9 ways to build privacy into your cloud applications - ARNnet

9 ways to build privacy into your cloud applications - ARNnet


9 ways to build privacy into your cloud applications - ARNnet

Posted: 31 Aug 2020 03:35 AM PDT

Credit: ID 115671951 © Andrii Yalanskyi | Dreamstime.com

Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job that's full of nuance and tradeoffs. Turn the dial too far to one side and the databases are useless. Turn it too far in the other direction and everyone is upset about your plan to install camera arrays in their shower to automatically reorder soap.

The good news is that there is a dial to turn. In the early days, everyone assumed that there was just a switch. One position delivered all of the wonderful magic of email, online ordering, and smartphones. The other position was the cash-only world of living off the grid in a cabin wearing an aluminum foil hat.

Privacy enhancing technologies let you control how much privacy to support but limit that control to preserve functionality. They mix in encryption functions with clever algorithms to build databases that can answer some questions correctly — but only for the right people.

In my book, Translucent Databases, I explored building a babysitter scheduling service that could let parents book babysitters without storing personal information in the central database. The parents and babysitters could get the correct answer from the database, but any attacker or insider with root privileges would get only scrambled noise.

The field has grown dramatically over the years and there are now a number of approaches and strategies that do a good job of protecting many facets of our personal lives. They store just enough information for businesses to deliver products while avoiding some of the obvious dangers that can appear if hackers or insiders gain access.

The approaches all have their limits. They will defend against the most general attacks but some start to crumble if the attackers are better equipped or the attacks are more targeted. Often the amount of protection is proportional to the amount of computation power required for the encryption calculations. Basic protections may not add noticeable extra load to the system, but providing perfect security may be out of reach for even the cloud companies.

But these limits shouldn't stop us from adding the basic protections. The perfectly secure approach may not be out there, but adding some of these simpler solutions can protect everyone against some of the worst attacks that can be enabled by the new cloud services.

Here are nine strategies for balancing privacy with functionality. 

Use the features

The cloud providers understand that customers are nervous about security and they've slowly added features that make it easier to lock up your data. Amazon, for instance, offers more than two dozen products that help add security. The AWS Firewall Manager helps make sure the firewalls let in only the right packets. AWS Macie will scan your data looking for sensitive data that's too open. Google Cloud and Microsoft Azure have their own collections of security tools. Understanding all of these products may take a team but it's the best place to start securing your cloud work.

Watch the secrets

Securing the passwords, encryption keys, and authentication parameters is hard enough when we're just locking down our desktops. It's much trickier with cloud machines, especially when they're managed by a team. A variety of different tools are designed to help. You've still got to be careful with source code management, but the tools will help juggle the secrets so they can be added to the cloud machines safely. Tools like Hashicorp's Vault,  Doppler's Enclave,  AWS's Key Management System, and Okta's API management tools are just some of the options that simplify the process. All still require some care but they are better than writing down passwords in a little notebook and locking it in someone's office.

Consider dedicated hardware

It's hard to know how paranoid to be about sharing computer hardware with others. It's hard to believe that an attacker may finagle a way to share the right machine and then exploit some of the different extreme approaches like rowhammer, but some data might be worth the hard work. The cloud companies offer dedicated hardware just for occasions like this. If your computing load is fairly constant, it may even make economic sense to use local servers in your own building. Some embrace the cloud company's hybrid tools and others want to set up their own machines. In any case, taking complete control of a computer is more expensive than sharing, but it rules out many attacks.

Hashing

One of the simplest solutions is to use a one-way function to hide personal information. These mathematical functions are designed to be easy to compute but practically impossible to reverse. If you replace someone's name with f(name), someone browsing the database will only see the random encrypted noise that comes out of the one-way function.

This data may be inscrutable to casual browsers, but it can still be useful. If you want to search for Bob's records, you can compute f(Bob) and use this scrambled value in your query. 

This approach is secure against casual browsers who may find an interesting row in a database and try to unscramble the value of f(name). It won't stop targeted browsing by attackers who know they are looking for Bob. More sophisticated approaches can add more layers of protection.

