!!!! Memeo C1 Security !!!!!!!!!!! Bret Savage, CTO. October Memeo Inc. All rights reserved Memeo Inc. All rights reserved.

Transcription

1 Memeo C1 Security Bret Savage, CTO October Memeo Inc. All rights reserved Memeo Inc. All rights reserved.

2 Guiding Principles Memeo C1 was scratch-built from the ground up to be the ultimate way to move data in a controlled and secure fashion. We began by establishing our Guiding Principles : Our Customer s is Private and Invaluable It must not be possible for anyone but the customer to access data unless explicit permission granted. This includes making it impossible to access for: 1. Customer Employees without permission 2. Devices that aren t explicitly authorized 3. Other Memeo customers 4. Memeo personnel 5. Determined hackers, crackers, and other malfeasants Security Should be Invisible to the Authorized Rather than place huge burdens on end-users to ensure security (and thus encourage work-arounds and bypasses) we believe that the users of the system should rarely or never be disrupted - they are authorized and the system provides an easy workflow that also ensures the highest possible security. Any trade-offs that affect convenience versus security (say, storing a key on the server-side in case it s lost) are made clear to the administrator where such a choice is desired. Security is Job One Memeo uses well-understood and documented best-practices to secure data. This whitepaper discusses the techniques and algorithms we use to secure data. By subjecting our security architecture to public scrutiny, we invite feedback and criticism and ultimately have a more secure system that benefits everyone Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "1

3 " Architecture Memeo C1 is built with a novel architecture that combines the strengths of peer-to-peer systems like Skype and BitTorrent with the centralization-and-control of more traditional cloud data storage solutions such as Dropbox and box.net. Centralized Metadata, Distributed Memeo C1 separates the file contents from the metadata and treats the two very differently. The metadata ( data about the data ) includes filenames, dates and times, folder locations, as well as hashes of the data. The data exists on various storage devices on personal computers, smartphones, tablets, servers, and/or in cloud storage. With Memeo s hybrid architecture, metadata is centralized and stored in the cloud with Memeo servers in a client-server fashion, while data is stored only where it is explicitly allowed to be stored. Centralized Metadata " 2013 Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "2

4 Hybrid Architecture While Memeo C1 borrows from both cloud-centric and peer-to-peer architectures, it is a unique hybrid approach that delivers the best of both worlds while offering uncompromising control and security. How does Memeo C1 compare to traditional peer-to-peer (P2P) architectures? In traditional P2P file transfer systems (such as BitTorrent), each node is essentially offering to provide content to all comers, and at the same time requesting content from other peers that they offer. Each peer is essentially anonymous, identified only by network address, and peers can come and go at any time. Each peer connects to a few of its neighbors and they communicate by passing messages along the grid. These systems are architected to ensure data integrity, since a node cannot trust the anonymous peers it connects to, it must be able to verify that the data is what was requested which is done using cryptographic hashes of the data. Memeo C1 takes advantage of peer-to-peer communication for a single purpose: to move data between nodes in the most efficient way possible. For example, two nodes on the same LAN can move data much more efficiently directly than they can through a cloud storage provider. Furthermore, multiple nodes can pool their upstream bandwidth to move a large file in pieces faster than any one could do it alone. These are major advantages for P2P data transfer. However, unlike traditional P2P, there are no anonymous peers in Memeo C1 - each and every connection between peers happens because the central Memeo C1 service has determined it is the most efficient path between them. The identity of the source and destination of data transfer is known in advance of the connection and independently verified by every node, and nodes will not (cannot, in fact) accept connections that they did not expect. All P2P connections in Memeo C1 are end-to-end encrypted independently between the two nodes (more on this later) Memeo C1 gains the advantages of P2P (bandwidth efficiency, transfer performance, co-operative transfers, and data integrity) without assuming the risks of traditional P2P network architectures (anonymous/unauthenticated peers, promiscuity, and port security to name a few.) How does Memeo C1 compare to traditional cloud service architectures? Most applications similar to Memeo C1 operate by having all data uploaded and stored in the cloud. Most of the advantages of this architecture are for the service provider. Charging for storage serves both to provide a nice margin revenue source, and to limit the amount of data required to be managed. In addition, by combining all user data in a single storage system, de-duplication can be used to charge for storage that isn t actually being used. The client applications then do the heavy lifting; they independently compare what has been stored in the cloud with what needs to be stored and make the necessary uploads/downloads. In essence, the service is simply an API on top of the raw storage being provided. There are a number of security problems with this approach; not the least of which is the total lack of control the customers have over their data. In order to provide convenience features like sharing and web browser access, complete trust must be handed over to the service provider, and the protection of your data versus others data is very thin (access rules instead of hard cryptography) In other words, your data is a bug or breach away from being lost. Memeo C1 takes a much more flexible, powerful, and secure approach. Instead of smart clients accessing dumb storage, Memeo C1 has a smart cloud directing dumb clients. The clients are only able to do what they are told, and only the Memeo C1 service can issue commands to the clients. When a customer chooses to use cloud storage provided by Memeo C1, the data is all hashed and encrypted with keys unique to that customer, and none of the metadata is stored with the data. Even if someone were to access the data store, it would be just a bunch of meaningless encrypted blocks. If someone were to access the back-end service, they still wouldn t be able to read the data -- it isn t readable by the service, only by authorized clients. Memeo C1 can de-duplicate on a per-customer basis, but it s impossible to de-duplicate data across customers. Even if they have the same files, the hashes will be different for each customer. This prevents information leakage via hashes about who has what data Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "3

