Lockbox Aims To NSA-Proof the Cloud

Daniel_Stuckey writes "Lockbox, a tech startup founded in 2008, just received $2.5 million in seed funding for its end-to-end encryption cloud service, Client Portal. So, how does end-to-end cloud encryption work? Lockbox encrypts and compresses files before they are uploaded to the cloud. Only a person in possession of the corresponding key can unlock, or decrypt, the files. This means that the NSA, malicious hackers, business competitors, and even crazy girlfriends and boyfriends won't be be able to peer into users' most sensitive and private files."

Clown Computing!!!?? Stop already.

[marienf]

Can we stop pretending that "The Cloud" has actual meaning, technical relevance, etc..?
Do we really have to go back to the fracking mainframe with all our eggs into one (someone else's) basket,
and at the mercy of whatever corporate greed du jour? Your Brains! They are SOOOO CLEAN!

We have so much computing power and bandwidth in the home and office that it should be perfectly feasible
to go exactly the other way, do away with the stupid client/server model and go 100% P2P, keeping
one's own data on one's own hardware in one's own home.

ISP's that go symmetric and neutral will survive.

Re:If only the hardware wasn't already compromised

[Microlith]

The thing about Ken Thompson's theoretical attack is that it would inevitably be detected. It's an interesting thought experiment, but a functioning example that would be able to discern the right program to attack (and differentiate between a kernel and a userspace application) has not been shown as far as I am aware.

Trusted client?

[Anonymous Coward]

What's to stop the intelligence agencies from compelling the company to produce a compromised client? For example, logging the encryption keys somewhere, or subtly introducing flaws into the algorithm... I mean, right there on their website, "Only naive users would trust their cloud vendor" - so instead trust us - we *promise* we won't let the NSA sneak anything into our software...

About the only way you could have any real confidence in this is if you write your own client to manage all the encryption and use it as a dumb storage backend. And that assumes you can trust the OS and all the other software on your computer - I mean, the company pretty much has to operate out of a country, and that country probably has provisions in its law to compel co-operation with police investigations or intelligence agencies.

All they need to do is rock up with a court order that includes non-disclosure provisions, and wham, next time something auto-updates you're screwed. And if you don't install the updates, there's probably _something_ on your computer that phones home that could be used to identify your system and use all the un-patched vulnerabilities to sneak in a keylogger or similar.

You're probably better off writing coded letters, but even that is highly vulnerable to a wrench attack.

the cloud is dead

[0111 1110]

At best the service will simply be shut down by the NSA if they cannot compromise it. Lockbox claims to use client side encryption. If the system is executed perfectly and all of your data is fully encrypted before it leaves your computer this might be difficult, but if the service is shut down you will probably lose your data anyway. Which means you will need a local backup which would seem to ruin the point. I think it's about time to admit that saving any data on a remote server in the US, UK, or close allies of either has to be considered to be stored by the NSA/GCHQ and forwarded to other law enforcement agencies if deemed appropriate. And international cooperation in this regard among close allies cannot be ruled out.

In the sort of privacy-hostile environment currently faced in the US, UK and much of the world going full tin foil hat is the only way. Any information you want to remain private has to be encrypted by a system fully under your control before it leaves your computer and your passphrase has to not just be secure, but NSA/GCHQ secure. And it wouldn't hurt to toss in some multifactor authentication and steganography as well.

Re:I like the idea

[VortexCortex]

But I prefer that my encryption tool and my cloud storage service be completely separate. (How do I know Lockbox isn't sending the keys to the NSA, or whoever?)

It's pointless anyway against the NSA. Seriously. Every single modern operating system (including on routers) has tons of unpatched exploit vectors. There's even a black market for them. The NSA can just infect your machines and ex-filtrate your data and/or the encryption keys... See the previous story:

[NSA] Budget documents say the $652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.

Hell we have multiple celebrations of insecurity every year called "computer security conferences" where without fail new systems are compromised. How can you even look at stuff like Pwn 2 Own, and not have your brain melting in cognitive dissonance as you try to believe there are network attached scenarios where your data is safe from the NSA?

