End to End (or message level) Encryption vs What “They” Do
Every provider of cloud based file transfer / sharing claims to use encryption to protect their data. Using terms like “TLS/SSL with AES 256” and “encrypted in transit” as well as “encrypted at rest” seeks to encourage trust and demonstrate security.
But are these really providing the privacy implied?
The short answer is no.
“Encrypted in Transit”
“Encryption in Transit”, also known as Transport Layer Security or Secure Sockets Layer, is a means of protecting the communications channel through which data flows.
It originated as a defense against a specific attack vector: other computers on the same network or in the path between the sender and recipient from being able to read your traffic in plain text.
A client computer connects to a server, and negotiates the methods used to protect the channel as well as being given a chance to verify that it has connected to the server it thought it was connected to, as confirmed by a trusted third party.
TLS protects the traffic in transit, but there are multiple ways it can be defeated. And when defeated, all traffic sent through it is visible as clear text, again.
Attacks against TLS exist in several forms, the most common are to inject an evil machine in the communications path as either a proxy or using a rather simple attack known as ARP injection; your employer may do this, China and Iran does it, and if you aren’t careful, the kid sitting next to you at Starbucks is doing it.
“In short: there are a lot of ways to break HTTPS/TLS/SSL today, even when websites do everything right. As currently implemented, the Web’s security protocols may be good enough to protect against attackers with limited time and motivation, but they are inadequate for a world in which geopolitical and business contests are increasingly being played out through attacks against the security of computer systems.” – OCTOBER 25, 2011 | BY PETER ECKERSLEY, from How secure is HTTPS today? How often is it attacked?
So why even bother? In short, TLS should be considered a necessary requirement, but it alone is not enough to protect your data.
“Encrypted at Rest”
Most providers of cloud based file transfer and sharing will advertise they provide “Encryption at rest”, going so far as to state that their system scrambles file names and contents.
This leads to the mistaken impression that files posted to their servers are protected from eavesdropping by admins or hackers.
“Encryption at rest” refers to a suite of technologies whereby data (files) being written to physical medium (hard disk drive, usb drive, backup tape) is encrypted. This approach originated to address a common vector of attack: recovering data from stolen or discarded computers.
“A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive information — everything from corporate financial data to the Web-surfing history and downloads of a man with a foot fetish.” FEBRUARY 10, 2009 | BY Lucas Mearian, from Survey: 40% of hard drives bought on eBay hold personal, corporate data
The long and short of “encrypted at rest” is that it protects from a specific potential data leak (lost hard drive) but not the most common data leak: admins, hackers, and misdirected links.
End to End Encryption with Private Keys
A file sharing, transfer and messaging system providing End to End encryption offers a level security that far exceeds those provided by services relying only upon “Encryption in Transit” and “Encryption at Rest”.
End to End encryption relies upon a specific technique known as asymmetric key encryption. In asymmetric key systems, each party engaged in the file sharing, transfer, or messaging creates a special encryption key that is broken into two parts: the public key, and the private key.
Public keys are shared with everyone, and allows data to be encrypted for a specific recipient (the holder of the private key).
Because the data doesn’t leave the end user’s computer unless the intended recipient is known, and data is encrypted such that only the holder of the private key can decrypt it, the data being transferred is protected from end to end (and thus the term End to End encryption).
The easiest way to tell if your service provider is using an End to End encryption system is to examine how a new user might access a sent or shared file.
If the file is “posted to the cloud” or “stored in the cloud folder” and then later a link is sent to the recipient, without a new copy of the data being sent from your pc, the provider is NOT using end to end encryption.
Because the file did not leave your machine encrypted for the specific and intended recipient using that recipient’s public key, then the file is not well protected.
End to End Encryption Add-Ons
To further muddy the waters, there are providers who are offering encryption add-ons for cloud data providers (see Safe Monk for DropBox). These add-ons provide a means to encrypt data before being posted to the recipient.
This encryption provides the benefit of preventing the providers’ admins or hackers from accessing your data. Anyone accessing a shared, but encrypted, file requires access to the key used to protect the data.
