![• Protectionism
• “[T]he economic policy of restraining trade between states through methods such as tariffs on
imported goods, restrictive quotas, and a variety of other government regulations designed to
allow (according to proponents) "fair competition" between imports and goods and service
produced domestically.” - wikipedia
• Examples
• Historically, most famous for US – American Revolutionary War
• Stamp Act, Tea Act -> Boston tea party
• US – Sugar cane: Brazil far more efficient in producing than sugar beets
• Protect the sugar industry in US, offer credits/tax incentives AND put tariffs on imports
• India – Local subsidiaries only
• Arguments simply don’t hold up – Fledgling industries, national importance
• Typically lead to stagnant economies and little motivation for innovation
• Milton Friedman/Paul Krugman: Free trade “…has a ripple effect throughout the
economy.”
• Alan Greenspan: Protectionism leads “…to an atrophy of our competitive ability. ... If
the protectionist route is followed, newer, more efficient industries will have less
scope to expand, and overall output and economic welfare will suffer.”
Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 2
Tariffs & Protectionism](https://image.slidesharecdn.com/4c1e36bf-ed41-4527-ad29-460237860caf-150729131430-lva1-app6891/85/2013-11-30-Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers-2-320.jpg)
![• “For the private sector, such European clouds could become also
attractive as they could advertise, ‘These are European clouds, so
your personal data is safe.” – Vivian Reding
• “The questions raised around the United States’ FISA act have
focused the minds of Europeans keen to share, but only with those
they chose. TeamDrive has confirmed that European cloud users
want to have data stored under the EU banner, away from the prying
eyes of the US government.” – TeamDrive
• “[W]e comply with the highest German European data privacy
standards. And that is important when you consider the furor around
the issue of unauthorised access in some third countries that don’t
offer the same level of security. But we can deliver CLOUD SERVICES
‘MADE IN GERMANY’ – around the world.” – T-systems
Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 4
FUD & Protectionism](https://image.slidesharecdn.com/4c1e36bf-ed41-4527-ad29-460237860caf-150729131430-lva1-app6891/85/2013-11-30-Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers-4-320.jpg)
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
- 1. Avoiding US Cloud Providers: EU Protectionism or Valid Concerns 2013 Cloud Security Alliance Congress Session 12 December 4, 2013 Jon-Michael C. Brook Cloud, Security & Privacy Principal
- 2. • Protectionism • “[T]he economic policy of restraining trade between states through methods such as tariffs on imported goods, restrictive quotas, and a variety of other government regulations designed to allow (according to proponents) "fair competition" between imports and goods and service produced domestically.” - wikipedia • Examples • Historically, most famous for US – American Revolutionary War • Stamp Act, Tea Act -> Boston tea party • US – Sugar cane: Brazil far more efficient in producing than sugar beets • Protect the sugar industry in US, offer credits/tax incentives AND put tariffs on imports • India – Local subsidiaries only • Arguments simply don’t hold up – Fledgling industries, national importance • Typically lead to stagnant economies and little motivation for innovation • Milton Friedman/Paul Krugman: Free trade “…has a ripple effect throughout the economy.” • Alan Greenspan: Protectionism leads “…to an atrophy of our competitive ability. ... If the protectionist route is followed, newer, more efficient industries will have less scope to expand, and overall output and economic welfare will suffer.” Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 2 Tariffs & Protectionism
- 3. • Viviane Reding - European Commissioner for Justice, Fundamental Rights and Citizenship Jan 2012 – reform proposal of the EU's 1995 data protection directive rules: • "strengthen online privacy rights and boost Europe's digital economy". • "A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3bn a year.” • "The initiative will help reinforce consumer confidence in online services, providing a much-needed boost to growth, jobs, and innovation in Europe." Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 3 What EU Cloud? Vote on single law draft resolution May 2014