You want your data kept secret? Use whole drive encryption on machines that are never connected to any networks -- And even then there's the Ken Thompson Microcode Hack [bell-labs.com], so your systems could be theoretically pre-hacked from the factory... I won't buy a CPU that has remote cellular capabilities... Like Intel's Sandy Bridge [techspot.com]. Laughed my ass off when I heard about that! "Security Feature" indeed. At least if the machine can't get on the networks there's a much lower chance of your data escaping if it's pre-hacked.

I don't know of any hacker worth their salt -- black, gray or white hat -- that doesn't have a directory of unpatched zero day exploits.
I keep mine in: ~/with/great/power/comes/great/responsibility/
Me having to navigate the directory structure has saved many a newb... The NSA has no such sensibilities.
If the data's encrypted, they assume it could be from a foreigner, and thus give themselves license to get at it, and they can.
This is what happens when you let Threat Narrative run amok.

Re:I like the idea

[Anonymous Coward]

Tarsnap should also be mentioned in this context. It's a business started by Colin Percival, noted cryptographer and BSD developer. The client is 100% open source and runs on your machine. When Colin developed Tarsnap he found existing key derivation functions lacking, so he developed his own memory hard scrypt, which has found wide applications in other areas.

The major problem with "encrypted cloud" solutions is that encryption severely limits what can be done in the cloud. You can basically do encrypted file storage. You can't run virus or spam filters on your data, you can't index it and search it etc. So all the useful features we have in a Gmail session need to awkwardly and inefficiently be re-implemented on the client side.

The providers have very little incentive to do this and transform ad supported free services into paid ones (since data mining no longer works, ad revenue drops dramatically). While I would love encrypted email for everyone, it just won't happen for economic reasons. The NSA affair will be quickly forgotten and people will return to business as usual.

Re:not secure

[GigaplexNZ]

Doesn't necessarily mean they know the decryption keys does it?

Re:I like the idea

[TheRaven64]

Full homomorphic encryption is really hard. Homomorphic encryption allows you to encrypt your data, do some computation on the result, and then perform some operation on the output to get the same result as doing the operation on the unencrypted data. Current solutions are at least a factor of 1000 slower than doing it on unencrypted data, but that's only for general case. There are ways of encrypting data that preserve certain properties so you can, for example, perform simple database operations on it in the encrypted form and only interpret the results if you hold the keys. The down side of these approaches is that they increase the size (effectively doubling it for every primitive operation that you want to support), but with storage becoming cheap they may become interesting...

The Root Problem

[some old guy]

The root problem, appalling pun gleefully intended, is political, not technical.

Between unlimited resources and questionable legal tactics, the NSA and other sigint agencies can and will always compel or bribe that which they cannot hack. Software crowbars, legal hammers, and moneybags of grease are everything they need. For every new solution, they will create a new problem.

The only guaranteed solutions are either the (don't hold your breath) complete abolition these government entities, with no successor remakes, or the courts and Congress must hamstring them with crystal-clear transparency (still possible, but politically unlikely).

To believe otherwise underestimates the present unfettered powers, technical, legal, and financial, of the government.

Re:I like the idea

[Dunbal]

Drop "US-based", because the US government has already made use of foreign police (Sweden illegal server raids, New Zealand illegal server raids, extradition of "hackers" from the UK, etc) to shut down foreign sites claimed to be violating US laws. Perhaps it's better to say "No cloud service in a US friendly country can really fight the NSA". So you can always go for storing your data in an UNfriendly country. But since they're unfriendly what makes you think your data would be safer there? Quite the conundrum.

Re:I like the idea

[dlingman]

Having actually done tests on tinfoil hats, we came to the conclusion that tinfoil just doesn't work. Steel wool does though. Maybe you can use the tinfoil to wrap the steel wool to contain it so it's less scratchy.

(and yes, this was real - we needed to determine behavior of a device as it slowly lost it's incoming signal - wrapping in steel wool worked great for this.)