[api]

Is there anyone here who actually thought cloud provider HSMs were secure against the provider itself or whatever nation state(s) have jurisdiction over it?

It would never occur to me to even suspect that. I assume that anything I do in the cloud is absolutely transparent to the cloud provider unless it's running homomorphic encryption, which is still too slow and limited to do much that is useful.

I would trust them to be secure against the average "hacker" though, so they do serve some purpose. If your threat model includes nation states then you should not be trusting cloud providers at all.

[jacquesm]

Lots of people believe that. They believe truthfully you can get to the level of AWS, MS, Google, Facebook or Apple whilst standing up to the nations that host those companies. I've walked into government employees in the hallways of tiny ISPs, I see no reason to believe at all that larger companies are any different except for when easier backdoors have been installed.

[BlueTemplar]

The really concerning part is to be STILL believing that after the Snowden scandal, after everybody has seen the slides that explain in detail how the NSA sends an FBI team to gather data from (then, in 2013) Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, Apple (and Dropbox being planned).

Also how Yahoo first refused but was forced to comply by the Foreign Intelligence Surveillance Court of Review.

https://www.electrospaces.net/2014/04/what-is-known-about-ns...

(Note that supposedly, "the companies prefer installing their own monitoring capabilities to their networks and servers, instead of allowing the FBI to plug in government-controlled equipment.")

[mobilio]

And for Yahoo this was reason why Alex Stamos resign: https://arstechnica.com/tech-policy/2016/10/report-fbi-andor...

[eightysixfour]

I don’t know how many believe it and how much is willful ignorance. The big cloud providers make big mistakes but how many trust their organizations to do better against a nation state level actor?

The underlying architectures of our systems are not secure and much of the abstractions built on top of them make that insecurity worse, not better.

For nation state level issues, the solution likely isn’t technical, that is a game of whack-a-mole, it will take a nation deciding that digital intrusions are as or more dangerous than physical ones and to draw a line in the sand. The issue is every nation is doing it and doesn’t want to cut off their own access.

[luxuryballs]

I always just tell people to lookup “Lavabit” to learn everything you need to know.

[byteknight]

To save others a goog: https://en.wikipedia.org/wiki/Lavabit

> Lavabit is an open-source encrypted webmail service, founded in 2004. The service suspended its operations on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email

[rvba]

> He also wrote that in addition to being denied a hearing about the warrant to obtain Lavabit's user information, he was held in contempt of court. The appellate court denied his appeal due to no objection, however, he wrote that because there had been no hearing, no objection could have been raised. His contempt of court charge was also upheld on the ground that it was not disputed; similarly, he was unable to dispute the charge because there had been no hearing to do it in.

Land of the free...

[pyinstallwoes]

That’s scary

[TheRealDunkirk]

> If your threat model includes...

At my Fortune 250, our threat model apparently includes -- rather conveniently and coincidentally -- everything! Well, everything they make an off-the-shelf product for, anyway. It makes new purchasing decisions easy:

"Does your product make any thing, in any way, more secure?"

"Uh... Yes?"

"You son of a bitch. We're in. Roll it out everywhere. Now."

[jdwithit]

This reminds me of our own security team, who as far as I can tell do nothing but run POC's of new security tools. And then maybe once a year actually buy one, generating a ton of work (for others) to replace the very similar tool they bought last year. Seems like a good gig.

[Bluecobra]

And the sad/funny thing is that said tool would probably do diddly squat if one employee falls for a social engineering/phishing attack.

[oefrha]

Occasionally security products turn into malware delivery platforms as well, because they run very privileged, are sometimes more shoddily developed than what they’re protecting, and have fewer eyeballs on them than the vanilla operating system.

Not to mention they may be another Crypto AG.

[jacquesm]

> Occasionally

Much more frequently than that if you lump 'anti virus software' in with security products.

[Prickle]

As someone who's company just suffered this exact issue, all I can say is yes.

They gave me a laptop with 8gb of ram. The laptop runs invisible security software that nominally takes 6~6.8gb.

We just got penetrated by two attackers in the last 40 days.

[formerly_proven]

> We just got penetrated by two attackers in the last 40 days.

* that you know of

[calgoo]

And then when there is a security issue you ask them share the log files from all their spyware and suddenly half the stuff needed is not there because we did not get that module.

[lazide]

Or ‘oh, that feature hasn’t been rolled out yet, expect it in 6 quarters.’.

[Macha]

Ahh, I've been there. I'm sure no concern is given for usability of the result.