The most common one-way functions may be the Secure Hash Algorithm or SHA, a collection of functions approved by the US National Institute of Standards and Technology. There are several different versions, and some weaknesses have been found in the earlier versions, so make sure you use a new one. 

Building privacy into cloud applications - TechCentral.ie

Posted: 31 Aug 2020 04:45 AM PDT

(Image: StockFresh)

Nine strategies to balance privacy with functionality and protect applications and data against attacks in the cloud

Print

Pro

Read More:

31 August 2020 |

Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job that is full of nuance and tradeoffs. Turn the dial too far to one side and the databases are useless. Turn it too far in the other direction and everyone is upset about your plan to install camera arrays in their shower to automatically reorder soap.

The good news is that there is a dial to turn. In the early days, everyone assumed that there was just a switch. One position delivered all of the wonderful magic of email, online ordering, and smartphones. The other position was the cash-only world of living off the grid in a cabin wearing an aluminum foil hat.

Privacy enhancing technologies let you control how much privacy to support but limit that control to preserve functionality. They mix in encryption functions with clever algorithms to build databases that can answer some questions correctly – but only for the right people.

 
advertisement



 

The field has grown dramatically over the years and there are now a number of approaches and strategies that do a good job of protecting many facets of our personal lives. They store just enough information for businesses to deliver products while avoiding some of the obvious dangers that can appear if hackers or insiders gain access.

The approaches all have their limits. They will defend against the most general attacks but some start to crumble if the attackers are better equipped or the attacks are more targeted. Often the amount of protection is proportional to the amount of computation power required for the encryption calculations. Basic protections may not add noticeable extra load to the system, but providing perfect security may be out of reach for even the cloud companies.

But these limits should not stop us from adding the basic protections. The perfectly secure approach may not be out there but adding some of these simpler solutions can protect everyone against some of the worst attacks that can be enabled by the new cloud services.

Here are nine strategies for balancing privacy with functionality. 

Use the features

The cloud providers understand that customers are nervous about security and they have slowly added features that make it easier to lock up your data. Amazon, for instance, offers more than two dozen products that help add security. The AWS Firewall Manager helps make sure the firewalls let in only the right packets. AWS Macie will scan your data looking for sensitive data that is too open. Google Cloud and Microsoft Azure have their own collections of security tools. Understanding all these products may take a team but it is the best place to start securing your cloud work.

Watch the secrets

Securing the passwords, encryption keys, and authentication parameters is hard enough when we are just locking down our desktops. It is much trickier with cloud machines, especially when they are managed by a team. A variety of different tools are designed to help. You have still got to be careful with source code management, but the tools will help juggle the secrets so they can be added to the cloud machines safely. Tools like Hashicorp's Vault, Doppler's Enclave, AWS's Key Management System, and Okta's API management tools are just some of the options that simplify the process. All still require some care, but they are better than writing down passwords in a little notebook and locking it in someone's office.

Consider dedicated hardware

It is hard to know how paranoid to be about sharing computer hardware with others. It is hard to believe that an attacker may finagle a way to share the right machine and then exploit some of the different extreme approaches like rowhammer, but some data might be worth the hard work. The cloud companies offer dedicated hardware just for occasions like this. If your computing load is constant, it may even make economic sense to use local servers in your own building. Some embrace the cloud company's hybrid tools and others want to set up their own machines. In any case, taking complete control of a computer is more expensive than sharing, but it rules out many attacks.

Hashing

One of the simplest solutions is to use a one-way function to hide personal information. These mathematical functions are designed to be easy to compute but practically impossible to reverse. If you replace someone's name with f(name), someone browsing the database will only see the random encrypted noise that comes out of the one-way function.

This data may be inscrutable to casual browsers, but it can still be useful. If you want to search for Bob's records, you can compute f(Bob) and use this scrambled value in your query. 

This approach is secure against casual browsers who may find an interesting row in a database and try to unscramble the value of f(name). It will not stop targeted browsing by attackers who know they are looking for Bob. More sophisticated approaches can add more layers of protection.

The most common one-way functions may be the Secure Hash Algorithm or SHA, a collection of functions approved by the US National Institute of Standards and Technology. There are several different versions, and some weaknesses have been found in the earlier versions, so make sure you use a new one. 

