I concur with his thoughts on transforming cloud security into a different problem, such as encryption:
Here's what I don't understand: why are we not talking at length about data encryption? Do you want to eliminate or transform a key set of concerns about putting data out in "the cloud" (whatever the heck that is)? Encrypt the data. Encrypt it as close to the source as possible, and only decrypt it temporarily at the point closest to the instance that requires the clear data for use. Never have cleartext data in storage, ever, ever, ever.
While encryption has its own issues, it moves the problem from a discretionary access control issue (i.e. the code controls who accesses what) to a more mandatory access control issue (i.e. only those with secret knowledge can access the data). This isn't foolproof by any means, since securing private secrets by humans sucks. At Hursk, we thought about this during the design of a password cracking service. PGP encrypt the output of the file using an escrow key and also the user's key. Even if the user had an XSS problem in their browser, the attacker would still have to get the passphrase for either the escrow key, the passphrase for the user's private key, or system access to the service running john or whatever on the cleartext password file.
But, utilizing encryption this way still has basically a PKI-esque problem to deal with. So, yeah, the problem is transformed, but in no means have it been solved.
Maybe all of these problems are NP-hard. We're finding out that yeah, we can transform them to a different problem, but in the end, all the problems we transform them into really are difficult to solve :-)
But, please, don't do encryption in the browser.
3 comments:
I like your addition of the NP-hard reference. This is all abstract, but I have to believe that these problems can be transformed or reconfigured in a manner to have several < NP-hard problems. But, then, I'm a dreamer. :)
I don't agree with you that PKI hasn't been solved. It may not have been solved well, but it's definitely an increasingly mundane problem. Look at the vendor space around key management, and the theoretical future of Encryption Key Management Infrastructure (combining PKI with Symmetric Key Management into one platform). This stuff is all much better solved than I think anybody gives credit for. Once bit, twice shy, I suppose. :)
PKI is in use by the US Military, so I guess it has been solved operationally (and we're paying for it :-)
And, I do hope P = NP :-)
But, you still have the problem of managing some device out there that's decrypting the data securely. And, if that can't be in the cloud, then what's the purpose of the cloud?
Maybe run your decryption software in Java on the browser :-)
I don't think "everything" will be in the cloud. At a minimum, you implement key management with the keys in your secured environment, maybe? :) I'm told that Qualys has solved this problem for their customers (they don't have the keys to the data). Again, it's a solved problem, or it's one that we can more easily solve. *shrug* It amuses me when we run around playing Chicken Little about "new threats" and "new technology" as if we don't know how to solve problems. Too many frets, not enough chords. :)
Post a Comment