Welding your vault shut may make it harder for thieves to break in, but if your business model requires making deposits and withdrawals, it's somewhat less helpful.

[lazide]

Luckily, all but tiny portion of security products have a door you can open if you ask support nicely enough you didn’t know about before. So you can still get your stuff after you weld the door shut.

[hiatus]

There's no thought given to if the cost to secure the thing outweighs the risk of exposure?

[TheRealDunkirk]

I’m not privy to those discussions, but it certainly doesn’t feel like they’re happening. We implement every security “best practice,” for every project, no matter how big or small. We have committees to review, but not to assess scope, only to make sure everything is applied to everything. Also, we have multiple overlapping security products on the corporate desktop image. It feels EXACTLY like no one has ever tried to gauge what a compromise might cost.

[johnklos]

It's interesting to consider the people who, with the very same set of facts, come to completely opposite conclusions about security.

For instance, Amazon has a staff of thousands or tens of thousands. To me, that means they can't possibly have a good grasp on internal security, that there's no way to know if and when data has been accessed improperly, et cetera. To others, the fact that they're a mega-huge company means they have security people, security processes and procedures, and they are therefore even more secure than smaller companies.

For one of the two groups, the generalized uncertainty of the small company is greater than the generalized uncertainty of the large. For the other, the size of the large makes certain things inevitable, where the security of smaller companies obviously depends on which companies we're talking about and the people involved. More often than not, people want to generalize about small companies but wouldn't apply the same criteria to larger companies like Amazon.

There's a huge emotional component in this, which I think salespeople excel at exploiting.

It fascinates me, even though it's a never-ending source of frustration.

[enkid]

If your threat model includes the nation state where you physical infrastructure is, you're hosed.

[outworlder]

> If your threat model includes the nation state where you physical infrastructure is, you're hosed.

True. But even if you trust your nation state 100%, having a backdoor means you now have to worry about it falling into the wrong hands.

[jacquesm]

Even if you trust your nation state 100% having a backdoor means it has already fallen into the wrong hands. That's because 'nation state' is not synonymous with 'people running the nation state'.

[api]

Literally hosed. There's a funny jargon term "rubber hose cryptography" that's used to refer to the cryptanalysis method where you beat someone with a rubber hose until they give you the key. It's 100% effective against all forms of cryptography including even post-quantum algorithms.

[ipaddr]

You would be surprised that for a percent this would not work. Some even like it. Some have a deathwish and want to be a martyr. Some people blow themselves up to further a cause. Also put under heavy stress memories of keys cannot be recalled at times.

It's probably slightly less effective than threatening to kill family members but probably more than threat of jail time.

Either way you require someone alive and with mental awareness. The mind reading tools found in science fiction hasn't been developed yet.

[rangerelf]

It doesn't matter, something will be found that will coerce them into talking. Nobody is an island. Everyone has a breaking point, if it's not rubber hoses, it's socks full of rocks, or it's bottles of mineral water, or any number of methods. Don't think for a second that someone hasn't thought of a better way to get information out of somebody else.

[0xDEAFBEAD]

Yep... read up on interrogation resistance.

[jacquesm]

We're talking about normal people, not psychopaths.

[l33t7332273]

Terrorists are generally highly altruistic, not psychopaths.

It’s a lot easier to blow yourself up(or to spread ideology which encourages it)for a cause that you believe is helping people, in particular _your_ people.

[jacquesm]

The terrorists that blow themselves up and that blow other people up are usually misguided brainwashed angry young men. It's nothing to do with ideology, everything to do with power. Or did you think blowing up schools full of girls is something people genuinely believe helps their people, to give just one example?

Ordinary people just want to be left alone. Old guys wishing for more power will use anything to get it, including sacrificing the younger generations.

[dmayle]

That's actually not true. It can do nothing about M of N cryptography. (That's when a key is broken up such that there are N parts, and at least M (less than N) are required to decrypt. It doesn't matter how many rubber hoses you have, one person can fully divulge or give access to their key and it's still safe.

[hn_version_0023]

I always giggle a little when really smart people forget thugs exist and do what they’re told. If that includes breaking the knees of M people to get what they’re after, then M pairs of knees are gonna get destroyed.

This isn’t hard to understand, but it’s easy to forget our civilization hangs by a thread more often than any of us care to admit.

[ibejoeb]

I don't remember the provenance of the quip, but somewhere at a def con or a hope, I heard, "The point of cryptography is to force the government to torture you."

