puzzle lock

19
Cloud Puzzle Lock Senad ARUCH SENIOR SECURITY SPECIALIST Communication Valley Reply Davide Cioccia Nicola Gobbo Alessandra Pranzo

Upload: senad-aruc

Post on 28-Jul-2015

44 views

Category:

Documents


1 download

TRANSCRIPT

Cloud  Puzzle  LockSenad  ARUCH

SENIOR SECURITY SPECIALIST

Communication  Valley  -­ Reply

Davide CiocciaNicola  Gobbo

Alessandra  Pranzo

2

Why  we  are  using  the  cloud  drive  services?• always  online,  backup,  redundancy.• possibility  to  share  files  in  faster  way• more  space  than  classic  email  services• flexibility  and  easy  share

3

What  we  store  in  this  cloud  drives?• to  store  our  documents,  photos  and  other  files• to  backup  our  mobile  devices• to  share  our  company  documents• for  online  backup

and  more  …

4

How  we  protect  our  files:• Encryptions.• Hiding  somewhere• Password  protection.

5

How  secure  is  this  cloud  drive?• username  and  password  • some  of  them  offers  2  way  authentication• some  of  them  are  encrypted

6

Confirmed  hacks  until  today:• NSA.• Malware.• Phishing  attacks.

7

Cloud  Puzzle  Lock

Communication  Valley  -­ Reply

Presents  

8

Why  we  build  and  our  aim  here….

Cloud Puzzle Lock helps users to use the cloud drives inmore secure way. NSA interceptions and industrialespionage is main risk against todays privacy andintegrity. The biggest challenge in this project is to usethe technology that we have in our hands.

Why?

CPL use more than four security levels distributedaround the globe. Every file that users upload using theCPL solution will became a real puzzle with multipleencryptions.

How?

9

Why  we  build  and  our  aim  here….

How it works?

When we request a file stored on distributed system the CPL with collect the puzzles,decrypt and build the whole puzzle “file” for us in full automatic way. CPL is also capableto use Two-­‐man rule to encrypt and distribute a confidential data.

How secure is?

CPL security will be very hard to crack because allwell know cloud drives like DropBox andGoogleDrive uses a two-­‐way authentication. Andthe attacker must hack all four cloud drives toretrieve the all encrypted puzzle pieces. This is likeimpossible.

10

Why  we  build  and  our  aim  here….

Who is the target?

CPL can be sold like service or like appliance with preinstalled CPL based on Hadoopclusters distributed around the globe for Government, Intelligence agencies and bigcompanies where they need to access and share files in easy and secureway.

…but why not you?

11

More  than  one  person  encryption  and  decryption  NATO standard.

How  secure  you  want  to  make  your  files?

The two-­‐man  rule is  a  control  mechanism  designed  to  achieve  a  high  level  of  security  for  especially  critical  material  or  operations.  

Under  this  rule  all  access  and  actions  requires  the  presence  of  two  authorized  people  at  all  times.

For  Cloud  Puzzle  Lock  this  is  the  minimum.  It  can  simulate  the  N-­‐man  rule  option  to  grant  more  protection.  If  you  want,  you  can  open  the  file  only  if  you  have  all  people  acknowledgement.  

12

Classic  Way  of  stored  files  in  the  cloud  drives.

The  risk  in  this  case  is  that  the  files  are  in  WHOLE so  if  your  login  details  get  compromised  you  files  are  accessible.

secret.pdf10.MB

File  Browser:

13

Classic  Way  of  stored  files  in  the  cloud  drives.

Even  if  your  files  are  encrypted  they  are  not  in  safe  because  of  the  NSA,  we  all  know  that  NSA  can  crack  any  type  of  encryption.  

secret.pdf.gpg10.MB

File  Browser:

14

Classic  Way  of  stored  files  in  the  cloud  drives.

Without  the  Cloud  Puzzle  Lock  the  file  structure  is  like  this.

secret.pdf10.MB

File  Browser:

prototype.pdf6.MB

Plan.docx2.MB

15

Cloud  Puzzle  Lock  way  of  stored  files  in  the  cloud  drives:  process.

secret.pdf10.MB

secret.pdf.pl42.5MB

secret.pdf.pl22.5MB

secret.pdf.pl32.5MB

secret.pdf.pl12.5MB

C.panel

secret.pdf10.MB

secret.pdf.p12.5MB

secret.pdf.p42.5MB

secret.pdf.p32.5MB

secret.pdf.p22.5MB

drag&drop

Splitting  the  file  multiple  to  how  many  cloud  

drives  user  have.

secret.pdf.pl42.5MB

secret.pdf.pl22.5MB

secret.pdf.pl32.5MB

secret.pdf.pl12.5MB

Encrypting  the  puzzle  piece  with  1th  private  PGP  key

Encrypting  the  puzzle  piece  with  4th  private  PGP  

keyEncrypting  the  puzzle  piece  with  3th  private  PGP  key

Encrypting   the   puzzle  piece   with  2nd   private  

PGP  key

12

3

3 3 3

44

4 4

16

File  Browser:

plan.docx.pl10.5.MB

Cloud  Puzzle  Lock  way  of  stored  files  in  the  cloud  drives:  Result.

secret.pdf.pl22.5.MB

File  Browser:

plan.docx.pl20.5.MB

secret.pdf.pl32.5.MB

File  Browser:

plan.docx.pl30.5.MB

secret.pdf.pl42.5.MB

File  Browser:

plan.docx.pl40.5.MB

prototype.pdf.pl11.5.MB

secret.pdf.pl12.5.MB

prototype.pdf.pl31.5.MB

prototype.pdf.pl21.5.MB

prototype.pdf.pl41.5.MB

17

…and  in  your  private  FTP  Server

FTP  server

You  can  store  one  puzzle  piecein  your  private  FTP  Server.

With  this  solution  no-­‐one  who  hack  your  cloud  repository  can  rebuild  your  private  file.

There  is  only  one-­‐way:  Hack  your  private  FTP  Server

18

Puzzle  lock  is  a  new  way  to  store  and  share  your  TOP  Secret  files  with  unique  technology  against  the  interceptions.

The  system  uses  the  storage  and  computing  power  of  the  well  knows  cloud  drive  providers.

The  system  is  splitting  the  files  to  a  puzzle  on  the  cloud  drives  its  like  a  HDFS  from  Hadoop.

Every  puzzle  piece  is  encrypted  with  different  private  key

Every  puzzle  piece  is  stored  on  separated  cloud  drive

But  you  will  see  one  file&one drive

Thanks.Senad  ARUCH  [email protected]