Security In the Ether

theodp writes "Technology Review's David Talbot says IT's next grand challenge will be to secure the cloud — and prove we can trust it. 'The focus of IT innovation has shifted from hardware to software applications,' says Harvard economist Dale Jorgenson. 'Many of these applications are going on at a blistering pace, and cloud computing is going to be a great facilitative technology for a lot of these people.' But there's one little catch. 'None of this can happen unless cloud services are kept secure,' notes Talbot. 'And they are not.' Fully ensuring the security of cloud computing, says Talbot, will inevitably fall to emerging encryption technologies."

Remember kids

"Cloud" computing is a buzzword, nothing more. It has no real meaning, therefor all talk about it is worthless drivel.

Proceed with the drivel.

Re:Remember kids

[TheRaven64]

It's not a buzzword, it's a filterword. A buzzword is a word that describes a broad range of technologies and is useful for setting the scene, although a real technical discussion requires more focussed terminology. A filterword is a word used let you know that the person talking is an idiot and that you can safely disregard everything else that they say. Other examples include 'beowulf cluster,' and 'first post.'

Re:Remember kids

[sjames]

Cloud is a bit like "Smurf". It means whatever the speaker or listener wants it to mean.

Re:Remember kids

Jaffa, Crie!

Emerging encryption tec

Full homeomorphic encryption is, contrary to IBMs press team, still far from useable. In fact, there is no method in sight that could do the job.

Re:Emerging encryption tec

Full homeomorphic encryption is, contrary to IBMs press team, still far from useable. In fact, there is no method in sight that could do the job.

What you Linux lovers really want is full homoerotic encryption. So you can hide your gay porn.

Re:Emerging encryption tec

How does a troll get modded up? tsk tsk mods whats up w/ that?

Re:Emerging encryption tec

[Neuroelectronic]

Ask the meta-mods

Re:Emerging encryption tec

[techno-vampire]

The current system of "meta-moderation" is absolutely worthless. Deciding whether a post is good or not has no effect on whoever moderated it. Until they go back to a system where the moderations themselves are meta-modded, I, for one, refuse to participate. Maybe that's why I never get mod points any more, but if that's their attitude it's OK by me. Moderation is a responsibility that I took seriously, and I always meta-modded honestly. If that's not the type of moderator they want, it just means less work for me.

Re:Emerging encryption tec

[0ptix]

Improvments to Craig's original work are already starting to come out. Smart and Vercauteren use integer arithmetic to obtain a more efficient scheme (though still not widly practical yet). Dijk, Gentry, Halevi and Vaikuntanathan show an even simpler (though not more efficient) scheme using integer arithmetics. In fact it's probably a good first paper to read for cryptographers interested in the area.

In light of these developments hardly a year since craig first released his results i see reason to hope for more improvments also towards efficiency (and basing the security on different and more common assumptions).

never the less for cloud computing applications where resource usage is carefully counted out and billed its hard to imagen such encryption technology being for a long time to come. neiche markets and applications could be another matter. for example something like a freenets/cloud where you can securely (privatly and correctly) farm out computation to be accessed from any client device with your key (for a comparable hit to performance). still, like freenet today the extent of the performance hit will most likely force it to remain generally unused for quite a while still.

Re:Emerging encryption tec

damn skippy ... 500gb of wang and counting

Whom are we securing it from?

[bschorr]

Part of the problem is that with Cloud Computing you have a much broader set of "enemies" to secure your data from. It's naturally in the interests of cloud/SaaS providers, who are selling an increasingly commodity product, to look for ways to cut their costs. They have price pressure from consumers and competitors so like any business you can bet they're looking for the cheapest providers they can for the services they require. Unfortunately that cost-cutting and corner-cutting will lead to new and different security challenges.

For example: all but the largest will be outsourcing their data centers. And when they outsource that storage will they find the same sort of pricing structures, perhaps on a different scale, that everybody else does - it is attractive, from a price perspective, to off-shore that data to places where it's just cheaper to run. One of the strengths of the Internet is how it shrinks the planet in that regard. But there has recently been a big debate about whether or not the 4th Amendment in the U.S. protects hosted e-mail from search and seizure by the U.S. government. What does the 4th Amendment in Malaysia protect against?

What if your biggest competitor in your particular industry is a Chinese company and your Cloud provider decides to store your data on a server located in China. Do you suppose the Chinese gov't might be able to access (or monitor) your data and provide any of it to their company?

Even if your data stays on a domestic server and your business is entirely legitimate - most Cloud providers are multi-tenant (that's the economy of scale that helps them keep prices down). What if one of the other tenants on that server is doing something naughty and the government decides to seize the server to go after them. Will your data be safe and protected? They're the government, right? OF COURSE your data will be handled properly. :-) Uh huh.

Another big topic is document retention. You want to keep documents as long as you need to and then expire those documents. Will your SaaS/Cloud provider respect your document retention policies? Or are you going to discover, hopefully not after being served with a discovery request, that they actually have copies of your expired documents in cache or on backups somewhere that they never destroyed?

There are a LOT of new security issues that come up when you essentially put your data at arm's length with no real idea of where it's physically stored or who has access to those servers. I'll close with a quote:

"If (CIO) Randy Mott told me 'Put the general ledger up in the Cloud' I'd say 'Go back to work, we're not doing that."
            -Mark Hurd, CEO of Hewlett Packard-

Re:Whom are we securing it from?