5 Memeo C1 Architectural Advantages Memeo C1 s unique hybrid architecture offers the following advantages: Best possible performance via P2P technology. Faster networks, co-operative transfers, out-of-order transfer, and reduced communications protocol overhead End-to-end security - peer traffic encrypted between peers Separation of data and metadata enables additional security and complete control while minimizing expense Opaque encryption of cloud storage - service cannot decrypt customer data without customer credentials/keys Secure data de-duplication - use less storage without leaking information about what is stored Complete control - is stored only where explicitly authorized by the administrator, and always encrypted if stored in the cloud or on a shared storage device Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "4

6 Application Security Businesses are Silos In Memeo C1, each customer/partner is treated as a security silo. This means that each organization has its own unique set of security information, used to secure all data and communications, and that organization can decide where their data is and is not allowed to go. This stands in contrast to traditional cloud storage providers who treat everyone s data the same and demand that everyone s data be stored together. Unique Keys and Hashes Each organization has unique keys, used to encrypt all data stored in shared storage or in the cloud. In addition, all hashes computed on data are salted with a value unique to the organization. No two organizations will ever share the same hash, even if the underlying data is identical. This prevents Memeo from de-duplicating data between customers, (which we view as a security weakness) while allowing data de-duplication within the organization (saving storage space and limiting data transfers). Sharing within the Organization Memeo C1 is designed to facilitate file and data sharing amongst authorized parties. All authorized agents and clients are able to access and contribute to the organization s data seamlessly. Since the data is not encrypted per-user, it essentially belongs to the organization. When a user is added to the organization, he receives the keys and salts required to produce and consume the data for that organization and can interoperate with other users in that organization. that he or she creates is available even after that users leaves the organization. Memeo Cannot Decrypt The keys and salts for an organizations are generated by Memeo when the account is provisioned, but they are then encrypted using the administrator and user passwords. The keys cannot be accessed without the user or administrator's password, and these are never stored by Memeo anywhere. It is not possible for Memeo to decrypt customer data unless that user is in an active session and has provided his or her credentials. There are no master keys. However, Memeo does currently store a recovery key that can be used to apply a new password to an account should one become lost. Memeo will delete this recovery key if requested by a customer, but then forgotten passwords will render the data completely inaccessible. Never Leaves a Device Unencrypted on devices is stored however that device prefers on its local filesystem(s). Memeo does not encrypt or encode local device filesystem data in any way. However, any data or metadata that leaves the device is encrypted using one or more of SSL (from device to Web), end-to-end encryption (from device to device), and at-rest encryption (device to cloud/ shared storage) Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "5

