Linked by Thom Holwerda on Fri 21st Mar 2014 16:56 UTC
Internet & Networking

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

Right. Because, as we all know, European governments did not fully comply with the US spying programs, nor have they similar programs of their own.

High time some smart company develops a very simple and straightforward 'personal cloud'; a simple, large box with loads of storage that you dump in the basement somewhere, with pre-configured email, internet storage, and so on. Also offer the ability to have multiple of these things tied to the same account for data duplication, so you can, say, dump one of them at a trusted friend's home. Make it platform-agnostic and encrypted, et voila.

Doesn't sound like something that's terribly hard to do.

Permalink for comment 585111
To read all comments associated with this story, please click here.
RE[5]: Personal Cloud
by ricegf on Sun 23rd Mar 2014 12:00 UTC in reply to "RE[4]: Personal Cloud"
ricegf
Member since:
2007-04-25

I've been fascinated by quantum computing and quantum encryption for some time, but I don't see it as a solution I can afford to deploy today.

Unless you are solving some other logistics problem, I don't think having an "offline computer" enhances security in this case.


Consider the scenario where the computer generating the one-time pad has been remotely compromised - I contend this is not an unlikely case. If online, the pad is immediately copied to the NSA (or whoever). If offline... well, they'd need physical access.

This is the same rationale for keeping the private key for your virtual currency on an off-line computer. Do you consider that to add no value, either? I respect your opinion, but I believe you're missing a significant threat in this case.

I think an SD Card is less secure than transferring the keys to an internal disk/device, consider that the SD card is easier to physically swipe/copy.


One of us isn't thinking this through. Sure hope it's not me! ;-)

Consider my one-time read SD card, as discussed recently on this site (to wit, the firmware in an SD card can be hacked).

If an adversary remotely accessed and copied the SD card, what would that accomplish? When I attempted to establish an encrypted link, the link would fail - the SD card would be blank. This is similar to quantum encryption, which doesn't actually prevent interception of data, it just ensures that you know it has been intercepted (because you can no longer communicate).

I selected a hacked SD card as a cheap way to add one-time read-only storage to the device. If you just stick the pad on your disk, as you suggest, then your server can be hacked and the pad copied. As far as I know, a hacked SD card can't be re-hacked via a remote connection. (I've actually designed a similar system for secure communication in a corporate environment - the hacked SD card is just a cheaper solution that occurred to me while writing earlier in this thread.)

Of course, if physical access to the server is gained by your adversary, the card could be copied and a new hacked SD produced and placed in the server. But then, even if you were using quantum encryption, you're screwed if the adversary has physical access to an end point!

Am I missing something?

Reply Parent Score: 2