[hitmark]

in other words, encrypt, encrypt encrypt.

i am really considering printing public key barcodes on business cards, and refuse to accept mails that are not encrypted...

as it is right now, people are mentally considering email like enveloped mail, while in networking terms its more like postcards. I wonder how much this can be blamed on mail software that shows unread mail as unopened envelopes...

Re:Whom are we securing it from?

[mlts]

Cloud computing violates the first rule of security: Don't let the data be accessible in any shape or form to those not authorized. It goes with one of the fundamental rules of the Internet which is often ignore:, don't put anything on a Net accessible computer that you would be afraid of it ending up linked off of 4chan.

Cloud computing has some seductive properties for PHBs: It is just a network jump away through an API, requires no dedicated equipment on the client site, and the big named company salespeople who play in the same foursome at the golf course sell the stuff.

However, if one drops the smoke and mirrors, there isn't much difference between cloud storage and FTP-ing files onto a remote site.

So, what does one do? Before someone states "encrypt it!" one has to know that there are two parts to encrypting:

First is choosing the algorithms (AES-256, and if worried about an AES crack, chain AES and Serpent or Twofish [1]) and how they are implemented (ECB bad, XTS good). You also add to this how one can tell if the key is valid, and one of the most secure ways is to have the key use a salt, decrypt part of the cyphertext, and check it against a known value. TrueCrypt does this when validating if a filesystem is OK to mount.

The second part is not as obvious, but it means as much to secured data as the cypher: Key management is where you feel the burn. The simplest key management is having some random passphrase the maximum length allowed stored in a file on a USB flash drive and printed out for safekeeping. However, this runs you into the same issues as using WPA2-PSK, if the key is divulged on one area, the whole security of the system is now compromised.

Which means that you have to have a system of subkeys where the keys will decrypt the master key, similar to how PGP stores multiple passphrases and public key information to open a PGPDisk. You can give everyone a different passphrace to remember, or you can give them some type of smart card that unlocks the information. If a passphrase is divulged, it will suck, but given time, it can be removed from the authorized list.

Don't forget not just using one volume key for the data, one needs to use a different one every so often, so a compromised subkey which allows someone to slurp up the main decryption key won't compromise everything.

In reality, after a company goes through their iterations of a key management system, going from passphrases to RSA keys (because passphrases are hard to remember), then going from a list of keys to a full blown PKI with multiple recovery mechanisms, companies usually end up going to a smart card system. Of course, this is expensive and requires an elaborate support structure, but it is the best way of dealing with key management we have. And of course smart cards have driver hell in most cases.

So, with all the complexity that one needs to have in place for an encryption layer before stuff ends up stored offsite, it gets to a point where why should one even bother? Instead, for a number of SMBs with a non trivial amount of employees, they should just buy tape libraries and a backup program that has encryption. Some drives (like some of HP's) have encryption functionality in hardware. Then after the tapes are backed up, they are either stored in the data center (with restricted access), a tape safe, or an Iron Mountain tub.

What is the advantage of going back to tape even though cloud computing is seductive and seems like all problems of storage are just an Internet connection away? You know who has physical possession of the data at all times. It is a lot easier to deny someone access to physical media by rekeying locks, yanking their HID card access, or striking their name from the authorized user rolls at the offsite system than it is to deny access to stuff where you don't know even where it is stored.

With physical media, you have two pieces of security. The physical media itself, and the encryption on it. With cloud storage, ALL your se

Re:Whom are we securing it from?

[GIL_Dude]

True; encryption is one important piece of the pie. But, in the example the GP gave, if the data still exists in a backup somewhere it is still subject to discovery requests and, encrypted or not, you will have to divulge it in an unencrypted form. Also, the encryption won't protect you in the case of a government seizing the server - you are still "down" for whatever function was being provided by that server. In other places you may find that it is illegal to import certain encryption technologies. Are you doing so when you simply have a server acting as a data store? Maybe not, but I don't think case law in some of these countries has decided that. As the GP says, there is a lot to consider when planning to store your data off premises.

Re:Whom are we securing it from?

[hitmark]

so in other words, we are looking at a piece of technology that in the long run will have to force some kind of one world government, or else the net will be basically undone by the mess of laws and regulations that makes up the nations of this planet?

Re:Whom are we securing it from?

This can be mitigated by keeping encryption keys for a certain time (as per a company policy), then destroying them. However, that doesn't mean that the data is destroyed -- all it takes is one key to be in existance somewhere and it can be recovered.

Another issue about cloud storage -- how does it fit in with regulations? If a cloud server was abroad and in a country that the US doesn't have diplomatic ties with, could that company be nailed for ITAR/EAR violations because their bits are being stored on a server farm in Doomstadt, Latveria? The cloud client does not know where their bits wind up, but this doesn't idemnify them from civil/criminal risk.

Re:Whom are we securing it from?

[Otterley]

Whether the data is in the cloud makes no difference with respect to discovery requests. If you are served a discovery subpoena, you have to turn over the data whether it's in the cloud or not.

The difference is that under the Stored Communications Act, the provider can turn it over to the Government without notifying you. That's what has most data security experts nervous about cloud storage.

