into uselessness, then our so-called "leaders" have authority *without* responsibility, which has been proven time and again throughout history to be a very, VERY bad thing.

Oh, btw... on the original topic, you can get a number of different OS's, completely OSS, and maybe even Free/Libre to boot, packages that you can run off a CD/DVD so you know it won't be modifiable once written, (or write to a USB stick if you prefer, though you are rolling the dice there,) that can have an HDD mounted to it, that will let you use a secure OS, such as based on Linux or one of the Unices, at least one of which comes configured with TOR only, (look up pressfreedomfoundation.org for more info on this,) which you can probably SSH into remotely to access your files, (you'd have to leave your computer running while away, so there is a financial cost, unless you live somewhere where electricity is free,) but that would give you, once properly set up, a personal, secure, internet-accessible cloud that you can use on-the-go from a similarly secured mobile device.

Downloading one, verifying its sha256 checksum is valid, burning it to a disc, and then (if you feel it's necessary, depending on how paranoid you are,) slapping that disc into a READ-ONLY device, (NOT A BURNER,) would give you the ability to know you have a fresh, new, clean install EVERY TIME YOU BOOT. If you know what you're doing, you could even make your own custom image, I think, that if you have enough RAM, loads to memory the entire OS and would therefore be extremely fast. Then it could act as a server for files on your standard HDD that would be mounted after booting.

My point is that I don't think anyone has to MAKE something like what the OP wrote about, I think that's all already out there.

Edited 2014-03-21 23:07 UTC

Reply Score: 1

RE[2]: It's not so complicated
by novad on Sat 22nd Mar 2014 03:16 UTC in reply to "RE: It's not so complicated"
novad Member since:
2010-06-10

This all assumes you can trust Ubuntu.


Or if you can trust MS (with Hyper-V), or if you can trust Plone/Zimbra/Silverpeas/Joomla.

100% safety doesn't exist but at least you can admit that those products don't send spontaneously data to whomever. If it was the case this would have been detected since quite a long time (Network traffic auditing)

Let's say it like this. I trust more an installation based on solid and mostly open source software behind a well configured firewall than a cloud provider in the US.

Reply Score: 1

RE[3]: It's not so complicated
by Morgan on Sun 23rd Mar 2014 17:20 UTC in reply to "RE[2]: It's not so complicated"
Morgan Member since:
2005-06-29

I never said I didn't trust Ubuntu; in fact I'm typing this from Ubuntu 13.10. I was just making a point about how deep one would need to go to truly trust their system. For me, Ubuntu is trustworthy enough; I would trust Slackware a little bit more because Pat stays as close as possible to the original code. But Ubuntu is easier to set up and get everything running, so it has a prominent place in my workflow.

I think there may be some folks out there who will compile LFS on a system they built, with firmware they reverse engineered and audited, in order to have what they consider a fully trusted system. I'm not that paranoid though; I feel that the major GNU/Linux distros and the BSDs are trustworthy enough for daily use. I'm beginning to wonder about Windows and Mac OS though.

Reply Score: 2

RE: It's not so complicated
by Alfman on Sat 22nd Mar 2014 04:03 UTC in reply to "It's not so complicated"
Alfman Member since:
2011-01-28

novad,

There are lots of ways you can run your own services, I've been doing it for myself and others.

Costs:
- Hardware (Can perfectly run on a machine with 8 cores and let's say 12GB of RAM)
- Time: One day to set everything up when you know a bit those tools.


How did you come up with these requirements? Unless your doing unusual processing on the server, they're usually IO limited rather than CPU limited, so this 8 core beast would mostly sit idle all the time. For a personal storage system, even a low power ARM processor used in typical NAS arrays should be able to to completely saturate a WiFi link, and come close to saturating a gigabit link for example.


I can only encourage everyone with some IT knowledge to do the same.


It can be fun and educational, but it can be time consuming. I've kind of backed away from some of these projects that I used to work on, not because I lost interest or inclination, but because I had kids.

