Skip to content

Cloud storage that is encrypted and protects your privacy – the matrix checklist

03/10/2015

If you want to use cloud services, then you need to be pretty clever and use at least 2 layers of encryption.
So what are the top 5 questions to ask when considering a cloud provider?

  1. Is the cloud provider American?

    Google, Amazon and co are all subject to both the Patriot Act and FISA (Foreign Intelligence Surveillance Act).  You are the subject of surveillance.  So would you use KGB Drive, or Stasi mail?  Why not?

  2. Where is the encryption key stored?

    Giving Amazon the keys to encryption is like leaving the keys in your ignition. Not the brightest idea that you’ve ever had. I doubt any insurance company would pay up if your car was stolen, BECAUSE, you’d left the keys in the ignition.  It was only going to be a matter of time until the car was stolen.  To control data, ONLY you must know the key, or KGB Drive can decrypt the data behind your back.

  3. Are 2 layers of encryption used?

    Normally this means you encrypt your data locally – AND in transit which means SSL/TLS.  SSL is utterly  useless if the data is in clear text on Dropbox.

  4. Strength of encryption?

    The days of AES128 are long gone. At a minimum you need AES256.

  5. Can the Cloud provider staff access your data? (Zero Knowledge privacy).

    This last rule which is perhaps the most important is to ask.
    If the answer is yes, then your data is subject to court orders.  The state will politely ask KGB drive for your data, and they will hand it over.  The Patriot Act has a “Form B”, which is simply a mandatory gagging order.  So you’ll never know if your data has been seized, and Stasi Mail are gagged from telling you, which is a pretty cute way of carrying out state surveillance.   Therefore, Zero Knowledge privacy means that no member of staff must be able to decrypt data.

    Rule 5 is critical to those of us in the UK, as Cameron is determined to bring back the Snoopers Charter. Make sure the UK government cannot access the servers or data – which means do not use a UK based data storage centre.  European data protection laws in Germany and Switzerland are more stringent that the UK.  This gives us a good signpost to where our cloud data needs to be stored.

********

Cloud providers that use strong encryption.

  1. Germany’s TeamDrive.

    *Subject to strict German Privacy rules.
    *Gives 2GB of free space for private customers for free.
    *Invite friends and you have 10GB of cloud storage.
    *Linux client available (which is more than can be said for Google Drive).
    *Data encrypted locally.
    *Only asks for username, password and email.
    *Encrypts all data to AES256.
    *Transmits all data with SSL encryption.
    https://www.teamdrive.com/

Alternatives include:

2. Germany’s YourSecureCloud.

This is a new offering, and you need to wait for the website to translate from German to English.

https://www.yoursecurecloud.de/

3. Switzerland’s Tresorit.

Slick and easy to use.  Offers best in class.  But wants money… sorry about that.  I know the best things in life should be free.  Anyway, they’ll want your ID and Visa card, which means that just like Ashley Madison, the data will link straight back to you.

https://tresorit.com/security

 

4. America’s SpiderOak.

Snowden used SpiderOak, so we have to give credit where it’s due.  They operate zero knowledge privacy. This means they can withstand court orders to seize data.  Alas financial records can link back to you, just like Tresorit.

https://spideroak.com/features/control-your-keys

https://spideroak.com/

 

Cryptographers have nicknamed cloud computing as cesspit computing… because the keys are stored on the server.  With luck, the Matrix checklist will help answer the extent of risk you are accepting from each cloud provider.

From → Cloud Computing, Encryption, European Privacy, News, Privacy Tools, Security Tools, SSL/TLS, Surveillance

8 Comments
  1. Amir Kh permalink

    “The days of AES128 are long gone”

    This is silly comment.

    If you divert the total energy production of the Earth (no cars, no electricity, etc) to counting, it will take 10 years of total energy production of the Earth to count to 122 bits. That’s still less than 128 bits, and that’s just flipping the gates, not doing actual aes encryption algorithm which will take far more energy than just flipping.

