From the Canyon Edge -- :-Dustin
Showing posts with label encryption. Show all posts
Showing posts with label encryption. Show all posts

Thursday, May 1, 2014

Double Encryption, for the Win!


Upon learning about the Heartbleed vulnerability in OpenSSL, my first thoughts were pretty desperate.  I basically lost all faith in humanity's ability to write secure software.  It's really that bad.

I spent the next couple of hours drowning in the sea of passwords and certificates I would personally need to change...ugh :-/

As of the hangover of that sobering reality arrived, I then started thinking about various systems over the years that I've designed, implemented, or was otherwise responsible for, and how Heartbleed affected those services.  Another throbbing headache set in.

I patched DivItUp.com within minutes of Ubuntu releasing an updated OpenSSL package, and re-keyed the SSL certificate as soon as GoDaddy declared that it was safe for re-keying.

Likewise, the Ubuntu entropy service was patched and re-keyed, along with all Ubuntu-related https services by Canonical IT.  I pushed an new package of the pollinate client with updated certificate changes to Ubuntu 14.04 LTS (trusty), the same day.

That said, I did enjoy a bit of measured satisfaction, in one controversial design decision that I made in January 2012, when creating Gazzang's zTrustee remote key management system.

All default network communications, between zTrustee clients and servers, are encrypted twice.  The outer transport layer network traffic, like any https service, is encrypted using OpenSSL.  But the inner payloads are also signed and encrypted using GnuPG.

Hundreds of times, zTrustee and I were questioned or criticized about that design -- by customers, prospects, partners, and probably competitors.

In fact, at one time, there was pressure from a particular customer/partner/prospect, to disable the inner GPG encryption entirely, and have zTrustee rely solely on the transport layer OpenSSL, for performance reasons.  Tried as I might, I eventually lost that fight, and we added the "feature" (as a non-default option).  That someone might have some re-keying to do...

But even in the face of the Internet-melting Heartbleed vulnerability, I'm absolutely delighted that the inner payloads of zTrustee communications are still protected by GnuPG asymmetric encryption and are NOT vulnerable to Heartbleed style snooping.

In fact, these payloads are some of the very encryption keys that guard YOUR health care and financial data stored in public and private clouds around the world by Global 2000 companies.

Truth be told, the insurance against crypto library vulnerabilities zTrustee bought by using GnuPG and OpenSSL in combination was really the secondary objective.

The primary objective was actually to leverage asymmetric encryption, to both sign AND encrypt all payloads, in order to cryptographically authenticate zTrustee clients, ensure payload integrity, and enforce key revocations.  We technically could have used OpenSSL for both layers and even realized a few performance benefits -- OpenSSL is faster than GnuPG in our experience, and can leverage crypto accelerator hardware more easily.  But I insisted that the combination of GPG over SSL would buy us protection against vulnerabilities in either protocol, and that was worth any performance cost in a key management product like zTrustee.

In retrospect, this makes me wonder why diverse, backup, redundant encryption, isn't more prevalent in the design of security systems...

Every elevator you have ever used has redundant safety mechanisms.  Your car has both seat belts and air bags.  Your friendly cashier will double bag your groceries if you ask.  And I bet you've tied your shoes with a double knot before.

Your servers have redundant power supplies.  Your storage arrays have redundant hard drives.  You might even have two monitors.  You're might be carrying a laptop, a tablet, and a smart phone.

Moreover, important services on the Internet are often highly available, redundant, fault tolerant or distributed by design.

But the underpinnings of the privacy and integrity of the very Internet itself, is usually protected only once, with transport layer encryption of the traffic in motion.

At this point, can we afford the performance impact of additional layers of security?  Or, rather, at this point, can we afford not to use all available protection?

Dustin

p.s. I use both dm-crypt and eCryptFS on my Ubuntu laptop ;-)
Posted by at No comments:
Labels: , , , , , , ,

Wednesday, February 20, 2013

Slides from Austin Cloud Users Group -- Encrypt. Everything. Everywhere.

Here are the slides, as promised, from my Cloud Security presentation to the Austin Cloud Users Group. Enjoy!


:-Dustin
Posted by at No comments:
Labels: , , , ,

Friday, October 19, 2012

Encrypt Everything Everywhere (in OpenStack)


Here are the slides from the first of my two presentations on behalf of Gazzang today at the OpenStack Summit in San Diego, CA.

