Linked by Thom Holwerda on Fri 21st Mar 2014 16:56 UTC
Internet & Networking

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

Right. Because, as we all know, European governments did not fully comply with the US spying programs, nor have they similar programs of their own.

High time some smart company develops a very simple and straightforward 'personal cloud'; a simple, large box with loads of storage that you dump in the basement somewhere, with pre-configured email, internet storage, and so on. Also offer the ability to have multiple of these things tied to the same account for data duplication, so you can, say, dump one of them at a trusted friend's home. Make it platform-agnostic and encrypted, et voila.

Doesn't sound like something that's terribly hard to do.

Thread beginning with comment 585147
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Personal Cloud
by ricegf on Mon 24th Mar 2014 04:44 UTC in reply to "RE[6]: Personal Cloud"
ricegf
Member since:
2007-04-25

Ah, I see where you lost me. I'm not talking about a read-only SD card, but a read-once SD card.

SD cards contain a microprocessor that can be reprogrammed, given physical access to the card. Read this before continuing:

http://www.zdnet.com/sd-cards-hacked-7000024686/

So, a reasonably competent hacker, for little money, could program the SD card to allow data to be written to the card normally, but to delete data as it is read.

Thus, a one-time pad written to this hacked SD card is destroyed as it is used. If your server is hacked remotely, and the attacker copies the one-time pad, he also destroys the one-time pad - so that compromised keys can't be inadvertently used for communication.

This is similar to quantum encryption, which destroys the payload when read (even by an interloper), except that my approach is technically achievable today by a competent hacker for little incremental cost relative to a common personal server.

As to the advantages of an off-line encryption key generator, I can't explain that more clearly than the many papers on virtual currencies, so I'll just suggest that you read those instead. Bottom line is that encryption keys that you really want to protect should be generated offline, and then the private key zealously protected.

Hope this clears up what I'm suggesting. The use of a read-once SD card in this context is an original idea as far as I know, so I understand why you didn't follow. I should have started with a link to the article on hacking the microprocessor in an SD card - sorry.

Reply Parent Score: 2

RE[8]: Personal Cloud
by Alfman on Mon 24th Mar 2014 13:24 in reply to "RE[7]: Personal Cloud"
Alfman Member since:
2011-01-28

ricegf,

So, a reasonably competent hacker, for little money, could program the SD card to allow data to be written to the card normally, but to delete data as it is read.



A server that's been compromised cannot be trusted regardless of whether the key pad is stored on a read-once SD card or on an internal disk. Do we agree on this? After all, the server could be reprogrammed to send the keys to the adversary. I'm having trouble understanding the scenario where your idea adds security. What scenario does this protect you from versus just storing the keys on disk and wiping them after use?



Thus, a one-time pad written to this hacked SD card is destroyed as it is used. If your server is hacked remotely, and the attacker copies the one-time pad, he also destroys the one-time pad - so that compromised keys can't be inadvertently used for communication.


Regarding a read once medium, what prevents an adversary from copying the read once SD card to another read once SD card while making their own copy of it?

Even without doing this, the adversary might swap in his own SD card on the server, and use the authentic SD card to communicate to the client acting as a man in the middle. If he's got the time to wait for a legitimate connection, he could hijack a legitimate incoming connection to copy the data off the server. He could even return the original SD card if he wanted to be covert.


As to the advantages of an off-line encryption key generator, I can't explain that more clearly than the many papers on virtual currencies, so I'll just suggest that you read those instead. Bottom line is that encryption keys that you really want to protect should be generated offline, and then the private key zealously protected.


With bitcoins, the idea of an offline machine is that you don't have ANY copies accessible online. However this security measure does not apply in our case because we NEED online copies to communicate between our client and server. If they're genuinely random numbers, then it doesn't matter where they're generated. So I see no scenario where keeping offline copies benefits you, it's more secure that an offline copy never existed at all. Having an offline copy of the one time key pad only adds risk that you'll be compelled to disclose the keys for past communications.

Edited 2014-03-24 13:41 UTC

Reply Parent Score: 3