Re:Whom are we securing it from?

[Suki+I]

Don't we get a larger circle of trusted insiders with outsourcing? Weakest link in the security chain, IIRC. Open to correction and education. Please don't flame too bad?

Re:Whom are we securing it from?

[bschorr]

Or you just keep a closer hold on your data and don't give it to companies that are going to, for the purposes of cutting their own operational costs so they can make a bigger profit, send your data to far-flung (and possibly hostile) nations to be stored.

Re:Whom are we securing it from?

[bschorr]

Correct. And because of multi-tenant arrangements it's possible that your data could be included, accidentally or otherwise, if the provider is complying with a discovery request for another tenant.

Or worse, an overly broad discovery request could sweep your data up in it.

Imagine if the cops came to serve a search warrant on your neighbor but, perhaps because they didn't understand the underlying infrastructure, they just decided to search the whole block.

Can't happen? Unlawful search and seizure? What if the block, and the cops, are in Singapore?

Re:Whom are we securing it from?

[bschorr]

Problem is, with outsourcing, you don't know who the "insiders" are anymore. Right now I know everybody who has physical access to my servers. How do I know? I handed each one of them their key to the server room, personally. I can shake their hands, I can meet their family at the company picnic, I know who they are and where they live.

If we outsource our data storage into the cloud then I probably don't even know where that data is, much less who can put their hands on those servers. Can I trust anonymous folk somewhere out in the world with my confidential and/or mission-critical data?

Re:Whom are we securing it from?

[jc42]

so in other words, we are looking at a piece of technology that in the long run will have to force some kind of one world government, or else the net will be basically undone by the mess of laws and regulations that makes up the nations of this planet?

I think you've got it. But we should add that, although that global "government" (or more likely, a treaty association) may pass laws that protect your data from prying corporate eyes, it certainly won't pass laws that protect your data from prying government eyes. And even if you've done nothing to offend that government, the fact remains that it'll only take a small under-the-table payment to convince many of the underpaid international data bureaucrats to deliver your data to anyone who wants to pay their very reasonable price.

So the "cloud" may lead to a morass of international data-handling laws that you'll have to attempt (probably unsuccessfully) to abide by, but the resulting system will be no safer than the mess we have now.

Re:Whom are we securing it from?

[jc42]

... one of the fundamental rules of the Internet which is often ignore:, don't put anything on a Net accessible computer that you would be afraid of it ending up linked off of 4chan.

Well, since most of my files are online right now, the ones I'd worry about being linked to 4chan are mostly the ones that I got from 4chan.

Re:Whom are we securing it from?

[hitmark]

steve jackson games, anyone?

Re:Whom are we securing it from?

[lsatenstein]

Why do you think that data stored on a Chinese server is less secure then one stored on a USA server. All one needs is the URL. The same software, given the URL, will circumvent the security system in place. (A bribe could be paid to get the encryption keys for either site). Ho Ho Ho, Merry Christmas and Happy New Year

Security aside...

[Yaa+101]

Would you trust other companies to manage your electronic secrets?

I would never, no matter what promise.

Besides, we all know the track-records of the companies offering this and they are real bad at least in my opinion.

Re:Security aside...

Would you truth other companies to manage your physical secrets? Well, lots of people do. They're called banks.

Re:Security aside...

[selven]

I wouldn't put my private data up even onto a cloud of a company I trust completely. It could still get PATRIOT Acted into the hands of pretty much everyone who I don't want to see it.

Re:Security aside...

I trust several companies to manage my physical secrets:

Iron Mountain manages tapes and offsite stuff.
My bank manages the pathetically small amount I have in checking, as well as allows me to store crucial files in a safe deposit box.
U-haul manages a storage I have.

However there is a difference between physical secrets and electronic ones: If someone tries to mess with the stuff I have in storage, it will be evident. Either via a broken seal, a cracked off padlock, a broken label, or some other means. There is no way that you can be assured that someone didn't make a copy of your data on the storage backend.

Of course, there are ways to forge seals and make undetectable tampering attempts, but doing so takes a *lot* more work than a simple cp -r.

Re:Security aside...

[mlts]

Don't forget: The US isn't the only company with a USAPATRIOT-like law.

Store data on an Elbonian server, and the data is available to their intel agencies and law enforcement (who likely will use the data to help their companies compete, or if they don't like the West, direct attackers to soft targets.)

Those archives of tax records stored on a cloud? Better hope your encryption is tight, not just now, but can stand attacks 20 years from now. I'm sure that in 20 years, AES will have cracks starting to show, just like DES had its small keyspace and 64 bit block size make it irrelevant for today's encryption tasks.

Re:Security aside...

Would you trust other companies to manage your electronic secrets?
I would never, no matter what promise.

You give your money (and an image of every cheque ever written or cashed) to your bank.
Your investments to you broker.
Your purchase history to your credit card company (and loyalty programs).
Your travel history to government security contractors.
Your will (and the details of your dirty deeds) to your lawyer.
Your employment history to wherever you apply for a job.
Your phone company has records of everyone that you've called (and soon, thanks to GPS, they will know where you are and where you've been at all times).
Your ISP has 6 months of your emails stored.
Your health secrets to your doctor, and to your HMO, for that matter.

Re:Security aside...

