US Government Sets Up Online "App Store"

krapper writes "The Obama administration has unveiled a government 'app store' designed to push the federal bureaucracy into the era of cloud computing. The change means some federal employees will begin using services like YouTube, Gmail and WordPress, which store data on private internet servers instead of on those paid for with public money. The process will start small but will ramp up quickly, Vivek Kundra, the US chief information officer, said in a blog post on Tuesday. 'Our policies lag behind new trends, causing unnecessary restrictions on the use of new technology,' Kundra writes in the post on WhiteHouse.gov. 'We are dedicated to addressing these barriers and to improving the way government leverages new technology.' The app store is designed for federal employees doing official government business and is not intended for use by the public."

Re:And Gov2.0 considers Trusted Computing a key

I'm not sure how a TPM can establish identity. Fundamentally, a TPM is a cryptographic token that can accept a key or a passphrase, and has the option to seal it and keep it sealed until the right boot code is passed through it. Other than that, it is fundamentally just a smart card fixed onto a computer's motherboard.

A TPM wouldn't be good for validating a user, who can be using that machine, a phone, a jaw harp, or a beer mug with an IP stack for access. A TPM can validate that the first part of an OS boot was not tampered with on a machine, as well as store some private keys that are usable only on that box. The advantage of this would be for this is ensuring that an attacker can't just replace the MBR with a keylogger, then later on, steal the laptop in a two phase black bag attack.

For a single sign on for users, the US government already has a large and well established system, the DoD's Common Access Card.

Fears of a national ID card aside, using a smart card for access can be a very good thing. No passwords can be sniffed, it is quite easy to use client certificates (the server doesn't have to care one whit if a client's key is on a card, in Firefox's key storage, or in a TPM), and allows shorter passwords to be used, because all it would take is 3-15 (usual default settings on smart cards) bad attempts, and the smart card will either block further attempts until reset, or permanently brick itself needing replacement. Phishing would be useless because all a phisher would get is "yay, this user has connected to your web server with a valid certificate". The main way a smart card can be compromised would be malware that would grab the user's PIN via a keylogger, then use the smart card (if inserted) to sign/decrypt stuff in the background.

Finally, a large number of security programs like TrueCrypt can use smart cards. I have on a laptop TC protected volumes for a VM that runs my Quicken. If someone steals the laptop and manages to get past BitLocker (RAM dump while the box is on), they would need to have the passphrase, the PIN from the eToken, and the eToken itself, to be able to mount that volume. A couple wrong guesses, the eToken zaps itself, so that gets rid of the brute forcing route in. (Of course, rubber hose crypto does work, but my biggest security scenario is silent theft of the laptop, not seizure and interrogation of the owner.)

Disclaimer: TPMs are double edged swords, and they can be used to enforce DRM stacks, but I consider them a good thing in general. Especially because by the TCG spec, they are to be shipped disabled and unowned, so software companies cannot assume every computer user has one and can use it for copy protection.

Re:How is this going to help..

[B1oodAnge1]

Are you certain?

Re:Great!

[Joakal]

How about completely opening the entire authentication systems up? All the methods being proposed are closed systems. There are systematic refusal to accept new corporation/sites/etc as a form of authentication without being celebrity, monopolist or payment for certificates, etc. Recently, I created a browser-based trust initiative here: JRep project Although I initially came up by means of browser-based trust transfer but I believe this can be tweaked for authentication transfer. Bonus: It's completely open and free because I want it that way.

Re:How is this going to help..

[divisionbyzero]

I'm more worried about accountability. Any information posted or otherwise maintained on a private server is not subject to FOIA. It's protected by the 4th Amendment which is a much higher bar. This is the same as when Cheney used a private mail address for government business.