7 Public-Key Cryptography Each agent has two 2048-bit RSA public/private key pairs. One is used to secure end-to-end encryption (see below) and the other to sign messages and validate message sources. These keys are pre-generated and assigned by the Memeo C1 service, but they are never stored in the cloud once they ve been assigned. Keys and certificates are always stored in operating-system provided secure key stores. SSL SSL is the widely-accepted standard to secure communications to and from Web servers. Whenever the client or a browser is connected to the Memeo C1 service, we utilize SSL to secure the traffic. Metadata and agent instructions are secured in this manner. End-to-End Cryptography When agents connect to each other to exchange data, they use Public Key Cryptography to provide end-to-end encryption of all data sent between them. The Memeo C1 service keeps the public keys for all agents and gives them out to both ends of any peer-to-peer request. It does not keep private keys - these are kept only on the agent. The agents use these public keys to securely establish a symmetric encryption key that is used to encrypt the data between peers using the government-grade AES-256 algorithm. This guarantees that it is impossible for eavesdroppers to comprehend the contents of messages sent between peers. The sessions between agents are temporary, and when they expire a new connection must be set up which causes a new key to be exchanged. At-Rest Encryption Memeo C1 ensures that all data at-rest in the cloud or on shared storage devices (such as a NAS) is encrypted. When agents are asked to store data, they use the organization encryption keys to encrypt the data. Only authorized agents can decrypt the data that is stored in this manner. At-rest data is also encrypted using the AES-256 algorithm Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "6

8 Network Security Centers All Memeo C1 services are run out of Amazon and/or SoftLayer secure data centers. Memeo services all run on modern, fully patched versions of RedHat s CentOS (Linux) operating system. Server crashes or freezes do not affect the service, as all servers are basically stateless and redundant. Memeo Personnel Access to the servers is tightly controlled. Only Memeo Network Operations personnel have full access. These employees are carefully screened and background-checked, and operate out of our home office. Memeo has security policies in place that govern passwords, certificates, and access. Each employee is separately credentialed - passwords are not shared - and direct access to datacenter servers is granted via certificates instead of passwords. Firewall Compatibility Memeo C1 utilizes two kinds of connections. The first is standard HTTP/TLS between various local components and online servers and services. This is equivalent to a Web browser and has the same firewall behavior as a browser on the same machine. The second is Memeo C1 s peer-to-peer protocol, which is discussed further below. Memeo C1 Peer-to-peer and Firewalls To communicate peer-to-peer, Memeo C1 uses the UDP protocol. Using information from the service, the agents will attempt to establish a UDP session between each other. If both nodes are behind the same firewall, this usually succeeds. For peers outside the firewall, firewalls will usually dynamically allow incoming UDP traffic as long as it is initiated from inside the firewall, which Memeo C1 is able to do on both sides thanks to its unique architecture. This same process is used by many P2P and gaming applications. Some enterprise firewalls will not permit this traffic. In these cases Memeo C1 will fall back to cloud storage to relay data between peers via TLS, again appearing as a browser. The data is still encrypted end-to-end, it s merely stored temporarily to facilitate transfer Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "7

9 Defense vs. Malicious Users Attempts to Impersonate an Agent An attacker may attempt to impersonate an agent with a variety of techniques. Attempting anonymous peer-to-peer Unlike most peer-to-peer data transfer systems, Memeo C1 agents do not operate as general purpose servers. Agents are connected to each other on command - the command can only come from the central service. Any attempts by agents to connect that aren t commanded are rejected. Hijacking an incoming connection If an agent is expecting a connection, it verifies the connecting party using the public key provided by the central service. Only an agent with the corresponding private key is able to prove that it is the expected caller. If the identity check fails, the connection attempt is rejected. Replay attack To prevent a replay attack (where a previously established connection handshake is recorded and played back) the central service provides random data for each new connection to both connecting agents. No two connections will ever be set up with the same handshake. Attempts to Access Shared / Cloud Storage An attacker may attempt to obtain data stored in the cloud or on shared storage (such as a NAS). Attempting to get data from Amazon S3, HP Cloud Storage, etc. When used, only blocks of data are stored in cloud storage. A block might be an entire file, or just a portion of one. No filenames or other metadata that can be used to identify the file is stored with the data. The blocks are stored with a unique hash that is salted with a value unique to the owning organization. In addition, all blocks are encrypted using AES-256 prior to being uploaded. The credentials and identifier are not stored by the agents, but are specified independently for each work item assigned by the central service. Finally, the credentials are temporary and after expiration will not longer work. Attempting to get data from shared storage (NAS) is stored on shared storage in the same manner as it is stored on cloud storage providers; fully encrypted and anonymous. The access to the NAS is controlled by the NAS owner. An organization can choose to have the NAS available only within the firewall, over VPN, or anonymously via the Internet as desired. It is recommended that two-way SSL be used in the latter case to validate the clients as belonging to the organization Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "8

