SEALED CLOUD. A Reliable Data Center Excluding Provider Access to Client Data WHITE PAPER. Uniscon GmbH - The Web Privacy Company

Transcription

1 SEALED CLOUD A Reliable Data Center Excluding Provider Access to Client Data WHITE PAPER Uniscon GmbH - The Web Privacy Company Agnes-Pockels-Bogen Munich 1

2 Table of Contents 1. Cloud Computing A Data Security Issue? How Does Sealed Cloud Work? IDGARD First Application of Sealed Cloud Summary...6 In a Nutshell Cloud Computing offers many new possibilities but also raises a number of security concerns regarding often business related data and users, in particular: a) Can attackers access my data? b) Is my data isolated from that of other users? c) Can the provider s administrators access my data? This White Paper e x p l a i n s the Sealed Cloud concept. The Sealed Cloud data center is based on a clear principle: Data owners are the only ones who can access their data. In other words: Even the provider s data center and its employees have no access. This is excluded technically. 2

3 1. Cloud Computing A Data Security Issue? Cloud Computing, i.e., Web application services, promise great changes to standard socket IT. Yet using applications online not only bears great advantages but also great risks. The user data processed by the applications is stored online (in a cloud) and thus in systems users can hardly control. Overriding concerns business users of cloud services foster these days are: a. Can attackers access my data? b. Is my data isolated from that of other users? c. Can the provider s administrators access my data? Cloud infrastructures can be secured quite well against external attacks. Providers invest a great deal in protection against such attacks, which is imperative for a service s consumer confidence. Yet this does not answer questions (b) and (c) satisfactorily. To date, cloud solutions often premise reliable software and a trustworthy cloud infrastructure provider. However, besides on technology, a provider s level of security also depends highly on the quality of its internal procedures. Many data loss scandals which have emerged without external attacks, even in areas with highest security standards (Swiss banks client tax data, US government and CIA files, millions of US credit cards data), not to mention the high number of unreported cases, clearly reflect how vulnerable today s data centers are, in general. Security obviously can not 3

4 be guaranteed every time employees access data. This is where the Sealed Cloud sets in, a globally patented technology created by Uniscon, which currently enjoys the German Ministry of Economics and Technology s support within the Trusted Cloud Initiative. The Sealed Cloud data center is based on a clear principle: Data owners are the only one who can access their data. In other words: Even the provider s data center and its employees have no access. This is excluded technically. 2. How Does Sealed Cloud Work? Cloud application data is vulnerable and exposed to many risks: 1. during transfer to and from the data center 2. in the storage system / in the database 3. during processing Protection is provided by encryption, e. g. SSL with 2048 bit encryption length, today s norm and standard practice. Data in the database and/or storage system is also encrypted. This is not the norm but considered best practice and implemented by highly demanding cloud systems. Common technical solutions encrypt the data in databases and/or storage systems on block level with one or very few system-wide valid keys. The one or more keys are then stored in key storage systems. Sealed Cloud goes much further. Its Implementation is already put into effect via the web privacy service IDGARD. This is where, during logon, a user specific key is generated through 4

5 logon data (user name, password and, if applicable, other data) and a special algorithm. With this key, application data is found, encrypted and loaded into the central memory. The data is re-encrypted and stored upon logoff. The user specific key is subsequently destroyed. In other words, the database has n different user datasets for n users, each encrypted pursuant to AES256, respectively. Since the keys do not exist in the system, the hurdle for internal and external attackers is extraordinarily high. An attacker would have to crack the AES256 and do this for every single user dataset, respectively. This leaves the servers central memory as a potentially vulnerable object of insider attacks, since that is where the data is located in plain writing during an active session. An administrator could, for example, drag a memory dump off and calmly analyze all the content at a later point in time. That is why the Sealed Cloud s system servers are protected by a number of further measures. To name only a few examples: All application servers are locked in electromechanically sealed rack systems. The servers dispose of volatile memory only, i.e., once the power is cut off, they are in delivery status. What s more, the applied system software is hardened additionally and blocks all external access. The system indeed reports status information. However, it does not accept external administrative commands. Any kind of administration requires that the respective segment of a rack be opened. Administrative activity is conducted per work order by authorized appointment through a socalled Trust Center. The work order is forwarded to the respective IT employee with a valid access token via his Bluetooth device. Access to a rack segment may then be requested through the system Bluetooth interface. The Sealed Cloud controller then closes all currently active sessions in this segment, deactivates the servers and cuts off the power. After a waiting period of about 15 seconds, to guarantee that all server data has been cleared, the controller opens the rack lock. Once maintenance is completed, the segment is again locked and the server activated. When booted, the software stack is verified, i.e., the system searches for possible deviations from the approved, certified software, in both the systems software and the application. Detection of deviations turns the power to the respective segment off immediately, to exclude manipulation. Once the system is running again, it is continuously verified that there are no deviations from the defined normal behaviour during operation. Here, too, any deviation sets off an alarm and causes the concerned segments power to be cut off automatically. The combination of the described measures ensures that no access to unencrypted data is possible in the data center. 3. IDGARD First Application of Sealed Cloud 5

6 Basically, the Sealed Cloud features pertain to any kind of business application, if said applications process sensitive or confidential data. Typically, security experts do not consider data centers to be trustworthy, categorically recommending local encryption and decryption on the client system. In contrast, Sealed Cloud technology provides for a trustworthy data center through hermetic sealing, allowing applications to be implemented safely. Hence, applications with high safety requirements become easier and more user friendly. After all, normally necessary, comprehensive and definitely complex key management across numerous clients may be omitted in many areas. Thus, the web privacy service IDGARD ( offers very user friendly features that are crucial for security. To name only a few: Safe file exchange via sealed Privacy Boxes, integrated into Outlook Sealed team workspace in a public cloud for cross-company teams Password storage in the cloud Account aggregation for single click sign-on to cloud and Web applications Anonymous surfing owing to standardization of digital fingerprint IDGARD is used by both private and business users alike. 4. Summary Businesses have realized that, besides safeguarding against external attacks, protection against insiders, in particular, has become imperative, since this is where the vast majority of data loss occurs. This seems obvious when considering cloud services yet equally pertains to internal data centers. Sealed Cloud offers a practical, effective solution. 6

7 References: [1] [2] Web Privacy for Businesses, White Paper, Uniscon GmbH, 2012 About Us Uniscon GmbH was founded 2009, to develop technical solutions allowing safe and free Internet use. Our products are a technical milestone: the invention of Sealed Cloud, i.e. the basic technology of IDGARD, ensures its users web privacy. With IDGARD, we have solved the data privacy issue, the greatest remaining challenge of online security to date. Contact Claudia Seidl, Head of Corporate Communications Uniscon GmbH presse@uniscon.de Phone: Version 1.1, August 2012 Publisher: Uniscon universal identity control GmbH Managing Board: Dr. Hubert Jäger, Arnold Monitzer, Dr. Ralf O.G. Rieken Supervisory Board (Chairman) Herbert Kauffmann Agnes-Pockels-Bogen 1, Munich, Phone Commercial Registry: Amtsgericht München HRB Internet: contact@uniscon.de 7