- 4. • “For the private sector, such European clouds could become also attractive as they could advertise, ‘These are European clouds, so your personal data is safe.” – Vivian Reding • “The questions raised around the United States’ FISA act have focused the minds of Europeans keen to share, but only with those they chose. TeamDrive has confirmed that European cloud users want to have data stored under the EU banner, away from the prying eyes of the US government.” – TeamDrive • “[W]e comply with the highest German European data privacy standards. And that is important when you consider the furor around the issue of unauthorised access in some third countries that don’t offer the same level of security. But we can deliver CLOUD SERVICES ‘MADE IN GERMANY’ – around the world.” – T-systems Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 4 FUD & Protectionism
- 5. • PATRIOT Act - Allows cryptographic material access requests • US citizens some protections • No protections for non-US citizens • §215 Allows access to customer records in BULK – non-content meta data • Voluntarily disclosed to a 3rd party - Supreme Ct ruling • Requires Court Order for more • Customer data not a business record • Requires Search Warrant • Google, Yahoo, Microsoft, Apple • Obama – Criminal, yes; Civil - Unknown • Never tried to get foreign data • FISA Amendments Act – 50 USC § 1881A • Foreign Intelligence – Potential Attacks, Sabotage/Terrorism, Clandestine Intel • Info must pertain to a foreign power or foreign territory; Not a foreign citizen • Not Business Intelligence - Canada clipped in October NYT release surrounding Brazil mining, US Merkel surveillance on Dollar purchase/sells Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 5 At Issue
- 6. • 4th Amendment • Warrantless search and seizure • Electronic Communications Privacy Act (ECPA) 1986 • Extend Wiretap statute • No voluntary disclosures of customer data by providers • Amended by • Communications Assistance to Law Enforcement Act (CALEA) 1994, PATRIOT Act 2001, PATRIOT Reauthorization 2006 • Federal Intelligence Surveillance Act (FISA) 1978 • Judicial Approval Regime • No data retention requirements • Amended 1998 Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 6 US Laws & Privacy Protections Laws always behind technology and require judicial interpretation
- 7. • Full day symposium by CSA Legal Council at 2013 RSA Summit • US much more respectful of citizen’s privacy • EU General • Voluntary service provider disclosures • EU Data Retention Directive – 6 months to 2 years • Countries • UK • TEMPORA - "Mastering the Internet" and "Global Telecoms Exploitation" • France • Non-judicial wiretapping, connections inside France and between France and other countries are all monitored, even for scientific and economic data • Deutschland • G10 act, intelligence services may monitor and record telecommunications without a court order if they are investigating serious crime, terrorism or threat against their national security. • Federal Trojan – do need court order w/o notification to CSP. • Spain • No warrant required Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 7 Glass Houses - EU Monitoring Laws US better protects from Gov intercept, EU couldn’t meet US legal standards but European citizens (officials?) less suspicious of EU Government/abuses
- 8. • Originally, talk included much different crypto discussion • Cryptography major protection mechanism for Cloud • Multi-tenancy reliance on no cross-talk/hypervisor monitoring • Minimal evidence that cryptographic algorithms are flawed or embedded with backdoors • No historical evidence NSA corrupted underlying crypto algorithms/methodologies • 1970’s DES S-box suggestions from NSA actually strengthened algorithm • Bruce Schneier observed that "It took the academic community two decades to figure out that the NSA 'tweaks' actually improved the security of DES.“ • Clipper chip – Agency learning experience? Government key escrow experiment • Now, essentially key escrow by CSPs • ToS: In June 2011, a Microsoft executive admitted at the Office 365 launch in London, under the Patriot Act, the company could be made to turn over information stored overseas to US authorities without seeking consent or even providing prior notice to the data owner. • Usage Agreements - iCloud, AWS, Mozy, Box, etc.. will turn over keys/data w/ warrant Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 8 Snowden Revelations Reliance on any one technology…
