9 ways to build privacy into your cloud applications - ARNnet

9 ways to build privacy into your cloud applications - ARNnet
Building privacy into cloud applications - TechCentral.ie
LastPass vs. Dashlane - ITProPortal
Bridgefy, the messenger promoted for mass protests, is a privacy disaster - Ars Technica

Posted: 31 Aug 2020 03:35 AM PDT

Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job that's full of nuance and tradeoffs. Turn the dial too far to one side and the databases are useless. Turn it too far in the other direction and everyone is upset about your plan to install camera arrays in their shower to automatically reorder soap.

The good news is that there is a dial to turn. In the early days, everyone assumed that there was just a switch. One position delivered all of the wonderful magic of email, online ordering, and smartphones. The other position was the cash-only world of living off the grid in a cabin wearing an aluminum foil hat.

Privacy enhancing technologies let you control how much privacy to support but limit that control to preserve functionality. They mix in encryption functions with clever algorithms to build databases that can answer some questions correctly — but only for the right people.

In my book, Translucent Databases, I explored building a babysitter scheduling service that could let parents book babysitters without storing personal information in the central database. The parents and babysitters could get the correct answer from the database, but any attacker or insider with root privileges would get only scrambled noise.

The field has grown dramatically over the years and there are now a number of approaches and strategies that do a good job of protecting many facets of our personal lives. They store just enough information for businesses to deliver products while avoiding some of the obvious dangers that can appear if hackers or insiders gain access.

The approaches all have their limits. They will defend against the most general attacks but some start to crumble if the attackers are better equipped or the attacks are more targeted. Often the amount of protection is proportional to the amount of computation power required for the encryption calculations. Basic protections may not add noticeable extra load to the system, but providing perfect security may be out of reach for even the cloud companies.

But these limits shouldn't stop us from adding the basic protections. The perfectly secure approach may not be out there, but adding some of these simpler solutions can protect everyone against some of the worst attacks that can be enabled by the new cloud services.

Here are nine strategies for balancing privacy with functionality.

Use the features

The cloud providers understand that customers are nervous about security and they've slowly added features that make it easier to lock up your data. Amazon, for instance, offers more than two dozen products that help add security. The AWS Firewall Manager helps make sure the firewalls let in only the right packets. AWS Macie will scan your data looking for sensitive data that's too open. Google Cloud and Microsoft Azure have their own collections of security tools. Understanding all of these products may take a team but it's the best place to start securing your cloud work.

Watch the secrets

Securing the passwords, encryption keys, and authentication parameters is hard enough when we're just locking down our desktops. It's much trickier with cloud machines, especially when they're managed by a team. A variety of different tools are designed to help. You've still got to be careful with source code management, but the tools will help juggle the secrets so they can be added to the cloud machines safely. Tools like Hashicorp's Vault, Doppler's Enclave, AWS's Key Management System, and Okta's API management tools are just some of the options that simplify the process. All still require some care but they are better than writing down passwords in a little notebook and locking it in someone's office.

Consider dedicated hardware

It's hard to know how paranoid to be about sharing computer hardware with others. It's hard to believe that an attacker may finagle a way to share the right machine and then exploit some of the different extreme approaches like rowhammer, but some data might be worth the hard work. The cloud companies offer dedicated hardware just for occasions like this. If your computing load is fairly constant, it may even make economic sense to use local servers in your own building. Some embrace the cloud company's hybrid tools and others want to set up their own machines. In any case, taking complete control of a computer is more expensive than sharing, but it rules out many attacks.

Hashing

One of the simplest solutions is to use a one-way function to hide personal information. These mathematical functions are designed to be easy to compute but practically impossible to reverse. If you replace someone's name with f(name), someone browsing the database will only see the random encrypted noise that comes out of the one-way function.

This data may be inscrutable to casual browsers, but it can still be useful. If you want to search for Bob's records, you can compute f(Bob) and use this scrambled value in your query.

This approach is secure against casual browsers who may find an interesting row in a database and try to unscramble the value of f(name). It won't stop targeted browsing by attackers who know they are looking for Bob. More sophisticated approaches can add more layers of protection.

The most common one-way functions may be the Secure Hash Algorithm or SHA, a collection of functions approved by the US National Institute of Standards and Technology. There are several different versions, and some weaknesses have been found in the earlier versions, so make sure you use a new one.