Then you really don't want to know how your medical records (doctor's transcriptions specifically) are shopped across the internet to the lowest cost sub-contractor...

Re:Security aside...

[dkf]

I wouldn't put my private data up even onto a cloud of a company I trust completely.

And you're going to pay to maintain your own hardware and software installations as an upshot of that choice. As long as you're willing to deal with the consequences, your decision is fine. The only time there's a problem with the cloud is when you're forced into using it for your private data because there's no choice. (But then again, that's generally when there's a monopoly about instead of a free market...)

BTW, successful cloud providers are probably more likely to take good care of your data than some random corporate datacenter. For one thing, the cloud providers have to have competent and security-aware technical staff. All you need to have to own and run a datacenter is a building with enough power, AC and networking, and someone who can plug a rack in.

Re:Security aside...

[dbIII]

And you're going to pay to maintain your own hardware and software installations as an upshot of that choice

Definitely. If it's anything more complicated than a simple website or ftp site it's worth doing it on your own box and renting rack space if necessary. It's come to my painful attention that not even Microsoft can be relied upon to handle email properly so outsourcing that to hotmail is a very bad idea for business email (DNS problems at a Microsoft exchange farm meant that I wouldn't have been able to send emails to some clients for a week if I hadn't used a workaround). Response to problems can be very slow if there is a chain of service providers.

Re:Security aside...

[dbIII]

Note that here Microsoft was hosting the email, so the quality or otherwise of their software wasn't the important part, simply the inability of some people there to manage DNS properly and in a timely manner. It's a bit rough when it takes a week to get to the ticket and fix a simple typo in a zone file for an internal microsoft domain, and meanwhile there is a company that gets no email at all for a week.
My point here is not Microsoft bashing, my point is even such a large company can not be relied upon for things that you should be doing yourself.

Re:Security aside...

[bschorr]

There are a few differences though, the primary one being that money, unlike data, is fungible. If a bank goes out of business you just care that you get an equal amount of your money back. Doesn't have to be the exact same currency.

If your SaaS provider goes out of business it's not really a good substitute for them to say "Here's 213MB of data. It's not the same data you gave us, but it's the same amount so that's good enough, yes?"

Along the same lines, if your bank has a security screw-up and reveals your bank balance to the world that's awkward and embarrassing but probably won't cause you much actual loss. If your SaaS provider reveals confidential company information to your competitors...that could be quite serious.

Off-topic, but...

Revenge is a whole meal now? When I was your age, revenge was only one dish.

TCP/IP is a cloud we trust

[hey]

We already trust the cloud a bit. We use the internet to move stuff around. Do we trust intermediate nodes not to eavesdrop or
steal our data? No... we use SSL. Do we trust the intermediate nodes to deliver our packets on time? No... we wait for ACKs and use timeouts.
Seems to be this is just like cloud storage. Use it but don't just it all. Encrypt everything. Periodically pull the data back to make sure its OK, etc.

Re:TCP/IP is a cloud we trust

[ickleberry]

that is only for storage - the 'cloud' wants to also process your data. The only appropriate use seems to be when there is no consequence to the data being lost (i.e as part of multiple backups). Even with encryption an algorithm could be compromised tomorrow, by which time it will be too late to prevent your data from being decrypted by disgruntled employees / cloud storage providers.

When all your data is hosted and processed in 'the cloud' (just offsite, on someone else's machine basically) no amount of encryption is going to save your ass.

Re:TCP/IP is a cloud we trust

[mlts]

SSL is different. The encryption key that is used is used just for the communication, then is tossed. In general, one will not have a SSL negotiated key for last week's bank transaction on their computer.

Because the SSL key management is about keys that are tossed, there isn't much of an issue with the nodes in between.

Cloud computing is about long term, persistant storage. The session key that gets chucked in SSL has to be kept permanently somewhere when it comes to storage, and key management is a major headache. Have too little redundancy, you can lose access forever to data. Have too much redundancy, and keys can wind up in the hands of blackhats and people who you really don't want to have access.

Re:TCP/IP is a cloud we trust

[hughperkins]

Many banks use multiple layers of security for data traversing WAN links:
- the WAN link itself is supposedly secure and encrypted intrinsically by the provider
- vpns run over the wan links. All traffic runs over these vpns
- data is forbidden from being sent in clear, even though it's running over a vpn. ssh et al are used to secure data that traverses

The advantage of layering is:
- if one layer of security fails by accident, the data is not necessarily compromised
- if one layer of security fails by design or intrusion, the data is not necessarily compromised
- no one person or group has the power to access the data from everyone, ie segregation of responsibility, ie the network team can, yes, get access to all network data, but it's all mandatorily encrypted by the application teams anyway....

Application teams can obviously see all their own data unencrypted, but they cannot see the data from other teams, since each team has encrypted their own data.

Now... moving onto the cloud. There is as far as I can see it very little room for layering:
- all data is available in ram in an unencrypted form
      - an attacker with access to the physical vm host can read arbitrary data from the ram of executing guests
- the network adapter of the virtual host is bridged directly in many cases to the public internet, but even when it is connected to a cloud-provided vpn, or uses its own vpn set up by the guest's company, the number of layers is significantly smaller than a server safely tucked away in a secure data center somewhere behind multiple layers of firewalls, dmzs, enterprise intrusion detection devices and so on...
- the block storage itself (EBS for example) is just a few steps away from a potential attacker: yes, EBS is in theory wiped to zero by Amazon, and yes one can run encryption over the top of the EBS, but still, that is only two layers. What if the wipe gets turned off one day without the guest company knowing? What if the guest's SA forgets to encrypt the volume for some reason?