    See this post on energy requirement to brute force 128 bit key

    https://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149

    Like

    Reply
  2. Amir Kh permalink

    What’s even funnier is that you added the word “minimum” to 256 bits as you might need more than that someday. If the mass of our entire solar system (sun and all the planets) are converted into energy using E – mc^2 as the basis, that’s still not enough energy for a computer (or bunch of computers combined) to count to 255 bits.

    Funny, “minimum” usage there.

    Like

    Reply
    • uwnthesis permalink

      We need more than 256 bits today.

      Like

      Reply
      • Amir Kh permalink

        Since you you like to quote bruce schneier, he once did a blog that people who think more than 256 bits of security is needed do not understand crypto and should not be trusted.

        A larger than 128 bit key doesn’t guarantee more security, as that is not the weak part of symmetric encryption algorithm

        Brute forcing 256 bits takes more energy than the sun will produce in 8 billion years of it’s life In fact, schneier recommends 128 bits as brute forcing 128 bits requires more energy than entire energy production on earth for 10 years.

        These numbers are based on simple mathematics. and physics as shown here

        https://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149

        Saying things like “We need more than 256 bits today” is an idiotic statement and says you don’t understand crypto and security. Larger key does not add more security (it could even weaken the algorithm)

        Like

      • Amir Kh permalink

        Just to provide proof that I wasn’t making u this stuff, here is bruce schneier article titled Snake Oil

        https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil

        scroll down to section called :Warning Sign #5: Ridiculous key lengths.:

        This confirms that anyone making statements like “we need more than 256 bits” for symmetric block cipher doesn’t understand anything about the topic.

        Like

      • uwnthesis permalink

        The Asymmetric key protects the Symmetric key. At the moment EU Data Protection are recommending a DRAMATIC increase in the Asymmetric key – so I’ve added the ENISA report to the site.
        As to your point, I do not trust AES128 or even AES256. There were much better products put forward to NIST. NIST needs to have their motives examined carefully. Many NSA operatives sat on managerial boards. Many NSA recommendations were farcical, including the use of Dragonfly. The promotion of AES over Twofish or Serpent is a questionable decision… lead by self interest of the NSA in my opinion. Currently NIST are attempting to weaken Keccak or SHA3 – this must not be allowed to proceed unchallenged. A good option in Threefish exists – so there is no need to adopt Keccak if NIST weakens it.

        Like

  3. Amir Kh permalink

    You seem to not understand that NSA job is not to just break code and snoop on others, but also (even far more important) to protect their own secrets from other govts.. That’s why NSA released SHA2 to public in 2001 so that the entire academic world can try to break it. That raised confidence in the SHA2 algorithm that NSA was using in their own products.

    More eyes looking, studying, probing, attacking an algorithm is always better. You want the most “vetted” algorithm possible.

    There is absolutely no logic in using old, obscure and not studied algorithms like Twofish.

    Also, as for SHA3, you once again are posting misinformation that you read on Schneier blog. NIST did not try to “weaken” SHA3. The proposed changes made no difference to security of Keccak. Even worse, due to all the fuss and misinformation, NIST went back to original Keccak proposal.

    This proposal was implemented in the final release standard in August 2015

    SHA3 is already finalized.

    But since SHA2 remains unbroken and is secure, why would anyone even use SHA3? In fact, there is no mathematical proof that any of the SHA3 candidates (including Keccak or Skein ) are better or more secure than SHA2. It’s perfectly possible that Skein or Keccak would get broken before SHA2. No one knows.

    Like

    Reply
  4. Amir Kh permalink

    AES-GCM has become so fast and (and secure too as side channel attacks are eliminated) due to hardware support by Intel, AMD, and now even ARMv8

    Google engineer tweeted a few days ago that Nexus 9 switches to AES GCM (instead of chahca20-poly) as it has ARMv8 chip in

    Like

    Reply

Leave a comment

«
»