- 9. • Underlying mathematics sound • Crypto shelf life - Moore’s law and key material length • Slowly chip away at the key space to limit brute force search • Implementation problems • PRISM still unknown/fuzzy as to what hand NSA had – 3 choices? 1. Discovered flaws w/o disclosure 2. Contacted by manufacturer and asked to stay silent (as w/ DES) 3. Strong armed flaws into products • RNG • Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) • Schneier – Original standard specification included “default” seed values • Mozilla RNG flaw • ECC • Elliptic Curves & variables chosen are suboptimal (formula, prime, cofactor) CSA 2013 Congress EU Cloud: Protectionism or Reality - 9 Algorithmic Issues? US DoD uses the same algorithms for Top Secret data
- 10. • Who uses what? • Principal expectation - bad crypto implementations • PKCS#11 – RSA, also known as “cryptoki” • Microsoft CAPI – API used by IIS, CA, also available in .NET • Microsoft CNG API – next gen crypto API available for Vista onwards, IIS, ADCS et al • OpenSSL crypto • JCE/JCA – Java API CSA 2013 Congress EU Cloud: Protectionism or Reality - 10 Cryptographic Implementations
- 11. • 5 NIST tenants – biggest issues • Metering – administrative access • Elasticity – moving targets • Self service • Broad Network Access – plenty of connectivity • Resource Pooling - Multi-tenancy, co-mingled data, scattered locations CSA 2013 Congress EU Cloud: Protectionism or Reality - 11 CSP vs Enterprise - unique challenges Don’t Trust Administrators, Wider pipes, Everything together
- 12. • Physical protections – • Assumption: best practices implemented by CSPs, not really a Gov issue directly, but could be used by Gov – think telco providers and wiring closet drops for warrantless wiretapping • Role Based Access Controls • System Administrators segmented from hardware administrators • Identity and Access Management (IdAM) • Pre Snowden • Heavy dose of cryptography w/ a side of key management • Processes and procedures may be implemented by ANY CSP. • Standard best practices – should be in place in data centers already Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 12 CSP Protection Mechanisms
- 13. • Built-in cloud crypto services: • Encryption for data in motion – no-brainer – lock in web browser, SSL/TLS certificates protect against Man in the Middle attacks • Encryption for data at rest – keys held by ISP, readily turned over by CSPs as per ToS • SaaS: • email – Gmail, Yahoo, Live… • Exceptions: Silent circle, Hushmail, Lavabit – paper key disclosure • picture – Flickr, Instagram, Photobucket, … • office – Office365, Zoho, Google Drive, … • backup – Carbonite, Mozy, iDrive, Norton Backup… • … • Object systems: iCloud, Dropbox, Box, S3, SkyDrive, Google Drive… • Exceptions: Jungle Drive, Spider Oak, Symantec Zone Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 13 Principally encryption
- 14. • Amazon AWS • GovCloud – SSL termination on FIPS 140-2 level 3 hardware devices • HSM – Hardware Security Module access (2013) • HSMs built into Intel hardware for >8 years now • Direct access to underlying CPU services • Other Providers to follow/allow hosting • Microsoft Azure • Google Compute Engine • Force • Rackspace • Saavis • VMWare vCloud Hybrid Services CSA 2013 Congress EU Cloud: Protectionism or Reality - 14 IaaS Built-in Crypto Offerings
- 15. • Physical location w/ stronger laws • US isn’t that bad – for US Citizens • Switzerland – but even the Swiss cave (2011) • Privacy = Constitutional fundamental right (Argentina, Brazil, S. Africa) • Confidentiality • Don’t use built-in/default keys – EVER • Essentially consenting to corporate key escrow service for the government • Forgoing the capability of using key destruction for digital file shredding/retention • Own key servers • Separate instance (iffy – aka: server side encryption) • Hosted w/ another provider (okay - ) • On corporate premises (better – aka: client side encryption) • Physical control of crypto material (best - gov implementations aka: HSM/Type 1) Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 15 So what can cloud practitioners do about it
- 16. Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 16 Privacy Protection by Country Privacy Heat map – heatmap.forrestertools.com/
- 17. • Key management • Non-government sponsored algorithms • AES Twofish/Threefish. • ECC NIST Curves Curve25519 or Curve1174 • Sharing Keys • Double blind encryption (ease of use v. security): Symantec, ProofPoint, Google • split custodian/keys, k of m • Other techniques • Homomorphic encryption Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 17 So what can cloud practitioners do about it These are all still susceptible to brute force attacks and crypto implementation subversion
- 18. • Server Side • Client Side on-premise • HSM CSA 2013 Congress EU Cloud: Protectionism or Reality - 18 Reference Architectures AWS references throughout, though should be applicable to other environments. Check out re:Invent SEC304 for further details.