I imagine that none of these problems are insurmountable, but one can see why large corporations would be reticent to move their sensitive servers, or even not so sensitive servers, onto publically available cloud servers?

Re:TCP/IP is a cloud we trust

[noidentity]

The problem here is that the remote machine is decrypting the data. If you don't trust that machine, how can you avoid interception of the data? I don't see a way to fully trust a cloud machine. The only thing you can use untrusted machines/connections for is transporting/storing encrypted+signed data. The encryption prevents them from reading the data, and the signing prevents them from forging it.

Cloud Computing Security Is Another Name for DRM

[Cerlyn]

While they may sound different, the Cloud Computing security problem seems to be almost identical to any other Digital Rights Management problem. Both are concerned with only exposing what the information owner wants exposed to the underlying hardware/provider/user/etc.

It's just a question of whose "Cloud" you are trying to secure information on, and who the "user" of said information is supposed to be.

What could possibly go wrong?

[David+Gerard]

Microsoft today implemented its 100% Data Confidentiality package for T-Mobile Sidekick, comprehensively protecting users’ contacts, email and messages from any possible attacker.

“Our data security is impenetrable,” said Steve Ballmer, “and will reassure everyone of the data integrity of our Windows Azure Screen Of Death cloud computing and Windows Mobile initiatives.”

Microsoft plans to leverage the new confidentiality mechanism to finally purge the horror of Vista from the face of the earth, in the same manner as firing all the contractors who knew how to build Windows 2000 and having to reconstruct Windows XP from bits of NT 4.

Microsoft Sharepoint users looked forward to a similar denouement as the only safe way to scour their hopelessly incompetent organisations from the world in a manner that would not infect successor organisations.

Microsoft is putting together an outsourcing proposal to the UK government for data protection.

Never safe.

[fearlezz]

The cloud is not safe. Period. You might secure parts of your data. You can keep other internet users from illegally accessing your data. But as we just discussed, anyone with (virtual) fysical access to a server can break his way in. You may make it harder by installing full disk encryption software, but you can't even be sure that the bootloader of your virtual server isn't messed with. If you build a bookstore that costs amazon millions of turnover a year, hosting it at ec2 might not be the smartest idea...

Re:Never safe.

[iso_bars]

but you can't even be sure that the bootloader of your virtual server isn't messed with

Trusted Computing would let you do exactly that. Which is why Trusted Cloud Computing has been suggested.

Re:Never safe.

[fearlezz]

You can't even be sure that the (virtual) hardware or TPM chip of your (virtual) server hasn't been messed with. Anything that was man-build, can be hacked somehow.

Re:Never safe.

[DMUTPeregrine]

No, it wouldn't. At least, not always.

Re:Never safe.

[iso_bars]

Yes, but this requires physical access. The TPM is designed to prevent (or make noticeable) purely software-based attacks. This changes the risk considerably. If you have some confidence in physical security, you're now in a much stronger position.

While what you say is broadly true, it isn't about absolute security, but about raising the bar high enough. If you make it more difficult to break the security than access to the machine is worth, you've won, even if the security isn't perfect.

Re:Never safe.

[iso_bars]

If you read the paper in detail, it says that the attacks affect Bitlocker, not all TPM based security. They do not compromise the authenticated boot capability of the TPM. You still cannot pretend to have booted a different system to the one you have.

There are plenty of things to criticise about Trusted Computing, but spotting boot-process malware is one thing it does very well. It works for the question "has this platform been booted with the correct software?" but not "has this platform always been booted with the correct software?"

It's situation dependent, of course, and it may not provide the necessary security guarantees that are required for cloud computing. But it comes much closer than a purely software-based solution can.

Re:Never safe.

[DMUTPeregrine]

Quite true, but the cloud provider by definition has physical access to your machines, while you don't. It becomes much harder to notice problems when the attacker owns the computer.

Re:Never safe.

[sowth]

I don't get why it isn't obvious, but if you can't trust your hosting provider, you can't trust the server you run at their site. Period. If you can't trust them with the root password, then you shouldn't be hosting with them. They have physical access. Any 20 minute downtime (which you may never notice) could be them pulling the hard drive and cloning it, then putting it back.

Even if you encrypt the hard drive, most likely they could stage a MITM attack one way or another to get the key. They can go to the point of emulating the machine on a hypervisor and access the RAM directly. They have total physical and network control of the machine, so nothing can stop them. It is like saying you don't trust your bank, but your safety deposit box is secure because they gave you a key.

If you don't use a host you can trust, don't be surprised if they root your server or copy your private data. Just as if you can't trust your bank, don't be surprised if they funnel all your money into their personal accounts (such as charging absurdly high interest / fees and upper management giving themselves absurd multi-million dollar salaries and bonuses). Do research and try to find a company you can trust. If what you have is too valuable to be trusted with someone else, don't let them handle it.