Reply Score: 5

RE[2]: It's not so complicated
by novad on Sat 22nd Mar 2014 05:07 UTC in reply to "RE: It's not so complicated"
novad Member since:
2010-06-10

Hello Alfman


How did you come up with these requirements? Unless your doing unusual processing on the server, they're usually IO limited rather than CPU limited, so this 8 core beast would mostly sit idle all the time. For a personal storage system, even a low power ARM processor used in typical NAS arrays should be able to to completely saturate a WiFi link, and come close to saturating a gigabit link for example.


I agree with you concerning the CPUs. They would mostly sit there doing nothing. It's more for the comfort of use for the few cases where you need performance that I recommend 8 cores. This also gives you some margin if you want to install additional systems in your hypervisor. (I'm not a great fan of CPU over over commitment)

For the memory I think this is quite accurate. Zimbra (in my example) consumes quiet a lot of memory as does JBOSS (Still in my config). You can certainly reduce that with other products but once again. It's nice if you want to extend the use of your hypervisor (BTW... Memory is so cheap actually that I don't see a reason to spare on this)

It can be fun and educational, but it can be time consuming.


It can be time consuming if you start from scratch with tools you don't know (That's sure ;) ) but once you have chosen and understood the tools that fit your needs it's quite fast and, in the long term, can saves you a lot of time in your daily tasks (It does it for me)

In the end everyone chose what fits him the best:

- Handmade config: Most flexibility (and probably most security) but a lot of work
- Out of the box solution (QNAP / Synology / ...): Quick and eays to set up if you want to keep data at home but less flexible than handmade.
- Cloud provider: Zero security but nothing to do except paying. That's the most easy solution for non sensible data

Reply Score: 0

Personal Cloud
by tanishaj on Fri 21st Mar 2014 18:57 UTC
tanishaj
Member since:
2010-12-22

High time some smart company develops a very simple and straightforward 'personal cloud'; a simple, large box with loads of storage that you dump in the basement somewhere, with pre-configured email, internet storage, and so on. Also offer the ability to have multiple of these things tied to the same account for data duplication, so you can, say, dump one of them at a trusted friend's home. Make it platform-agnostic and encrypted, et voila.


Am I missing something or isn't this a standard part of many NAS devices? They have email, storage (obviously), database, backup, duplication, and many other applications built in. QNAP has a personal cloud built into their boxes for example.

https://www.myqnapcloud.com/?lang=en

Of course, you still have to connect via the Internet so you are not really protected. I have read that even encrypted VPN was insufficient to block the NSA.

That is assuming you also trust the hardware (firmware).

Reply Score: 4

RE: Personal Cloud
by ricegf on Sat 22nd Mar 2014 13:13 UTC in reply to "Personal Cloud"
ricegf Member since:
2007-04-25

A true one-time pad shouldn't be decipherable by anyone (I think?). Since you set up the server, and you access it remotely, you should be able to replicate the pad securely. Am I missing something?

Of course, if your OS was compromised and your one-time pad was on disk, you'd be compromised. But you could always keep the pad on a custom SD card that could only be read once (using some hacked firmware on the card itself).

Say, how paranoid do I need to be? I'm scaring me here... :-D

Reply Score: 2

RE[2]: Personal Cloud
by Alfman on Sat 22nd Mar 2014 15:11 UTC in reply to "RE: Personal Cloud"
Alfman Member since:
2011-01-28

ricegf,

A true one-time pad shouldn't be decipherable by anyone (I think?). Since you set up the server, and you access it remotely, you should be able to replicate the pad securely. Am I missing something?