Pure encryption

Good encryption functions are built into many layers of the operating system and file system. Activating them is a good way to add some basic security against low-level attackers and people who might gain physical access to your device. If you're storing data on your laptop, keeping it encrypted saves some of the worry if you lose the machine.

Regular encryption functions, though, are not one-way. There's a way to unscramble the data. Choosing regular encryption is often unavoidable because you're planning on using the data, but it leaves another pathway for the attackers. If you can apply the right key to unscramble the data, they can find a copy of that key and deploy it too. Make sure you read the section above about guarding secrets.

Fake data

While some complain about "fake news" corrupting the world, fake data has the potential to protect us. Instead of opening up the real data set to partners or insiders who need to use it for projects like AI training or planning, some developers are creating fake versions of the data that have many of the same statistical properties.

RTI, for instance, created a fake version of the US Census complete with more than 110 million households holding more than 300 million people. There's no personal information of real Americans but the 300 million fake people are more or less in the same parts of the country and their personal details are pretty close to the real information. Researchers predicting the path of infectious diseases were able to study the US without access to real personal data.

An AI company, Hazy, is delivering a Python-based tool that will run inside secure data centers and produce synthetic versions of your data that you can share more freely.

Differential privacy

The term describes a general approach to adding just enough noise to the data to protect the private information in the data set while still leaving enough information to be useful. Adding or subtracting a few years to everyone's age at random, for instance, will hide the exact birth years of the people but the average won't be affected.

The approach is most useful for larger statistical work that studies groups in aggregate. The individual entries may be corrupted by noise, but the overall results are still accurate.

Microsoft has started sharing White Noise, an open source tool built with Rust and Python, for adding a finely tuned amount of noise to your SQL queries.

Homomorphic encryption

Most encryption algorithms scramble the data so completely that no one can make any sense of the results without the proper key. Homomorphic approaches use a more sophisticated framework so that many basic arithmetic operations can be done on the encrypted data without the key. You can add or multiply without knowing the underlying information itself.

The simplest schemes are practical but limited. Chapter 14 of Translucent Databases describes simple accounting tools that can, for instance, support addition but not multiplication. More complete solutions can compute more arbitrary functions, but only after much more expensive encryption.

IBM is now sharing an open source toolkit for embedding homomorphic encryption in iOS and MacOS applications with the promise that versions for Linux and Android will be coming soon. The tools are preliminary, but they offer the ability to explore calculations as complicated as training a machine learning model without access to the unencrypted data.

Keep nothing

Programmers may be packrats who keep data around in case it can be useful for debugging later. One of the simplest solutions is to design your algorithms to be as stateless and log-free as possible. Once the debugging is done, quit filling up the disk drives with lots of information. Just return the results and stop.

Keeping as little information as possible has dangers. It's harder to detect abuse or fix errors. But on the flip side, you don't need to worry about attackers gaining access to this digital flotsam and jetsam. They can't attack anyone's personal data if it doesn't exist.

Join the newsletter!

Error: Please check your email address.

Building privacy into cloud applications - TechCentral.ie

Posted: 31 Aug 2020 04:45 AM PDT

(Image: StockFresh)

Nine strategies to balance privacy with functionality and protect applications and data against attacks in the cloud

Pro

31 August 2020 |

Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job that is full of nuance and tradeoffs. Turn the dial too far to one side and the databases are useless. Turn it too far in the other direction and everyone is upset about your plan to install camera arrays in their shower to automatically reorder soap.

But these limits should not stop us from adding the basic protections. The perfectly secure approach may not be out there but adding some of these simpler solutions can protect everyone against some of the worst attacks that can be enabled by the new cloud services.

Here are nine strategies for balancing privacy with functionality.

Use the features

The cloud providers understand that customers are nervous about security and they have slowly added features that make it easier to lock up your data. Amazon, for instance, offers more than two dozen products that help add security. The AWS Firewall Manager helps make sure the firewalls let in only the right packets. AWS Macie will scan your data looking for sensitive data that is too open. Google Cloud and Microsoft Azure have their own collections of security tools. Understanding all these products may take a team but it is the best place to start securing your cloud work.