BTW, from the posts in that story, from what I understood, they wanted his root password because they moved his image to another computer because the old one was flaky and they needed to install drivers on the new one to get it to boot, and the asshole was too cheap to pay their $35/day fee for virtual kvm access so he could do it himself.

Re:Never safe.

[sowth]

"Trusted Computing" just means the hardware (and OS) manufacturer "trusts" you to do what they want you to do. Make a competing product or support open source, then suddenly they don't "trust" you and revoke your key.

It is a code censorship system, not security system. Security can be shoehorned in, but if they allow (or before the manufacturer/OS company revokes the key and it propagates), a "trusted" party could run just about any code they want on a "trusted" machine, including rooting your server or copying your server image.

Most undoubtedly, any large hosting company would be "trusted" by their manufacturer, so you wouldn't be in any different state than without "trusted computing."

cloud computing

cloud computing is a fad in my opinion. Its not safe, will not be. Encryption is nice but for every algorithm to encrypt something there is an algorithm to decrypt it. Unless you use lots of bits and passes with different algorithms to make it harder, which does add security but also make things slower. I always see lots of technologies come and go and one thing people don't seem to ask before hand is why we need this. I have seen technologies used for no real purpose other than to use something new when what already was around did the job just fine. There is so much overkill in the technology industry it really is a waste of money and energy in these 'going green' times

Re:cloud computing

[Stumbles]

Its more than a fad; its a rehash of thin-client computing.

Re:cloud computing

[Hognoxious]

And thin-client computing is a rehash of greens screens connected to a mainframe.

Re:cloud computing

[MightyMartian]

It's not so much a rehash as an extraordinarily bad reimplementation of the client-server model. Look at the horror stories like AJAX you have to use to do it. The whole is papered together and the only thing that makes it even remotely usable is that the speed of computers and networks are such that it makes your average "Cloud" app feel like a slow version of a Windows 3.1 program running on a 386DX-33.

Security is not an absolute!

[girlintraining]

For crissakes, people who say something needs to be secure before it can be trusted really get on my nerves. Anyone who's waded out of the shallow end of the pool on security (of any kind) knows one of the fundamentals of security is that it isn't perfect. No matter how good you make your mouse-trap, there will someday be a better mouse. The more realistic analysis is to ask yourself what the acceptable risk is. Or, put another way, you should strive to ensure that the security is more difficult to break than the value of whatever it is that is being protected.

Re:Security is not an absolute!

Right on!

Anybody who buys this crap about "emerging encryption technologies" magically making the cloud secure deserves to lose.
Read your Schneier; the technical problems were solved years ago. But data security is much more than just technology.

Banks....

[Savage-Rabbit]

Would you truth other companies to manage your physical secrets? Well, lots of people do. They're called banks.

I may be wrong here but I'm still convinced my super secret stuff will be safer in a safety deposit box (where I have the only copy of one the two keys needed to open it), which is located behind a massive steel door, encased in layers upon layers of concrete in the cellar of a bank than those secrets will be if I store them on "the cloud". It takes a court order (which isn't easy to get in most places since the banks tend to fight them tooth and nail) or a gang of seasoned bank robbers with a lot of time on their hands and some very heavy equipment to lift my secrets from that vault. On "the cloud" the only thing standing between my secrets and Russian mafia hackers is a badly paid marginally competent sysadmin in an IT sweatshop in India.

You Cannot Trust Anyone with your Data.

[lunchlady55]

The problem is you can't trust anyone with your data. For the systems to do something (other than store) your data it must be unencrypted. If it's unencrypted, it's not safe from prying eyes. (Internal sysadmins and external eavesdroppers who have compromised systems in the cloud.) End of story.

Remember there's two kinds of trust, "I'm giving you they keys to the kingdom and I believe you won't do anything bad while I'm not looking," and "I've locked everything and I trust the locks will hold against malicious attackers." You will never get trust #1 from anyone, especially not a corporation. And I don't trust locks will hold ; )

Put up your own servers!

[Hurricane78]

In the name of probably pretty much all of us:

1. Unless yo smoke weed: Shut the fuck up about your “cloud“ shit!
2. iPhones, iPods, iAssplugs, iBubbles, iFails: See point 1.
3. It is OK to call hooters 'knockers' and sometimes snack trays
4. It is wrong to be French (Yeah, that was the point 4 you always forgot. ^^)
5. PROFIT

Re:Put up your own servers!

[Hurricane78]

Man... nobody remembers Al Bundy’s 10 commandments anymore?? :((
Please hand in your NO-MA'AM member cards right now.

Oh, and we get an Apple slashvertisement *every single freaking day* for a long time now. Nobody cares. Stop it.

And if you objected to point 1... please hand in your geek card, and prepare for a ass-kicking shitstorm. ^^

Security is the NEXT great challenge?

[Fizzol]

Shouldn't it have been the FIRST great challenge once things were up and running?

Re:Security is the NEXT great challenge?

Something can be "first after X" and "next" at the same time if "X" was the latest challenge.

Re:Security is the NEXT great challenge?

[mrsmiggs]

No the first challenge was to post as many pictures of cats and biscuit recipes as possible to the cloud as possible. This challenge is still underway, by the time it has been completed everyone will have forgotten what the fuss over 'cloud computing' was all about and moved on to the next big IT craze and not actually implement any sound long term businesses in the 'cloud'.