A one time pad works because the ciphertext could equal ANY plaintext in perfectly equal distribution, so probability attacks are impossible. The only indication the eavesdropper would have is message length (and that could be hidden by padding the message with random numbers). So you are correct that it's not decipherable. However how do you transfer it securely? For every bit you'd want to transfer to a remote system, you'd consume a bit of your one time pad. It's a catch-22. In practice what we can do is transfer the parameters to a pseudo random number generator such that both sides can generate the same sequence of random numbers. These random numbers get used similarly to a onetime key, this is how streaming ciphers like RC4 work.

Unfortunately it's exactly this sort of "compression" that makes statistical analysis possible. The weakness with all symmetric ciphers is that the more they get used in between key updates, the stronger it's fingerprint. An AES key is usually considered good for a couple hundred megabytes, maybe a gigabyte. Less is better, but that implies you need another mechanism on top of AES to exchange symmetric keys.

So in practice AES is used with an asymmetric algorithm, SSL servers for instance use RSA public key certificates. Unlike symmetric ciphers, RSA security is based on the mathematical difficulty of factoring primes. If you can solve this problem then you've broken the underpinnings of the remainder of the cryptographic toolchain.

Shor's algorithm exists to do just this, but it requires theoretical quantum computers to execute.
http://tph.tuwien.ac.at/~oemer/doc/quprog/node18.html


http://blog.kaspersky.com/quantum-computers-and-the-end-of-security...
By the way, good symmetric algorithms, e.g. AES, don’t have flaws allowing that kind of dramatic bruteforcing speedup. By existing estimates, bruteforcing 256-bit AES key on quantum computer is equal to bruteforcing 128-bit AES on a classic computer, so security levels remain very high.



Of course, if your OS was compromised and your one-time pad was on disk, you'd be compromised. But you could always keep the pad on a custom SD card that could only be read once (using some hacked firmware on the card itself).


Well, it seems like quantum mechanics offers an easier and more secure approach. Two quantum entangled atoms can output the same infinite random sequence at separate locations. This makes for an ideal source of randomness for a one time pad. I've read that prototypes of this technology have had implementation flaws, but I don't know the details.

Reply Score: 4

RE[3]: Personal Cloud
by ricegf on Sat 22nd Mar 2014 17:12 UTC in reply to "RE[2]: Personal Cloud"
ricegf Member since:
2007-04-25

However how do you transfer it securely?


That was the point of my post. I must not have been clear (sorry).

* You set up the server.
* You use an offline computer to create the one-time pad and write the one-time pad to two one-time-read SD cards.
* You place one SD card in your server and the other in your wallet for use in connecting to your server.

This avoids the transfer problem entirely. It's a special case, of course, but it is the special case that we're discussing in this thread.

Does that clear up why a one-time pad works in this instance?

t seems like quantum mechanics offers an easier and more secure approach


More secure, yes, but easier?? Where do I buy a quantum server to put in my basement, and a quantum smartphone to carry around with me, pray tell?

Reply Score: 2

RE[4]: Personal Cloud
by Alfman on Sat 22nd Mar 2014 21:44 UTC in reply to "RE[3]: Personal Cloud"
Alfman Member since:
2011-01-28

ricegf,

Where do I buy a quantum server to put in my basement, and a quantum smartphone to carry around with me, pray tell?



My knowledge of quantum physics drops off sharpy. However I do know that quantum encryption does not require a quantum computer, only a quantum event source + detector + a suitable transmission medium. These exist today in their infancy. Take a look at the link, the device is fairly small and it will get smaller.

http://www.technologyreview.com/view/514581/government-lab-reveals-...

The suitable transmission medium part is a major problem though. The photon received must be quantum entangled with the source, it won't work across switched networks. So it needs new infrastructure. So it would seem you are right, this tech is not going to reach mobile users soon.


I found today a company offering quantum encryption for a hub&spoke network targeting power grid security.
http://gridcomtechnologies.com/

This might not be a bad idea for applications where the hub is trusted by the "spokes". However in a residential scenario the ISP is the hub, yet the ISP is NOT trustworthy from our point of view.


I found this too, quantum encryption for wireless devices may be on the horizon.
http://www.extremetech.com/extreme/165281-new-breakthrough-could-br...