- 19. Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 19 Server Side Encryption
- 20. Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 20 Client Side Encryption
- 21. Cloud Security Alliance 2013 Congress EU Cloud: Protectionism or Reality - 21 Case Study: Netflix & HSM
- 22. • Conclusions • Bunk? Valid concerns? • Skip the FUD, implement the best practices • You’ll never be as efficient at RBAC/separation of duties/physical access • Security in depth – think Safe measurements • Weekly revelations - final release of presentation may be found: https://www.cippguide.org/csa-congress/ • Jon-Michael C. Brook • jbrook@cippguide.org • @jonmichaelbrook • http://www.linkedin.com/in/jonmichaelcbrook CSA 2013 Congress EU Cloud: Protectionism or Reality - 22 Coda
Editor's Notes
- #3: Restraining trade through tariffs, quotas or regulations Famous, Sugar beets, India Economic pundits Friedman – opponent of protectionism Greenspan – no incentive to innovate
- #4: EU Cloud benefit economy Q? Who actually heard of any EU Cloud Providers? Currently each country implements DPD; want single Law Much needed boost http://eandt.theiet.org/magazine/2013/04/regulating-the-cloud-crowd.cfm http://www.zdnet.com/bad-assumptions-about-cloud-computing-and-the-patriot-act-7000002614/ http://www.lexisnexis.com/legalnewsroom/international-law/b/commentry/archive/2013/02/26/cheap-shots-eu-privacy-the-usa-patriot-act-and-cloud-computing.aspx http://siliconangle.com/blog/2013/10/07/eu-move-to-regulate-the-cloud-could-threaten-us-firms/ http://ccskguide.org/european-cloud-computing-concerns/
- #5: http://blog.teamdrive.com/2013_02_01_archive.html http://www.t-systems.com/umn/uti/796860_2/blobBinary/Complete_Edition-ps?ts_layoutId=804564 http://news.yahoo.com/swisscom-builds-swiss-cloud-spying-storm-rages-151807634--sector.html
- #7: Electronic Communications Privacy Act of 1986 (ECPA) , codified at 18 U.S.C. §§ 2510–2522) was enacted by the United States Congress to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer. Specifically, ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Statute), which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA also added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act,18 U.S.C. §§ 2701-12. The ECPA also included so-called pen/trap provisions that permit the tracing of telephone communications. §§ 3121-27. The ECPA has been amended by the Communications Assistance to Law Enforcement Act (CALEA) (1994), the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).[1] The law entitles federal agencies to subpoena 180-day-old emails.[2] http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act The Foreign Intelligence Surveillance Act (FISA) was introduced on May 18, 1977, by Senator Ted Kennedy and was signed into law by President Carter in 1978. The bill was cosponsored by nine Senators: Birch Bayh, James O. Eastland, Jake Garn, Walter Huddleston, Daniel Inouye, Charles Mathias, John L. McClellan, Gaylord Nelson, and Strom Thurmond. The FISA resulted from extensive investigations by Senate Committees into the legality of domestic intelligence activities. These investigations were led separately by Sam Ervin and Frank Church in 1978 as a response to President Richard Nixon’s usage of federal resources to spy on political and activist groups, which violates the Fourth Amendment.[4] The act was created to provide Judicial and congressional oversight of the government's covert surveillance activities of foreign entities and individuals in the United States, while maintaining the secrecy needed to protect national security. It allowed surveillance, without court order, within the United States for up to one year unless the "surveillance will acquire the contents of any communication to which a United States person is a party". If a United States person is involved, judicial authorization was required within 72 hours after surveillance begins. Generally, the statute permits electronic surveillance in two scenarios. Without a court order[edit] The President may authorize, through the Attorney General, electronic surveillance without a court order for the period of one year provided it is only for foreign intelligence information;[7] targeting foreign powers as defined by 50 U.S.C. § 1801(a)(1),(2),(3)[12] or their agents; and there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party.[13] The Attorney General is required to make a certification of these conditions under seal to the Foreign Intelligence Surveillance Court,[14] and report on their compliance to the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence.[15] Since 50 U.S.C. § 1802(a)(1)(A) of this act specifically limits warrantless surveillance to foreign powers as defined by 50 U.S.C. §1801(a) (1),(2), (3) and omits the definitions contained in 50 U.S.C. §1801(a) (4),(5),(6) the act does not authorize the use of warrantless surveillance on: groups engaged in international terrorism or activities in preparation therefore; foreign-based political organizations, not substantially composed of United States persons; or entities that are directed and controlled by a foreign government or governments.[16] Under the FISA act, anyone who engages in electronic surveillance except as authorized by statute is subject to both criminal penalties[17] and civil liabilities.