Such is the power of IT marketing, ooooooooo look a pretty flower...

In other words...

[geegel]

The future of technology depends greatly on the future of technology. Hooray for buzzwords

Emerging encryption technologies

[wirelessbuzzers]

"Emerging encryption technologies" such as Gentry's doubly-homomorphic encryption (which is what the link points to) tend to have a major disadvantage: they tend to be horribly inefficient. We're talking 6 orders of magnitude minimum, probably more like 12 orders. Unless there's a major breakthrough, this is not going to help.

Cryptographic engineering solutions, like DRM, might help. But then again, they might not: they require lots of engineering effort from the cloud providers, which they have little incentive to perform; and even then, DRM technologies don't have the greatest security record.

Operating system security measures will probably be very useful to protect against attacks, not from the hosting provider, but from other clients. These measures are tricky and unlikely to provide "perfect" security, but can definitely make attacks much more difficult.

I predict that after conventional defenses are applied, the solution will be either be less paranoid, or don't move to the cloud.

And yes, I am a cryptographer.

Sure it can be.

[crovira]

All that you need to do is encrypt the data portion with a key that's generated from two one-time pads of 256-bit random keys, and then wipe out all traces of the pads.

They the data will be secure, even from you. :-)

For most users, cloud storage is more secure

[marvis]

I understand that many people here are critical towards cloud computing. But the majority of people who use computers are not like the people on /. .

Most people do not know how to make their machines secure. Most people do not know how to encrypt their hard drives. Most people do not know how to protect against viruses or trojans. Most people even do not have backups.

I agree that for us geeks, the kind of security measures that we apply to our machines make our data safer than they would be in the cloud. However, I doubt that this is true for the majority of people who use computers.

I believe that cloud computing is more secure for most people. Of course it is right to improve the technology, make it better and even more secure. But it is wrong to assume that data is secure just because it is stored locally.

Re:For most users, cloud storage is more secure

[arminw]

.....But it is wrong to assume that data is secure just because it is stored locally...

However, a government cannot get it your data as easily without you knowing about it. That may not matter to many people, but it is important to some.

Re:For most users, cloud storage is more secure

So... how much do they pay you to post online about this stuff? Do you get really good benefits? I bet the pension is to die for.

Come on. Are you trying to pull our legs? Yea... storing files on remote serves is SOOOOO secure. You're not dealing with little old ladies who don't know how to operate a digital camera.

If you're storing your data remotely, it by default introduces a number of major security issues, regardless of how much the company tries to claim it is safe (like the company is going to admit security holes and ruin it's profit margin.. yeah ... okay). Also keep in mind these companies who are pushing this technology have a very publicized and long history of circumventing privacy, even when not required by law. Even when privacy laws contradicted their corporate policies, they made every effort to thwart them, and sell information to third parties without the authorization or knowledge of the party involved. . . Come on, now. You're not dealing with idiots, here.

Re:For most users, cloud storage is more secure

[bschorr]

Well, that's a good point. But is "Better than nothing" really what we're aspiring to?

Wouldn't it be better to find ways to increase the security of the average folks WITHOUT introducing all of the other risks?

Re:For most users, cloud storage is more secure

Wouldn't it be better to find ways to increase the security of the average folks WITHOUT introducing all of the other risks?

...which would be?

I think it's safe to say that this won't be achieved by education alone. And on the technology side, I don't see any silver bullet either.

If you try to solve the problem on the user / client side, you have to solve it machine by machine, user by user. This might work, but it's gonna take a looooong time.

If you make a cloud more secure, you make it secure for thousands of users at the same time.

Of course, you can always argue that we should do both, which is true. But if I could decide on priorities here, I would prioritize cloud security.

Marketing the Prototype

It's how we ended up with this unsecurable protocol stack.

Why would we expect anything else?

We bought it the first time, and the second, and the...

Re:Marketing the Prototype

[David+Gerard]

Amazon EC2 runs Ubuntu ... as does the Ubuntu on-site KVM-based "internal cloud." The sales point is being able to bounce your stuff from your own internal cluster to EC2 when you need a quick burst of capacity.

So it's as secure as Linux on the Internet ... or that the attacker has access to the hardware of.

OpenBSD anyone?

Why Bother?

[Ralph+Spoilsport]

I just bought a terabyte drive for $79. Why would I want to store data in the cloud, when I can put it on a drive and have access to it immediately, and at a vastly higher bandwidth than any "cloud"? Why would I want some company to hold my files when I can hold them locally and at incredibly cheap rates and super high bandwidth? Why would I use software in the cloud, when it is dependent on an internet connection, when my internet connection is completely dependent on whether or not my next door neighbour pays his phone bills? And when will my mom let me out of the basement?

Re:Why Bother?

Because with your DIY storage you have no redundancy, no failover, no information security from a disaster recovery point of view. 2 hard drives won't even cut it, unless they're safely stored in different geological locations to protect against natural disaster (and once they're split up geographically, how will you keep them in sync?).

In an honest apples-to-apples comparison, the costs of actually doing it yourself is much higher than the cost of a single drive. You couldn't do what they do as cheaply as they do it.

Re:Why Bother?