However I'm skeptical about it and if the quantum encryption is only used to encrypt traffic between the cell phone and the cell tower (rather than end to end), well that's already useless since we know the wiretaps are at the telcos.



Going back to your idea...
* You set up the server.
* You use an offline computer to create the one-time pad and write the one-time pad to two one-time-read SD cards.
* You place one SD card in your server and the other in your wallet for use in connecting to your server.


Unless you are solving some other logistics problem, I don't think having an "offline computer" enhances security in this case. So the server or client might as well generate the one time key pad themselves. I think an SD Card is less secure than transferring the keys to an internal disk/device, consider that the SD card is easier to physically swipe/copy. However that doesn't change the principal of your idea.


Of course if you can physically reach the server to resync the one time key pads periodically before running out, then your solution is completely legitimate. But what if you could periodically resync your one time keys over a quantum secured link at home and a distant server when you place your phone in the charging/syncing cradle? That would give you the security of one time keys. Of course this is not much help today without a quantum capable infrastructure.

Reply Score: 3

RE[5]: Personal Cloud
by ricegf on Sun 23rd Mar 2014 12:00 UTC in reply to "RE[4]: Personal Cloud"
ricegf Member since:
2007-04-25

I've been fascinated by quantum computing and quantum encryption for some time, but I don't see it as a solution I can afford to deploy today.

Unless you are solving some other logistics problem, I don't think having an "offline computer" enhances security in this case.


Consider the scenario where the computer generating the one-time pad has been remotely compromised - I contend this is not an unlikely case. If online, the pad is immediately copied to the NSA (or whoever). If offline... well, they'd need physical access.

This is the same rationale for keeping the private key for your virtual currency on an off-line computer. Do you consider that to add no value, either? I respect your opinion, but I believe you're missing a significant threat in this case.

I think an SD Card is less secure than transferring the keys to an internal disk/device, consider that the SD card is easier to physically swipe/copy.


One of us isn't thinking this through. Sure hope it's not me! ;-)

Consider my one-time read SD card, as discussed recently on this site (to wit, the firmware in an SD card can be hacked).

If an adversary remotely accessed and copied the SD card, what would that accomplish? When I attempted to establish an encrypted link, the link would fail - the SD card would be blank. This is similar to quantum encryption, which doesn't actually prevent interception of data, it just ensures that you know it has been intercepted (because you can no longer communicate).

I selected a hacked SD card as a cheap way to add one-time read-only storage to the device. If you just stick the pad on your disk, as you suggest, then your server can be hacked and the pad copied. As far as I know, a hacked SD card can't be re-hacked via a remote connection. (I've actually designed a similar system for secure communication in a corporate environment - the hacked SD card is just a cheaper solution that occurred to me while writing earlier in this thread.)

Of course, if physical access to the server is gained by your adversary, the card could be copied and a new hacked SD produced and placed in the server. But then, even if you were using quantum encryption, you're screwed if the adversary has physical access to an end point!

Am I missing something?

Reply Score: 2

RE[6]: Personal Cloud
by Alfman on Mon 24th Mar 2014 03:16 UTC in reply to "RE[5]: Personal Cloud"
Alfman Member since:
2011-01-28

ricegf.

I've been fascinated by quantum computing and quantum encryption for some time, but I don't see it as a solution I can afford to deploy today.


For quantum computing you are right, after hundreds of millions of dollars in research, humanity still doesn't have viable quantum computing yet. However quantum encryption is already here. It is still in the domain of early adopters, but in a few years it will just be another commodity component that we will throw away when it's time to replace our computers (like ram, disk, wifi radio, etc).



Consider the scenario where the computer generating the one-time pad has been remotely compromised - I contend this is not an unlikely case. If online, the pad is immediately copied to the NSA (or whoever). If offline... well, they'd need physical access.