In this presentation, we started out examining the landscape of security within cloud computing, what's changed, and why encryption is essential to the integrity of the industry.  We talked about the types of sensitive data that need protection, and looked at some astounding statistics about data breaches in the past 3 years that could have been easily thwarted with comprehensive encryption.

We then discussed the several layers where encryption is essential:

  1. Network layer
  2. Filesystem layer
  3. Block storage layer
Within the network layer, SSH seems to be well understood and practiced, though we did talk a little about some tools that can help with SSH public key management, namely ssh-copy-id, ssh-import-id, and DNS records for SSHFP.  We also talked about TLS and SSL, the fact that many applications and services support SSL, but that it's rarely configured or enabled (even in OpenStack!).  PKI and key management tend to be the hard part here...

At the block storage layer, we discussed dmcrypt, and how it can be used to efficient protect entire block devices.  We discussed several places within OpenStack where dmcrypt could and should be used.  We also discussed some of the shortcomings or limitations of dmcrypt (single key for the entire volume, hard to incrementally backup, all-or-nothing encryption).

I then introduced overlayroot to the OpenStack crowd, as convenient way of all local changes and data within an OpenStack guest.

At the filesystem layer, we discussed per-file encryption with eCryptfs, as well as Gazzang's commercially supported distribution of eCryptfs called zNcrypt.  We compared and contrasted eCryptfs with dmcrypt, and discussed the most appropriate places to use each within OpenStack.

Finally we touched on the piece of technology required to bring all of this together -- key management. To actually secure any encrypted data, you need to safely and securely store the keys necessary to access the data somewhere other than on the same systems having the encrypted data.  We talked a little about OpenStack Keystone, and how it does and doesn't solve this problem.  We also introduced Gazzang zTrustee, which is our commercially supported key management solution that Gazzang offers as a turnkey solution in this space.

Enjoy!



:-Dustin
Posted by at No comments:
Labels: , , , ,

Tuesday, May 29, 2012

UDS Video: Security, Cloud, and Ubuntu

I stepped away from a busy schedule of awesome sessions the Ubuntu Developer Summit in Oakland, CA to speak for a few minutes about the requirement of "openness" in modern Cloud Computing, the absolute necessity of security and encryption of data, and benefits of Ubuntu as both a Cloud host and guest. Enjoy!








If you're interested in learning more about security considerations when planning your cloud or big data deployment, consider subscribing to Gazzang's blog feed, or reading some of our white papers.

Cheers!
:-Dustin
Posted by at No comments:
Labels: , , , , , ,

Friday, March 9, 2012

Video Podcast with Amber Graner

I spent a good half hour on Monday morning with Amber Graner of Linaro.  This was my first experience with G+ On Air, a mechanism for conducting video interviews over G+ Hangouts and record them for rebroadcast over YouTube later.

I've known Amber for nearly 4 years now, and she's such a warm, fun, and energetic person.  I'm always humbled by her interest and willingness to branch out and learn about new technologies.  She's truly an inspiration for us all :-)

In this interview, we talked about Linaro, ARM, Android, Ubuntu, Cloud, Gazzang, Encryption, eCryptfs, and (of course) Byobu :-)  Enjoy!




:-Dustin
Posted by at No comments:
Labels: , , , , , , , ,

Tuesday, January 10, 2012

Gmail and GPG in Chromium, with cr-gpg!

Once upon a time, I used FireGPG to sign, encrypt, decrypt, and check GPG and PGP messages in Gmail. Sadly, FireGPG eventually withered away, dropping support for Gmail altogether.  Encrypted, authenticated email messaging is very important to me in some specific situations, and for those, I've been using Gmail, but then copying and pasting the data manually back and forth to a command line, and using GPG by hand.

However, I have been extremely excited to see the cr-gpg plugin for Chromium coming along very rapidly, and finally re-enabling email encryption for Gmail!  The plugin is still in an Alpha state, but I've reported a few bugs here, and worked with the developers and helped test others.

I'm pleased to say that I'm now using cr-gpg on a daily basis for encryption/decryption with:

Signature verification is still a little broken in a couple of scenarios, but I've reported these bugs upstream and they're actively being worked.

Here's a couple of screen shots of it in action, first decrypting a message, then encrypting one.







Enjoy,
:-Dustin
Posted by at 4 comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)

Printfriendly