Some providers facilitate the file sharing with encryption by generating the key, and providing it to anyone you’ve shared the file with.
While this reduces the burden of having to deal with that, it also means that the provider has access to the key themselves. Rather than being at risk from admins or hackers at the cloud provider, you are now at risk from admins or hackers at an unknown startup or large company (e.g. Dropbox / Box/Google etc. ). Sensitive files should certainly not be viewable by the company hosting your file storage.
Other solutions require sending the key manually, which is often done via email. The problem arises when a compromised email leaks both the key and the link to access it, bypassing any real value of encryption in the first place.
Email and Web Browsers: Reinforcing bad habits
First, and foremost, file transfer / sharing / storage solutions that rely upon email validation (only) and web browser based transfers should immediately be cause for concern.
Email should not be considered as a secure communications medium. (see 3 Reasons Email is Not Secure by Roger Neel and The Value of a Hacked Email Account from Krebs on Security). Any system that relies upon asking for the input of an email address to share a file leads to significant risks including misdirected, hacked, or forwarded emails.
Web browsers do not provide a secure, efficient, and reliable means of file transfer. (see above for flaws in TLS/SSL). Communication channels themselves can be proxied, manipulated, or relayed in a way that allows for others to see the content. (See SSLSTRIP by Moxie Marlinspike). Additionally, web browsers themselves can be hijacked through the introduction of malware masquerading as web toolbars, helpers, and add-ons (see Much Ado About Browser Malware by Adam Kujawa).
Unfortunately, old habits die hard. It’s not uncommon to click links in emails to download files. This approach is considered one of the most common ways in which cyber compromises are initiated (see 2013 Data Breach Investigations Report by Verizon).
A Better Way: Secure Send
We at Secure Send believe that there exists a significantly better way for people to share files.
Foremost, the Secure Send platform implements End to End encryption, strictly enforcing the protection of the private keys at the end points, and ensuring that the Secure Send service has zero knowledge of the contents of your files or messages passing through our system (see our Zero Knowledge Pledge). We provide a means to readily leverage the best capabilities of private key encryption without the complexities or overhead of operating a certificate authority or PKI.
Next, we augment our authentication cycle by leveraging “big data” analytics to track and score user interactions on our platform. By analyzing key data points including typical past locations and times where you accessed the platform, device used to access it, and other biometric data (including key stroke cadence when entering your password), we can quickly respond to fraudulent activity (by requiring additional levels of authentication or blocking). We refer to this technology as “Active Authentication”.
Access to our premium privacy guaranteed platform requires that users cannot hide behind anonymity of fake identities. We are focused on establishing a better means to decide if you are willing to interact with the other person by providing a means to validate a person’s identity and share the results. We require that people provide the information necessary to make a decision about the trustworthiness of a communications or file transfer with confidence. By requiring mutual approval for communications from identity verified individuals, we mitigate a significant number of attack vectors that prey upon people’s tendency to trust even when there is an absence of data upon which to make the decision.
Building upon multiple decades of expertise across a broad range of industries, we have built a new approach to transmitting data reliably and efficiently. Unlike browser based sharing solutions which are limited to standard transmission protocols, the Secure Send “FastSend” technology continuously adapts based upon resources and data structure to auto optimize the data transfer process. By concurrently reading, compressing, encrypting, and transmitting blocks of data, file transmissions times are significantly reduced while enforcing End to End encryption. This block based approach allows for recovery of partially completed transmissions as well as transmission of ridiculously large files (up to 16 Exabytes in size).
But what value is such advanced technologies if users don’t use it? Many past solutions attempting to solve this problem were costly, time consuming, and complicated. As a result, most end users either grudgingly used them or found a means to bypass them.
But not with Secure Send. Our application was designed by industry leading UX experts to ensure that it’s easy to deploy and easy to use (no manual required). It is not only safe and fast, but elegant, clean, and intuitive.
We at Secure Send believe that business communications requires a different approach to privacy and security. And so we’ve built it.