This doesn't make sense to me in context of the previous example though. The online client and server computers NEED copies of the one time pad, this is unavoidable. A compromised server or client will defeat a onetime key pad security regardless of what happens to your offline computer. I really don't understand how the offline computer is going to enhance your security, it's one ADDITIONAL copy of the key pad that you'd have to protect.


One of us isn't thinking this through. Sure hope it's not me! ;-)

Consider my one-time read SD card, as discussed recently on this site (to wit, the firmware in an SD card can be hacked).

If an adversary remotely accessed and copied the SD card, what would that accomplish? When I attempted to establish an encrypted link, the link would fail - the SD card would be blank.



This seems illogical to me. If the legitimate machine can read & use one time key on the SD card, then why can't the attacker? Conversely, if the attacker cannot read the SD card, then how can the legitimate machine do so?


I selected a hacked SD card as a cheap way to add one-time read-only storage to the device. If you just stick the pad on your disk, as you suggest, then your server can be hacked and the pad copied. As far as I know, a hacked SD card can't be re-hacked via a remote connection. (I've actually designed a similar system for secure communication in a corporate environment - the hacked SD card is just a cheaper solution that occurred to me while writing earlier in this thread.)


I'm not really clear what you mean, can you give a link to what you are referring to? When it comes to one time key pads, what security advantage would read only SD cards give you?


Of course, if physical access to the server is gained by your adversary, the card could be copied and a new hacked SD produced and placed in the server. But then, even if you were using quantum encryption, you're screwed if the adversary has physical access to an end point! Am I missing something?


For example, with colocated servers, it might only take 250ms to swipe your SD card without staff seeing. Having an external SD card permanently exposed seems to just be tempting fate.

Reply Score: 2

RE[7]: Personal Cloud
by ricegf on Mon 24th Mar 2014 04:44 UTC in reply to "RE[6]: Personal Cloud"
ricegf Member since:
2007-04-25

Ah, I see where you lost me. I'm not talking about a read-only SD card, but a read-once SD card.

SD cards contain a microprocessor that can be reprogrammed, given physical access to the card. Read this before continuing:

http://www.zdnet.com/sd-cards-hacked-7000024686/

So, a reasonably competent hacker, for little money, could program the SD card to allow data to be written to the card normally, but to delete data as it is read.

Thus, a one-time pad written to this hacked SD card is destroyed as it is used. If your server is hacked remotely, and the attacker copies the one-time pad, he also destroys the one-time pad - so that compromised keys can't be inadvertently used for communication.

This is similar to quantum encryption, which destroys the payload when read (even by an interloper), except that my approach is technically achievable today by a competent hacker for little incremental cost relative to a common personal server.

As to the advantages of an off-line encryption key generator, I can't explain that more clearly than the many papers on virtual currencies, so I'll just suggest that you read those instead. Bottom line is that encryption keys that you really want to protect should be generated offline, and then the private key zealously protected.

Hope this clears up what I'm suggesting. The use of a read-once SD card in this context is an original idea as far as I know, so I understand why you didn't follow. I should have started with a link to the article on hacking the microprocessor in an SD card - sorry.

Reply Score: 2

RE[5]: Personal Cloud
by zima on Wed 26th Mar 2014 23:27 UTC in reply to "RE[4]: Personal Cloud"
zima Member since:
2005-07-06

So it needs new infrastructure.

I kinda doubt we'll ever have this... what would be the motivation for govs to give us so powerful encryption methods? (isn't present encryption basically good enough for "citizen uses" as far as govs are concerned?)

Reply Score: 2

How is it that simple?
by Dasher42 on Fri 21st Mar 2014 19:01 UTC
Dasher42
Member since:
2007-04-05

This obviously isn't a complete solution. The reach of the NSA obviously doesn't stop at the US borders, especially where the internet is concerned. They monitor traffic where they want. That's why Merkel has to think twice about the privacy of her communications.