10 Compliance Memeo C1 Can Be an Integral Part of Your Compliance Program To further exemplify its dedication to providing the highest level of security possible, Memeo C1 is HIPAA compliant and can be used to help your organization be Sarbanes-Oxley and SSAE 16 compliant. HIPAA Memeo C1 is HIPAA compliant for covered entities and health care providers that transmit health information electronically. HIPAA compliance means adhering to the privacy and security rules established by Health Insurance Portability and Accountability Act which protects the privacy of individually identifiable health information and includes national standard for the security of electronic health information. The Security Rule defines technical safeguards in as the technology and the policy and procedures for its use that protect electronic protected health information and control access to it." The Security Rule is based on the fundamental concepts of flexibility, scalability and technology neutrality. A third-party risk assessment of Memeo C1 s architecture and security in relation to the detailed HIPAA rules found that Memeo C1 meets or exceeds the applicable citations and scored "Excellent - Fully HIPAA Compliant for Policy and Practice" against the Technical Safeguards. Memeo also signs Business Associate Agreements (BAAs) for covered entities who require HIPAA compliance to ensure the guidelines are properly met. Access the official report and details regarding how the Technical Safeguards are met here. Sarbanes-Oxley (SOX) Memeo C1 can be leveraged to help your organization meet Sarbanes-Oxley Compliance Requirements. The Sarbanes Oxley act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements for publicly traded corporations to comply with the law. The act also covers issues such as internal controls (technology section 404) assessment. The internal controls assessment or ITGC s include four control types based on the Committee of Sponsoring Organizations (COSO): Program Development, Program Change, Computer Operations, and Logical Access. Of the ITGC s utilized to measure 404 Compliance, Memeo C1 can be used to help manage the following: Computer Operations (Manage Configurations, Manage Problems & Incidents; Manage ; Manage Operations) and Logical Access (Ensure Security). An external assessment of Memeo C1 and compliance requirements related to SOX section 404 found it meets or exceeds the applicable citations, scoring "Excellent Offering full functionality and integration into compliance programs" using COSO guidelines Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "9

11 Access the report and details regarding how Memeo C1 can be used to meet Sarbanes-Oxley Compliance Requirements here. SSAE 16 Memeo C1 can be used to help your organization meet SSAE 16 SOC 2 domain requirements. The SSAE 16 publication put forth by the American Institute of Certified Public Accountants includes a Service Organization Control (SOC) 2 report which focuses on a business s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. Control objectives are the basis of the SSAE 16 assessment process, and simply stated, a control objective is an attribute that ensures a control or set of controls is operating effectively and as designed. They are intended to ensure security related to data and technology for a service organization. There are common domains found within an SSAE 16 declaration and stated controls. Memeo C1 can provide support for those controls via logical access controls (unique ID's, audit controls, account management and authentication) and data transmission controls (transmission security and encryption). An external assessment of Memeo C1 and compliance requirements for SSAE 16 SOC 2 domains found that Memeo C1 meets or exceeds the applicable citations, scoring "Excellent Offering full functionality and integration into compliance programs." Access the report and details regarding how Memeo C1 can be used to support the SSAE 16 SOC 2 control objectives here. 1 In two-way SSL certificates are used to verify both the client and the server to each other About Memeo Inc. Memeo Inc. is a Silicon Valley-based software and services company focused on providing data management services to small and medium businesses. Founded in 2003, Memeo provides easy-to-use backup, sync and sharing solutions to simplify the protection and accessibility of valuable data. Memeo has 22 million customers and has shipped over 65 million software licenses to more than 150 countries in 20 languages Memeo Inc. All rights reserved (408) sales@memeo-inc.com " Memeo Inc. All rights reserved (408) sales@memeo.com "10