As a law firm, my employer maintains a large amount of personally identifiable information (PII) along with vast amounts of our client’s (banks and lenders) data and digital documents. Our desire to move as much of our datacenter to the cloud (along with all this sensitive data) as quickly as possible has led to many debates about PII and sensitive client data in the cloud. These debates have to consider the regulations governing the mortgage industry (our area of practice) and law firms along with our client’s wishes and demands.
With this reality in mind, I wanted to dig deeper into the world of encryption for data stored in the cloud, which brought me to the above article for my first reflection. This article offers several fascinating statistics and insights regarding the lack of security around cloud storage. This particular article focuses on cloud-based applications and how few application service providers encrypt their user’s data at rest and how much sensitive data users actually upload.
The problem that I’m more interested in is with cloud-based file system storage. When offerings like Google Drive or Dropbox are examined, we see that they encrypt user data at rest, but the rub is that the user does not control or possess the encryption key(s) - Google and Dropbox handle that. Would this be good enough when it comes to ensuring our clients (and regulatory bodies) that their data is safe? I don’t think so.
The only way we, or any other organization, as caretaker of sensitive information, can promise anyone that the data is safe is if it’s encrypted at rest and we control the encryption keys, not a third-party. Even if the likes of Google and Dropbox have better security controls than my small-to-medium sized law firm, they are still a third-party - no assumptions can be made and no assurances can be granted for their capabilities.
After a quick look at Amazon’s AWS offering for cloud storage, I saw that they offered encryption at rest (no surprise) along with the option for the customer to control the encryption key(s). I’m not sure what the banks think, but if their data is encrypted and we possess the keys, then it simply shouldn’t matter where the data is actually stored.
Reflection 2: 4 fatal problems with PKI
I couldn’t help reflecting on this article, because, as technology-oriented articles go, this one is quite sensational. Actually, the first three flaws are more mildly surprising than sensational, at least for someone who is not a security expert.
The first flaw essentially says that PKI is too complicated and thus prone to mistakes. This is a perspective I was not aware of, as many companies set up their own PKIs and apparently, most do it poorly. Of course, the article is written by a PKI consultant, so he obviously stands to gain by convincing businesses that they cannot set up a PKI themselves.
The second flaw is an extension of the first, where the author states that the complexity of PKI causes numerous PKI errors that often reveal themselves to a user trying to reach a supposedly secured website. In a more secure Internet, the errors would be few and when there are PKI errors, access would be blocked. However, what happens in the real world is that our browsers allow access, presenting nothing more than a warning, which is usually ignored by the user.
The third flaw really isn’t a flaw of PKI at all. To impune PKI by stating that it does address all other technology security risks that a business faces doesn’t make much sense. PKI is primarily used as an integral component for encrypting data in transit, and with the exception of flaws one and two, it really does that quite well (and has been doing it for quite some time also).
It’s the fourth flaw that I found extremely interesting, very sensational, and somewhat scary. For the fourth flaw, the author states that “eventually, PKI will stop working forever”. One of the few things I know about PKI is that it’s based on asymmetric key pairs, where a file encrypted with key “a” can only be decrypted with key “b” and vice versa. Knowing the key used for encryption does not allow someone to decrypt the file, which is the fascinating point about this technology (developed back in the 1970s). The secret to asymmetric key pairs involves large prime numbers and some very complicated math, so complicated that even today’s computing power cannot be leveraged to crack the encryption keys. However, here is where the author makes it interesting. He says:
One day, the incredibly hard math involving large prime numbers won't be so difficult to solve anymore. For example, one of the biggest promises of Quantum computing, whenever it finally gets perfected, is that it will be able to immediately break open PKI-protected secrets. Sometime in the near- to midterm future, useful Quantum computers will become a reality. When they do, most public crypto will fall.
After delivering the depressing message that the very foundation of a secured Internet will one day crumble, the author at least offers a modicum of hope by saying that quantum cryptography will be the answer. The author then steals back that modicum of hope by stating that the quantum computers needed for quantum cryptography will be extremely expensive and beyond the means for the average Internet user.
Hard to tell where this is headed, but if there’s any likelihood to the author’s claims, then I would guess that in the future we might be shopping Amazon from some centralized Internet cafe offering quantum computers, at least until we can afford our own.
Reflection 3: Quantum computing 101
I wasn’t expecting to reflect on quantum computing, but the previous reflection proved too fascinating to just drop the topic. Even though there’s a lot of interesting material in this article and it’s presented in a nice “101” manner suitable for someone reading about quantum computing for the first time, what’s really nice is that it explains how quantum cryptography works, at least at a high-level.
Rather than trying to summarize an already nice summary, I’ll call out a few of the interesting elements of quantum cryptography. The first interesting element is that the encryption key is based on the polarization of photons, which is completely random and unpredictable (crazy quantum stuff). What’s really interesting about this is that the “key” is physical in nature, unlike today’s keys which are based on a mathematical problem. Because of this physical (and random) nature, even the most powerful quantum computers of the future will not be able to break the key because it’s not mathematical.
Even if the keys cannot be cracked, one would think they could be intercepted in transit, which is another really interesting part of quantum cryptography. While the photons are being transmitted to the parties wishing to initiate encrypted communication, they cannot be sniffed or copied in anyway, as such an innocuous action will cause their polarizations to randomly change (more crazy quantum stuff), causing the keys to not match, and thus, forcing the two parties to retry until their keys match.
The last interesting point about all this crazy quantum stuff is that for the field of cryptography, it is simply a new means for distributing synchronous keys (shared secrets). Once the quantum distribution of photons has successfully been concluded, everything reverts back to technology we are all comfortable with today, that being traditional data encryption using a shared-secret key. As long as those photon-generated keys are not stored and reused, all communication should be secured.
What I don’t understand at this point is who will generate these photon-based keys and how will they be transmitted to the parties involved. Will it be technology for the masses or for the few? Will the average Internet surfer be required to own a quantum computer to receive a quantum key? The author from my second reflection implied as much when he expressed concern that quantum computers are not expected to be priced for the average consumer anytime soon, if ever.
This leaves me wondering what the future of e-commerce and B2B integration looks like. It sounds like there’s going to be a period of time in which a small number of quantum computers will exist for big business, governments, and James Bond villains, while unavailable to the rest of the world. This means that traditional Internet encryption using PKI could be easily cracked by anyone possessing a quantum computer while the masses will not yet have access to quantum keys as the antidote. That sounds scary and certainly would be a huge step backward.