Moreover, they've actively intercepted shipments of hardware and implanted bugs, as Thom himself has documented: http://www.osnews.com/story/27488/Documents_reveal_top_NSA_hacking_...

Hey, I like the concept of having my own cloud, and I'm looking to build something that doesn't have PHP crap in its stack, and I'm all for leaving the geographic locations where governments won't be accountable for their behavior. Let's just not pretend that the problem's solved with such simple solutions.

Reply Score: 6

RE: How is it that simple?
by jgagnon on Fri 21st Mar 2014 19:24 UTC in reply to "How is it that simple?"
jgagnon Member since:
2008-06-24

Exactly! If you want your stuff to be safer, keep it stored on a machine that is NOT connected to the Internet and then sneaker-net your data to whatever machine you're taking with you when you go somewhere. Chances are very good that if you can get at your data remotely then someone else can, too.

Reply Score: 5

RE[2]: How is it that simple?
by Nth_Man on Sat 22nd Mar 2014 00:00 UTC in reply to "RE: How is it that simple?"
Nth_Man Member since:
2010-05-16

I just wanted to add that Bruce Schneier said that:

every time a file moves back or forth, there’s the potential for attack.
And air gaps have been breached. Stuxnet was a U.S. and
Israeli military-grade piece of malware that attacked the Natanz nuclear plant in Iran. It successfully jumped the air gap and penetrated the Natanz network. Another piece of malware named agent.btz, probably Chinese in origin, successfully jumped the air gap protecting U.S. military networks.

There's more in:
http://www.spinellis.gr/cgi-bin/comment.pl?date=20131021
http://www.wired.com/opinion/2013/10/149481/

Edited 2014-03-22 00:00 UTC

Reply Score: 4

RE[3]: How is it that simple?
by unclefester on Sat 22nd Mar 2014 08:04 UTC in reply to "RE[2]: How is it that simple?"
unclefester Member since:
2007-01-13

Why are governments using a non-secure commercial OS for Top Secret operations? This type of work should use a combination of custom hardware (with no physical access for users) and a hardened in-house OS (eg. a custom BSD)

Reply Score: 2

RE[4]: How is it that simple?
by Darkmage on Sat 22nd Mar 2014 10:12 UTC in reply to "RE[3]: How is it that simple?"
Darkmage Member since:
2006-10-20

Basically I forsee this as contributing to the overall collapse of the US based software industry. I expect once we see a couple of governments switch to open source software entirely, and start saving billions in licensing fees the collapse will really begin to occur. Remember it's not when a government starts the conversion that the pain begins. It's once high quality free replacements for all the tools that the government uses. Both front office and back office tax software, medical records software etc. Once all that stuff is freely available for anyone to download, and the updates keep coming out of governments who are actually using the software. That's when you'll start seeing the industry shaking to it's core. Why pay someone for a license, when you can charge the client $200/seat for support, and pocket the entirety of the $200 for yourself? I work for several Medium-Large businesses and many schools, and not one of them ever calls Microsoft for support. They call US for support, we look on google. Microsoft only gets involved over licensing issues which non-proprietary software doesn't have issues with. Yes an application might need paid support, but we never get paid support for the OS or the office suite. Microsoft needs us and our clients a lot more than we need them. I suspect this could also open up entirely new markets in third world countries. If South America gets in early, we could all end up paying them for technician training to support open source government systems. It's not hard to learn, and the cost savings can be dramatic and large for a middle-man organisation.

Edited 2014-03-22 10:15 UTC

Reply Score: 3

Comment by ChrisDMarshall
by ChrisDMarshall on Fri 21st Mar 2014 19:44 UTC
ChrisDMarshall
Member since:
2014-03-21

I find it interesting that companies are moving away from US suppliers because of NSA spying, can you honestly say that you believe that European Governments are not doing exactly the same thing? We know the UK is doing it and it stands to reason that most others are doing it too?