Pure encryption

Good encryption functions are built into many layers of the operating system and file system. Activating them is a good way to add some basic security against low-level attackers and people who might gain physical access to your device. If you are storing data on your laptop, keeping it encrypted saves some of the worry if you lose the machine.

Regular encryption functions, though, are not one-way. There is a way to unscramble the data. Choosing regular encryption is often unavoidable because you are planning on using the data, but it leaves another pathway for the attackers. If you can apply the right key to unscramble the data, they can find a copy of that key and deploy it too.  Make sure you read the section above about guarding secrets.

Fake data

While some complain about "fake news" corrupting the world, fake data has the potential to protect us. Instead of opening up the real data set to partners or insiders who need to use it for projects like AI training or planning, some developers are creating fake versions of the data that have many of the same statistical properties.

RTI, for instance, created a fake version of the US Census complete with more than 110 million households holding more than 300 million people. There is no personal information of real Americans but the 300 million fake people are more or less in the same parts of the country and their personal details are pretty close to the real information. Researchers predicting the path of infectious diseases were able to study the US without access to real personal data.

An AI company, Hazy, is delivering a Python-based tool that will run inside secure data centres and produce synthetic versions of your data that you can share more freely.

Differential privacy

The term describes a general approach to adding just enough noise to the data to protect the private information in the data set while still leaving enough information to be useful. Adding or subtracting a few years to everyone's age at random, for instance, will hide the exact birth years of the people but the average will not be affected.

The approach is most useful for larger statistical work that studies groups in aggregate. The individual entries may be corrupted by noise, but the overall results are still accurate.

Microsoft has started sharing White Noise, an open source tool built with Rust and Python, for adding a finely tuned amount of noise to your SQL queries.

Homomorphic encryption

Most encryption algorithms scramble the data so completely that no one can make any sense of the results without the proper key. Homomorphic approaches use a more sophisticated framework so that many basic arithmetic operations can be done on the encrypted data without the key. You can add or multiply without knowing the underlying information itself.

IBM is now sharing an open source toolkit for embedding homomorphic encryption in iOS and MacOS applications with the promise that versions for Linux and Android will be coming soon. The tools are preliminary, but they offer the ability to explore calculations as complicated as training a machine learning model without access to the unencrypted data.

Keep nothing

Programmers may be packrats who keep data around in case it can be useful for debugging later. One of the simplest solutions is to design your algorithms to be as stateless and log-free as possible. Once the debugging is done, quit filling up the disk drives with lots of information. Just return the results and stop.

Keeping as little information as possible has dangers. It is harder to detect abuse or fix errors. But on the flip side, you do not need to worry about attackers gaining access to this digital flotsam and jetsam. They cannot attack anyone's personal data if it does not exist.

IDG News Services

Read More:



LastPass vs. Dashlane - ITProPortal

Posted: 31 Aug 2020 07:00 AM PDT

With hacks and other online attacks on the rise, it's more important than ever to protect your accounts with a password manager. This will enable you to create strong, unique passwords for every account and keep track of them with a single encryption key.

When it comes to choosing the best password manager, you have a lot of options. LastPass and Dashlane are two of the most popular tools and they each bring a number of handy features to the table. But which is better for you?

Bridgefy, the messenger promoted for mass protests, is a privacy disaster - Ars Technica

Posted: 24 Aug 2020 05:00 AM PDT

Demonstrations in Belarus over the reelection of Alexander Lukashenko are just one of the mass protests where Bridgefy is being promoted.
Enlarge / Demonstrations in Belarus over the reelection of Alexander Lukashenko are just one of the mass protests where Bridgefy is being promoted.
SERGEI GAPON/AFP via Getty Images

The rise of mass protests over the past year—in Hong Kong, India, Iran, Lebanon, Zimbabwe, and the US—has presented activists with a major challenge. How do you communicate with one another when Internet connections are severely congested or completely shut down and at the same time keep your identity and conversations private?

One heavily promoted solution has been Bridgefy, a messaging app that has the financial and marketing backing of Twitter cofounder Biz Stone and boasts having more than 1.7 million installations. By using Bluetooth and mesh network routing, Bridgefy lets users within a few hundred meters—and much further as long as there are intermediary nodes—to send and receive both direct and group texts with no reliance on the Internet at all.