Well, I wouldn't either, but increasingly many people's model is that the internet *is* the computer. They're used to logging into their MyFace account from any computer anywhere and seeing the exact same environment. Data being stuck on a drive in your basement is going the way of the do-do.

Re:Why Bother?

[mlts]

There is a cost of letting them store data: You lose assurance of physical access. For some things, this is just fine. I highly recommend offsite backup utilities (Mozy or Carbonite) for students and SOHO people because combined with a keyfile stored in another safe place, it offers good security even if someone's office gets destroyed. But this doesn't scale. My Carbonite keyfile that protects the data stored offsite for three machines is not going to be a usable solution for a SMB with an IT department with turnover.

For small businesses with a single point of contact, maybe cloud storage is fine. However, for bigger businesses, it is better off to just go with a d2d2t solution, and offsite backups. This way, data is physically protected from compromise, but is stored redundantly.

On the cheap with the DIY storage, perhaps consider buying multiple terabyte drives, and using a tape rotation system to keep data backed up, with multiple drives brought on and offsite. This will provide decent disaster protection, but you still have physical control of the data.

Re:Why Bother?

You may keep a local copy on that drive but when your $79 terabyte drive dies (and you can depend on the fact that it will), where is your data? If you say you back it up to another drive, they what happens when the building burns down, disgruntled employee deletes the data on the way out the door, or thieves break in and steal everything? Now you have to have an offsite copy of your data and that means something in the cloud or something really cumbersome. Taking home a copy each night almost NEVER works because people get lazy. If you keep a copy in the cloud, you can get to it even if the building burns down. The more data we have the more important it becomes that you have a copy that is geographically remote to you. We don't have paper to fall back to any more when there is a catastrophic failure.

Re:Why Bother?

[Creepy+Crawler]

And all I can say to you Ralph is.....

"Music these days suck."

Betcha you cant find me :P

Re:Why Bother?

[dkf]

For small businesses with a single point of contact, maybe cloud storage is fine. However, for bigger businesses, it is better off to just go with a d2d2t solution, and offsite backups. This way, data is physically protected from compromise, but is stored redundantly.

You're right about small businesses. They typically won't have a dedicated sysadmin at all; the owner, owner's spouse, or (in a slightly larger business) secretary will occasionally look after the computer(s), but they won't be able to carry the overhead of a dedicated tech support staff. For these sorts of firms, any backups are a good step forward and backups to the cloud have the benefit of not being so inclined to be lost in a fire.

As the size of business considered increases, your suggestion of d2d2t2offsite is reasonable (for backup; the Cloud's about much more than just backup of course). However, even that doesn't scale up too well. For big corporations, managing datacenters is a significant problem and for almost all of them, it's not their core business. For them, the cloud is a good choice once again since it lets them expand without having to build (or acquire) and provision new datacenters. It's about outsourcing. It's about flexibility. It's about accountability[*]. It's about the realization that keeping everything in house doesn't necessarily help; they need a data security compliance officer with authority to kick butt and stop crap providers from being used, but they need that sort of position anyway. They might not have it, of course; many businesses are not very well run. No change there...

Re:Cloud Computing Security Is Another Name for DR

No it's not.

Cloud security is, "here store this apparently random string of bits for me." There is a key, but the entity doing the storing never sees it.

DRM is, "here is a apparently random string of bits that you can use to listen to or view a movie". Here's also the decryption key, stuffed in a really hard to get to place that your player can use to show you the content. And don't let me catch you trying to pry that key out to use for other purposes, or I'll send a large teams of layers after you.

Cloud security can work since you aren't trying to protect content from someone who also has they key. DRM is bound to fail because the guy with the content also has the key, albeit in highly obfuscated form.

Re:I'm a nigger

Since when have niggers been allowed to own property? Tell the truth; you stole that computer from a white person.

Thank you

[Velska1]

I make spelling errors despite my good intentions.

But my basic attitude is, that if you don't care about what you're saying enough to spell it, then don't write it. There are plenty of insightful people, who will write readable text.

Cloud computing ?

[Salsaman]

Cloud computing is all vapour anyway.

Gee, I wonder where this concept could go wrong?

Wasn't Google one of the big proponants of Cloud Computing (along with that other Stalwort of "privacy" IBM/Hollerith of "Nazi Germany fame")?

I wouldn't trust ANYTHING that was not stored physically in my home/office. Even then, Lots of measures have to be taken, so why the hell do people want to store all their stuff on a Google server (or any server for that matter), ESPECIALLY with the atrocious privacy record Google has with every single product that they bring to market?

Maybe they haven't been reading the press reporting it on a weekly basis? So far Google is batting Zero on the privacy front.

You might as well say, here, Google, US Military, Law Enforcement, Data Mining Contractors, Domestic Government, Foriegn Governments, Private Surveillance Contractors, Homeland Security, Identity Theives, Let me just give you ALL MY DATA to look at! Here's all my company's trade secrets that you can sell without my knowledge to the highest bidder!

Is anyone actually buying this crap? If so: Are they INSANE? They spend all of this money on IT people to secure their networks, and now they want to give all of their data over to some remote entity?

Cloud Computing sounds like a Surveillence State's wet dream, to me. I'm not buying it.

It's not the technology, stupid!

It's not the technology you can't trust, it's the people running it. If it's a cloud, you can't trust it.