I do like the idea of a personal cloud, the important thing would be to ensure that you have good encryption between the devices to ensure the governments are not snooping on the data being transferred.

Edited 2014-03-21 19:46 UTC

Reply Score: 3

the main difference
by gus3 on Sat 22nd Mar 2014 16:15 UTC in reply to "Comment by ChrisDMarshall"
gus3 Member since:
2010-09-02

The main difference between the US spying on its citizens, and the EU spying on its citizens: The US got caught.

Reply Score: 1

Comment by ManInStreet
by ManInStreet on Fri 21st Mar 2014 21:03 UTC
ManInStreet
Member since:
2014-03-21

Doesn't sound like something that's terribly hard to do.

Well it is here in the US when you have programs that intercept hardware shipments at Amazon and other distributors and rig them:

http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue

And are you missing the coverage on Lavabit trying to fight the DOJ legal orders?

If they feel someone here in the States is running a difficult-to-eavesdrop operation, they take preemptive action against them. With the so-called "Patriot" Act, an innocent-until-proven-guilty model of the law was COMPLETELY abandoned. [Stephen Colbert quote: "We the people voted for the Patriot Act. We voted for the people who reauthorized it, and re-reauthorized it. The American people have spoken. You don’t change horses in mid-wiretap."] FYI: I didn't vote for them; I registered to vote, showed up at the polls, and wrote in "none of the above".

Go overseas, young man!

PS You are not covering the Hotmail+Outlook legal agreements that permit Microsoft to read AND DISCLOSE any communication handled by their software.

<cough>I can completely assure you that the lack of antitrust prosecution to date at the DOJ has nothing to do with the fact that they have an agreement to surrender such information whenever certain people in law enforcement need it...</cough>

PS: This post is by an American who would like to see a restoration of a rule of law here; that would like to see violent white collar criminals prosecuted, but has experienced for years nothing of the sort.

(And the violence allegation is not at all directed at Microsoft; but as to Microsoft, starting in 2000 they got out of control and are not only hurting all of us Americans, but even themselves. They just haven't understood how, as of yet...)

Reply Score: 5

RE: Comment by ManInStreet
by umccullough on Mon 24th Mar 2014 16:03 UTC in reply to "Comment by ManInStreet"
umccullough Member since:
2006-01-26

FYI: I didn't vote for them; I registered to vote, showed up at the polls, and wrote in "none of the above".


Interesting strategy... what's your ultimate plan there?

PS: This post is by an American who would like to see a restoration of a rule of law here; that would like to see violent white collar criminals prosecuted, but has experienced for years nothing of the sort.


I humbly suggest you maybe start communicating more directly with your representatives (that you didn't vote for), and let them know how you feel about the things that they are voting on. Maybe that will help them understand how their constituents feel about the laws they write, sponsor, and vote on. Simply hoping for things to change probably isn't gonna yield much result.

Even though it's mostly pointless, I have sent numerous correspondence to Feinstein (one of my state senators), letting her know how disappointed I am with her support of the NSA. It's the least I can do, given that she's not likely to be removed from her seat until she retires.

Reply Score: 3

Comment by ilovebeer
by ilovebeer on Fri 21st Mar 2014 23:25 UTC
ilovebeer
Member since:
2011-08-08

Regular people need to give up the idea that they can or will ever have truly secure & private data and/or communications. For the people who believe otherwise, especially the ones who don't think it's that hard, prove your theories. Put all that talk to the test. Good luck with that.

Reply Score: 5

New questions for post-Snowden era
by pwawrzyniak on Sun 23rd Mar 2014 02:26 UTC
pwawrzyniak
Member since:
2014-02-01

In my opinion we shouldn’t link privacy with security? As long as we talk about security it is more a technical or administrative issue, but when we talk about privacy it is related mainly to ethics. Then there is a question – how much we can resign from our privacy to grant ourselves some more security? I think an answer is very important today.