Watch the secrets

Securing the passwords, encryption keys, and authentication parameters is hard enough when we are just locking down our desktops. It is much trickier with cloud machines, especially when they are managed by a team. A variety of different tools are designed to help. You have still got to be careful with source code management, but the tools will help juggle the secrets so they can be added to the cloud machines safely. Tools like Hashicorp's Vault, Doppler's Enclave, AWS's Key Management System, and Okta's API management tools are just some of the options that simplify the process. All still require some care, but they are better than writing down passwords in a little notebook and locking it in someone's office.

Consider dedicated hardware

It is hard to know how paranoid to be about sharing computer hardware with others. It is hard to believe that an attacker may finagle a way to share the right machine and then exploit some of the different extreme approaches like rowhammer, but some data might be worth the hard work. The cloud companies offer dedicated hardware just for occasions like this. If your computing load is constant, it may even make economic sense to use local servers in your own building. Some embrace the cloud company's hybrid tools and others want to set up their own machines. In any case, taking complete control of a computer is more expensive than sharing, but it rules out many attacks.

Hashing

This data may be inscrutable to casual browsers, but it can still be useful. If you want to search for Bob's records, you can compute f(Bob) and use this scrambled value in your query.

This approach is secure against casual browsers who may find an interesting row in a database and try to unscramble the value of f(name). It will not stop targeted browsing by attackers who know they are looking for Bob. More sophisticated approaches can add more layers of protection.

Pure encryption

Good encryption functions are built into many layers of the operating system and file system. Activating them is a good way to add some basic security against low-level attackers and people who might gain physical access to your device. If you are storing data on your laptop, keeping it encrypted saves some of the worry if you lose the machine.

Regular encryption functions, though, are not one-way. There is a way to unscramble the data. Choosing regular encryption is often unavoidable because you are planning on using the data, but it leaves another pathway for the attackers. If you can apply the right key to unscramble the data, they can find a copy of that key and deploy it too. Make sure you read the section above about guarding secrets.

Fake data

RTI, for instance, created a fake version of the US Census complete with more than 110 million households holding more than 300 million people. There is no personal information of real Americans but the 300 million fake people are more or less in the same parts of the country and their personal details are pretty close to the real information. Researchers predicting the path of infectious diseases were able to study the US without access to real personal data.

An AI company, Hazy, is delivering a Python-based tool that will run inside secure data centres and produce synthetic versions of your data that you can share more freely.

Differential privacy

The approach is most useful for larger statistical work that studies groups in aggregate. The individual entries may be corrupted by noise, but the overall results are still accurate.

Microsoft has started sharing White Noise, an open source tool built with Rust and Python, for adding a finely tuned amount of noise to your SQL queries.

Homomorphic encryption

Keep nothing

Keeping as little information as possible has dangers. It is harder to detect abuse or fix errors. But on the flip side, you do not need to worry about attackers gaining access to this digital flotsam and jetsam. They cannot attack anyone's personal data if it does not exist.

IDG News Services

LastPass vs. Dashlane - ITProPortal

Posted: 31 Aug 2020 07:00 AM PDT

With hacks and other online attacks on the rise, it's more important than ever to protect your accounts with a password manager. This will enable you to create strong, unique passwords for every account and keep track of them with a single encryption key.

When it comes to choosing the best password manager, you have a lot of options. LastPass and Dashlane are two of the most popular tools and they each bring a number of handy features to the table. But which is better for you?

We'll compare LastPass vs. Dashlane head to head on pricing, features, support, and more to help you decide.

Features

Both LastPass and Dashlane cover all the basic functions that you need in a password manager. The two platforms each offer a random password generator and auto-fill capabilities when you go to log in to an account. Plus, you can store far more than just online account information. LastPass and Dashlane both hold encrypted notes, credit card and banking information, and license numbers.

The Dashlane desktop app on Windows (Image credit: Dashlane)

The two password managers also have some key business features in common. Individuals can seamlessly share passwords within teams, and administrators can access security dashboards to monitor access to different account keys.

LastPass goes a few steps further for individuals and businesses, though. The software includes emergency access with all individual plans, ensuring that a trusted family member or friend can always access your encrypted information. Business users get access to single sign-on for more than 1,200 pre-integrated applications, which makes logging into frequently used software much more efficient.