Bridgefy cofounder and CEO Jorge Ríos has said he originally envisioned the app as a way for people to communicate in rural areas or other places where Internet connections were scarce. And with the past year's upswell of large protests around the world—often in places with hostile or authoritarian governments—company representatives began telling journalists that the app's use of end-to-end encryption (reiterated here, here, and here) protected activists against governments and counter protesters trying to intercept texts or shut down communications.

From a Bridgefy video promoting the app as suitable for protests.
Enlarge / From a Bridgefy video promoting the app as suitable for protests.

Over the past few months, the company has continued to hold out the app as a safe and reliable way for activists to communicate in large gatherings. Bridgefy's tweets embrace protestors in Belarus, India, and Zimbabwe, not to mention the Black Lives Matter protests throughout the US. The company has also said its software developer kit can be used to build COVID-19 contact tracing apps.

Just this month, on August 10, this article quoted Bridgefy cofounder and CEO Jorge Ríos saying: "Last year, we became the protest app." Up until last week, Bridgefy told Android users via the Google Play Store, "Don't worry! Your messages are safe and can't be read by those people in the middle." The company continues to encourage iOS users to "have secure and private conversations" using the app.

But now, researchers are revealing a litany of recently uncovered flaws and weaknesses that show that just about every claim of anonymity, privacy, and reliability is outright false.

Unsafe at any speed

In a paper published on Monday, researchers said that the app's design for use at concerts, sports events, or during natural disasters makes it woefully unsuitable for more threatening settings such as mass protests. They wrote:

Though it is advertised as "safe" and "private" and its creators claimed it was secured by end-to-end encryption, none of aforementioned use cases can be considered as taking place in adversarial environments such as situations of civil unrest where attempts to subvert the application's security are not merely possible, but to be expected, and where such attacks can have harsh consequences for its users. Despite this, the Bridgefy developers advertise the app for such scenarios and media reports suggest the application is indeed relied upon.

The researchers are: Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekova from Royal Holloway, University of London. After reverse engineering the app, they devised a series of devastating attacks that allow hackers—in many cases with only modest resources and moderate skill levels—to take a host of nefarious actions against users. The attacks allow for:

  • deanonymizing users
  • building social graphs of users' interactions, both in real time and after the fact
  • decrypting and reading direct messages
  • impersonating users to anyone else on the network
  • completely shutting down the network
  • performing active man-in-the-middle attacks, which allow an adversary not only to read messages, but to tamper with them as well

Impersonation, MitMs, and more

A key shortcoming that makes many of these attacks possible is that Bridgefy offers no means of cryptographic authentication, which one person uses to prove she's who she claims to be. Instead, the app relies on a user ID that's transmitted in plaintext to identify each person. Attackers can exploit this by sniffing the ID over the air and using it to spoof another user.

With no effective way to authenticate, any user can impersonate any other user, as long as an attacker has come into contact with that user (either one-on-one or in network-wide broadcast messages) at least once. With that, the attacker can pose as a trusted contact and trick a person into revealing personal names or other confidential information, or take harmful actions. The lack of authentication can also give rise to eavesdropping or tampering of messages.

Here's how: When hypothetical Bridgefy user Ursula messages Ivan, she uses Ivan's public key to encrypt the message. Ivan then uses his private key to decrypt the message. With no cryptographic means to verify a user's identity, an attacker—say, one named Eve—can impersonate Ivan and present her own public key to Ursula. From then on, Eve can intercept and read all messages Ursula sends to Ivan. To tamper with the messages Ursula or Ivan send, Eve impersonates both parties to the other. With that, Eve can intercept the messages each sends and change the contents or add malicious attachments before sending it on to the other party.

There's a separate way to read encrypted messages, thanks to another major Bridgefy flaw: its use of PKCS #1, an outdated way of encoding and formatting messages so that they can be encrypted with the RSA cryptographic algorithm. This encoding method, which was deprecated in 1998, allows attackers to perform what's known as a padding oracle attack to derive contents of an encrypted message.

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

VPN browser extensions: Why you shouldn't use then - Tech Advisor