Personally, I don’t see anything unexpected in the Snowden’s revelations which started all these discussions about NSA and other agencies spying everyone and each other all the time. To face the truth – invigilation is known since the beginnings of our civilization and was always used as a tool to grant power for current authorities somewhere. The difference is – there were no Internet, mobile phones, GPS and other advanced communication technologies in the ancient times. Although, someone was always looking for interesting fields of information to gain advantage over his opponents. We all remember a great movie “Three Days of the Condor” by Sidney Pollack with Robert Redford…

However, I think Snowden has made a good job, because we all started asking questions about privacy, invigilation, security and other related subjects. In fact there is a public debate about ethics and freedom of thoughts right now – at least at the personal or social level. Good moment – definitely – especially in the era of social networks, cloud computing and big data concepts.

At the same time, which is an obvious effect, the business representatives re-think all these issues with possible threats for their operations and are now loudly asking questions about widely understand business security. What seems to be the most alarming threat for business today? Certainly, this is an industrial espionage. Nothing new – it is as old as our industry and was always used to increase profits by some companies, especially on the very competitive markets and in the field of advanced technologies. There are many interesting cases known in the history – there is also a good book from pre-Snowden era, for example:

Bruno Martinet, Yves-Michel Marti, "L'intelligence économique : les yeux et les oreilles de l’entreprise", Éditions d'Organisation, 1996 new edition 2001, ISBN 978-2-7081-2511-7

However, today industrial intelligence has a new face, including wide set of previously inaccessible tools and techniques, so there is a real challenge for big companies. I can easily understand all sides of this debate.

Unfortunately, the whole matter is even more complicated… When we come back to the security for a while.

I’ve once found an interesting material from DEF CON 16 conference – please check the whole presentation included in the blog post here:

http://turingsman.net/my-blog-list/141-the-emerging-threat-of-hardw...

As we can see, among very sophisticated threats we talk all the time, there are also very simple, but smart and effective ideas (device hacks) which can help in data leakage. I can also recommend to explore the subject of hardware Trojan a little bit more with at least this link:

http://www.cvorg.ece.udel.edu/defcon-16/

Furthermore, I hope you may like the blog post about critical infrastructure and data centres I wrote some time ago – I tried to collect several thoughts here in relation with counterfeit Cisco equipment (it was presented on OSNews.com in the past) and Stuxnet cases:

http://turingsman.net/my-blog-list/139-critical-infrastructure-thre...

When we realize what is possible today with minimal effort and what can be the price for the whole society if there are no methods to prevent possible threats, we should also ask ourselves: what is more important for us – privacy or security? And where is the barrier which is ethically acceptable between both? Is there any barrier?

Honestly – I don’t have answers for these questions today. I can only agree that the same way we cannot achieve total security, we cannot require total privacy, especially today. What I’m sure about is a fact that ethics is the same important player in this game as business and technology.

Best regards,
Pawel Wawrzyniak
http://turingsman.net/

Reply Score: 1

Consider your request as "in process"
by mikesmithyo on Sun 23rd Mar 2014 02:38 UTC
mikesmithyo
Member since:
2014-01-21

You might want to take a look at Owncloud.

As for pre-configured email, I'm not sure what you mean by that or what you are expecting the device to do about email or do with email, but email is fairly complex, especially if you want it to work. I speak of a email servers here. Email clients are another story.

While owncloud doesn't have a replication tool built in (afiak) you could replicate it with other tools like bit-torrent sync.

If you just want your data backed up (encrypted in transit and at rest) use crashplan and freely back up to a buddy, or several of them.

Also I'm more inclined to trust open source apps and pc hardware for this use case, especially given the hard coded root login recently found in synology disk stations: http://www.kb.cert.org/vuls/id/534284

Whether it's an NSA backdoor or lazy devs leaving themselves a way in, it doesn't matter. It's happening and there will be more of these "bugs" found in more and more devices. There are no eyes on the code these devices run like there are on open source code.

Reply Score: 2