Dashlane doesn't match these features, but it does take a more holistic approach to security than LastPass. In addition to keeping your passwords safe, Dashlane offers a VPN for online privacy, credit monitoring to protect your identity, and insurance if your identity is stolen. Business admins also get a customized security dashboard that highlights users with weak passwords so that corrective measures can be taken.

Performance

Both LastPass and Dashlane work across all your devices. The two platforms offer apps for Windows, Mac, and Linux computers as well as iOS and Android mobile devices.

Dashlane also has integrations for Chrome, Edge, and Firefox, while Lastpass offers integrations for those browsers plus Safari and Opera. The browser integrations are required to auto-fill your username and password when logging into online accounts.

The LastPass extension for Google Chrome (Image credit: Lastpass)

For both LastPass and Dashlane, the browser extensions will also ask whether you want to save login information whenever you manually enter your account details. This makes it relatively easy to grow your password manager database over time, as opposed to entering all your passwords at once when you first download the software.

The user interfaces are almost indistinguishable, and both are easy to use. You'll find a menu on the left-hand side of the apps containing your password categories, and your list of accounts appears in the center of the screen. Both Dashlane and LastPass enable you to create an unlimited number of categories to organize your passwords, notes, and other account information using the desktop and mobile apps.

Support

When it comes to customer support, Dashlane wins out handily over LastPass. Dashlane makes it easy to get in touch by email or live chat, with the support team available from 9 am to 6 pm Monday to Friday (Eastern time). You'll also find a large online knowledge base with detailed tutorials explaining how to set up and troubleshoot your password manager account.

Dashlane offers an online knowledge base and support via live chat (Image credit: Dashlane)

LastPass only offers email support, and you have to jump through a number of hoops on the company's website before you're taken to a contact page. There is an online user manual you can turn to, but it's not nearly as comprehensive as Dashlane's resource pages. The good news is that LastPass has a user forum that's very active, so you can often get answers to niche questions within one or two days.

Pricing and plans

For the majority of users, LastPass is less expensive than Dashlane. That said, it's worth comparing how the two companies' plans stack up in detail.

To start out, both LastPass and Dashlane offer free tiers for individuals. There's no limit to how many passwords you can store with LastPass, but Dashlane restricts you to 50 entries and only lets you use the software on a single device.

Individual and family plan options at LastPass (Image credit: Lastpass)

Paid plans start at $3 per month at LastPass or $4.99 per month at Dashlane. Dashlane's Premium plan is a pretty good deal in that it comes with a VPN, although for the most part it just removes the limits on how many passwords and devices you can have. LastPass Premium doesn't offer much beyond the Free plan except for group password sharing.

Individual plan options at Dashlane (Image credit: Lastpass)

Notably, LastPass and Dashlane also offer family plans for up to six users. LastPass's plan costs $4 per month, while Dashlane's plan costs $7.49 per month.

Dashlane for business teams costs $5 per user per month and includes nearly all of the software's features. LastPass has multiple options ranging from $3 per user per month to $8 per user per month, depending on whether you want single sign-on, customizable security policies, and unlimited users.

Verdict

For the majority of individuals and business users, we think LastPass is a better password manager software than Dashlane. It offers cheaper individual, family, and business plans, plus doesn't put many restrictions on its free offering. While LastPass and Dashlane have many features in common, LastPass offers more customization for business teams and single sign-on for more than 1,200 popular apps. Dashlane could be worthwhile if you want to pair a VPN or identity monitoring with account security, but the software seems to focus on these offerings at the expense of being a more versatile password management solution.

Bridgefy, the messenger promoted for mass protests, is a privacy disaster - Ars Technica

Posted: 24 Aug 2020 05:00 AM PDT

Enlarge / Demonstrations in Belarus over the reelection of Alexander Lukashenko are just one of the mass protests where Bridgefy is being promoted.

SERGEI GAPON/AFP via Getty Images

The rise of mass protests over the past year—in Hong Kong, India, Iran, Lebanon, Zimbabwe, and the US—has presented activists with a major challenge. How do you communicate with one another when Internet connections are severely congested or completely shut down and at the same time keep your identity and conversations private?