[18] Under 50 U.S.C. § 1811, the President may also authorize warrantless surveillance at the beginning of a war. Specifically, he may authorize such surveillance "for a period not to exceed fifteen calendar days following a declaration of war by the Congress".[19] With a court order[edit] Alternatively, the government may seek a court order permitting the surveillance using the FISA court.[20] Approval of a FISA application requires the court find probable cause that the target of the surveillance be a "foreign power" or an "agent of a foreign power", and that the places at which surveillance is requested is used or will be used by that foreign power or its agent. In addition, the court must find that the proposed surveillance meet certain "minimization requirements" for information pertaining to U.S. persons.[21] http://en.wikipedia.org/wiki/FISA
- #8: CSA Legal Council http://www.thewhir.com/web-hosting-news/cloud-security-alliance-launches-website-for-cloud-related-legal-issues https://cloudsecurityalliance.org/research/clic/ http://en.wikipedia.org/wiki/Tempora http://www.bbc.co.uk/news/world-europe-23553837 http://www.bbc.co.uk/news/world-europe-23178284
- #9: Snowden – Crypto revelations CSP – Crypto major protection – all data side by side Algorithms – NSA involvement DES Q? Who reads usage agreements? CSP Key Escrow https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html http://www.infosecurity-magazine.com/blog/2012/8/27/is-crypto-in-the-cloud-enough-/639.aspx http://arstechnica.com/apple/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy/
- #10: Limited Lifespan – GPU cracking of DES in seconds using rainbow tables PRISM choices – no disclosure, silence, flaws introduced Crypto relies on entropy for initialization ECC - Vendor avoiding NIST ciphers http://news.cnet.com/8301-1009_3-57605286-83/silent-circle-nist-encryption-standards-untrustworthy/ Breakdown of NIST ECC http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf Suite B Crypto AES & ECC http://www.nsa.gov/ia/programs/suiteb_cryptography/
- #12: Cloud Service Providers
- #13: They are bigger than Russel 2000, Forbes 50? Have to have the best practices http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy
- #14: Lavabit – proper requests serviced, then asked for root keys Silent Circle – nuked service Automatic crypto in object systems http://www.hushmail.com/about/technology/ http://en.wikipedia.org/wiki/Lavabit http://www.infosecurity-magazine.com/blog/2012/8/27/is-crypto-in-the-cloud-enough-/639.aspx
- #15: More AWS http://aws.amazon.com/compliance/#fips Azure http://www.windowsazure.com/en-us/support/legal/security-overview/ http://msdn.microsoft.com/en-us/magazine/ee291586.aspx 3rd Party Product key management http://townsendsecurity.com/products/encryption-key-management-for-Microsoft-Azure securely downloads the private keys into each deployed VM with the private key being non-exportable http://www.globalfoundationservices.com/security/documents/WindowsAzureSecurityOverview1_0Aug2010.pdf
- #16: Location Laws (next slide) Swiss bank accounts Switzerland http://hothardware.com/News/US-Corporations-Look-To-Switzerland-For-Cloud-Services-After-NSA-Spying-Fallout/ http://news.yahoo.com/swisscom-builds-swiss-cloud-spying-storm-rages-151807634--sector.html http://www.mondaq.com/unitedstates/x/269842/tax+authorities/Switzerland+and+United+States+Reach+Agreement+on+Swiss+Bank http://www.forbes.com/sites/robertwood/2013/07/09/swiss-banks-reveal-americans-u-k-deal-sputters-and-germany-embraces-fatca/ Worldwide Privacy Laws http://www.whitecase.com/files/Publication/633ca7b2-2f5f-4783-bb58-6046741e6787/Presentation/PublicationAttachment/e08ff2d5-ec2f-45ba-9a49-6c0c2846542f/Countries%20At%20A%20Glance%20-%20Data%20Privacy%20-%20October%202007.pdf Key Servers Separate Instance Third Party Hosted http://web.townsendsecurity.com/bid/63737/Protecting-Your-Data-in-the-Microsoft-Windows-Azure-Cloud http://talkincloud.com/cloud-companies/keynexus-debuts-remote-key-encryption-management-aws http://www.prnewswire.com/news-releases/aws-customers-can-enforce-control-and-maintain-compliance-with-safenet-cloud-based-encryption-and-secure-key-management-230003341.html On Corporate Premises HSM Hybrid w/ AWS - SafeNet https://aws.amazon.com/cloudhsm/ HSM w/ Azure - Thales http://www.thales-esecurity.com/msrms/cloud Physical Control
- #18: Non-Gov Algorithms http://silentcircle.wordpress.com/2013/09/30/nncs/ 3rd Party key storage http://www.ciphercloud.com/cloud-encryption.aspx Double Blind Crypto http://en.wikipedia.org/wiki/Blinding_(cryptography) http://www.proofpoint.com/datasheets/email-archiving/DS-Proofpoint-DoubleBlind-Key-Architecture.pdf http://www.legaltechnology.com/latest-news/data-security-in-the-snowden-era-1-double-blind-encryption/ http://www.google.com/patents/US5638445 http://www.bit.com.au/News/325432,norton-zone-like-dropbox-with-one-key-difference.aspx Key Splitting/ Custodians http://users.telenet.be/d.rijmenants/en/secretsplitting.htm https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet K of M http://en.wikipedia.org/wiki/Publius_Publishing_System Homomorphic http://www.americanscientist.org/issues/pub/2012/5/alice-and-bob-in-cipherspace/1 http://www.networkcomputing.com/cloud-computing/porticor-beefs-up-cloud-security-with-sp/240012638
- #22: HSM – FIPS 140-2 - tamper evident/resistant