One heavily promoted solution has been Bridgefy, a messaging app that has the financial and marketing backing of Twitter cofounder Biz Stone and boasts having more than 1.7 million installations. By using Bluetooth and mesh network routing, Bridgefy lets users within a few hundred meters—and much further as long as there are intermediary nodes—to send and receive both direct and group texts with no reliance on the Internet at all.

Bridgefy cofounder and CEO Jorge Ríos has said he originally envisioned the app as a way for people to communicate in rural areas or other places where Internet connections were scarce. And with the past year's upswell of large protests around the world—often in places with hostile or authoritarian governments—company representatives began telling journalists that the app's use of end-to-end encryption (reiterated here, here, and here) protected activists against governments and counter protesters trying to intercept texts or shut down communications.

Enlarge / From a Bridgefy video promoting the app as suitable for protests.

Over the past few months, the company has continued to hold out the app as a safe and reliable way for activists to communicate in large gatherings. Bridgefy's tweets embrace protestors in Belarus, India, and Zimbabwe, not to mention the Black Lives Matter protests throughout the US. The company has also said its software developer kit can be used to build COVID-19 contact tracing apps.

Just this month, on August 10, this article quoted Bridgefy cofounder and CEO Jorge Ríos saying: "Last year, we became the protest app." Up until last week, Bridgefy told Android users via the Google Play Store, "Don't worry! Your messages are safe and can't be read by those people in the middle." The company continues to encourage iOS users to "have secure and private conversations" using the app.

But now, researchers are revealing a litany of recently uncovered flaws and weaknesses that show that just about every claim of anonymity, privacy, and reliability is outright false.

Unsafe at any speed

In a paper published on Monday, researchers said that the app's design for use at concerts, sports events, or during natural disasters makes it woefully unsuitable for more threatening settings such as mass protests. They wrote:

Though it is advertised as "safe" and "private" and its creators claimed it was secured by end-to-end encryption, none of aforementioned use cases can be considered as taking place in adversarial environments such as situations of civil unrest where attempts to subvert the application's security are not merely possible, but to be expected, and where such attacks can have harsh consequences for its users. Despite this, the Bridgefy developers advertise the app for such scenarios and media reports suggest the application is indeed relied upon.

The researchers are: Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekova from Royal Holloway, University of London. After reverse engineering the app, they devised a series of devastating attacks that allow hackers—in many cases with only modest resources and moderate skill levels—to take a host of nefarious actions against users. The attacks allow for:

deanonymizing users
building social graphs of users' interactions, both in real time and after the fact
decrypting and reading direct messages
impersonating users to anyone else on the network
completely shutting down the network
performing active man-in-the-middle attacks, which allow an adversary not only to read messages, but to tamper with them as well

Impersonation, MitMs, and more

A key shortcoming that makes many of these attacks possible is that Bridgefy offers no means of cryptographic authentication, which one person uses to prove she's who she claims to be. Instead, the app relies on a user ID that's transmitted in plaintext to identify each person. Attackers can exploit this by sniffing the ID over the air and using it to spoof another user.

With no effective way to authenticate, any user can impersonate any other user, as long as an attacker has come into contact with that user (either one-on-one or in network-wide broadcast messages) at least once. With that, the attacker can pose as a trusted contact and trick a person into revealing personal names or other confidential information, or take harmful actions. The lack of authentication can also give rise to eavesdropping or tampering of messages.

Here's how: When hypothetical Bridgefy user Ursula messages Ivan, she uses Ivan's public key to encrypt the message. Ivan then uses his private key to decrypt the message. With no cryptographic means to verify a user's identity, an attacker—say, one named Eve—can impersonate Ivan and present her own public key to Ursula. From then on, Eve can intercept and read all messages Ursula sends to Ivan. To tamper with the messages Ursula or Ivan send, Eve impersonates both parties to the other. With that, Eve can intercept the messages each sends and change the contents or add malicious attachments before sending it on to the other party.

There's a separate way to read encrypted messages, thanks to another major Bridgefy flaw: its use of PKCS #1, an outdated way of encoding and formatting messages so that they can be encrypted with the RSA cryptographic algorithm. This encoding method, which was deprecated in 1998, allows attackers to perform what's known as a padding oracle attack to derive contents of an encrypted message.

Search This Blog

Android Full Encryption