[jacquesm]

They're perfectly ok with that, and depending on where you live this may happen in more or less overt ways. If the government wants your information, they will get your information. Your very best outcome is to simply rot in detention until you cough up your keys.

[jazzyjackson]

power in numbers

can't torture us all!

[actionfromafar]

Are we deep enough in the thread for the customary reminder that each measure makes it incrementally harder to attack a system?

(Including a system of people.)

Even nation state adversaries don’t have infinite resources to allocate for all opponents.

[__alexs]

I think you can probably get away with only breaking one pair of knees and sending a video of it to the other people.

[solardev]

Youtube would delist that before they could all see it though.

[MichaelZuo]

Any organization that is really really serious about security will obviously keep at least N-M +1 folks, along with their family, in other countries.

Which is a much much higher bar to clear for any would be rubber hose attackers.

[solardev]

Your secrets aren't really safe unless Xi and Putin each have part of your key personally memorized.

[Randomizer42]

That’s hyperbole

[pixl97]

Lets say for example

Bob, Jon, and Tom have pieces of the key. Bob and Jon are in the US and arrested over and commanded by a court to give up the key. Tom is the holdout. The US will issue an international arrest warrant, and now Tom can never safely fly again or the plane will be diverted to the nearest US friendly airport where they will be extradited. So, yea, "safe" is very situational here.

[BurningFrog]

Doesn't Tom's key fragment have to be on a disk somewhere for things to work?

That's the actual weak link to attack.

[kyleplum]

That situation just requires a longer hose

[snoman]

Or M hoses.

[gabereiser]

and more beatings.

[jacquesm]

Sure, so you hit all of the people that have all of the pieces. Problem solved.

[saalweachter]

Or you publicly announce you're hitting 1 of the N people with the rubber hose until M-1 of the other people send you their key fragments.

It's not like these keys are shared among disinterested strangers who have no attachment to each other.

[worthless-trash]

Somehow, somewhere you've just influenced a megacorp's internal crypto process.

[LinuxBender]

This probably works if each person has a cyanide+happy drug pill or a grenade and is willing to sacrifice themselves and the rubber-hoser(s). I think that requires a rare level of devotion. This process must also disable a simple and fragile signalling device to let the others know what's coming.

[aborsy]

This would not work well, because you can’t do it in a secret manner. Overuse of the rubber hose cryptography will become known, and there will be public backlash.

[eastbound]

Seems like the NSA is threatening everyone of arrest (=state-organized violence) if they don’t secretly give them keys, and Snowden revealed it, and there is no public backlash.

[amluto]

Hose-resistant cryptography is possible. Secret sharing comes to mind, or a system by which even the principals can only compromise a key slowly.

[vasco]

I mean in the end everything is people just like Logan Roy said in Succession. Cryptography or any software protections are the same. It's a great quote that is very true:

> "Oh, yes... The law? The law is people. And people is politics. And I can handle of people."

[jhugo]

“I can handle of people”? Cannot parse.

[dralley]

I think that was a mobile typo. The quote is just "I can handle people"

[sambazi]

i feel like "typo" should mean "typing error" and not "autocorrect fubar"

mixing the two implicates humans for the errors of machines

edit:

unless failure to disable autocorrect is counted as a user error

[vasco]

That's exactly what happened!

[PeterStuer]

Addendum: if your threat model includes any nation state that has significant ties to the nation state that hosts your physical or transit infrastructure, you're hosed.

[Obscurity4340]

How might this apply or what are the implications of Signal given its US jurisdiction?

[lmm]

The US authorities can make the same orders that they made with LavaBit (i.e. ordering them to produce a backdoored build and replace yours with it), and they can make them secretly. Given that Signal by design requires you to use it with auto-update enabled (and, notably, goes to some effort to take down ways of using it without auto-update), and has no real verification of those auto-updated builds, I would consider it foolish to rely on the secrecy of Signal if your threat model includes the US authorities or anyone who might be able to call in a favour with them.

[wildfire]

How odd. I have, and continue, to use Signal without auto-update enabled.

I have been prompted, twice in three years to update though.

Perhaps the requirement depends on your country?

[Obscurity4340]

Ya, does it do that thing banking apps do where it insists on the most recent version in order to even be usable?

Otherwise, thats more of an iOS option that can be easily altered

Settings < App Store < Automatic Downloads > App Updates

[autoexec]

Signal started keeping sensitive user data in the cloud a while ago. All the information they brag about previously not being able to turn over because they don't collect it in the first place, well they collect it now. Name, photo, phone number, and worst of all a list of all your contacts is stored forever.

It's not stored very securely either. I wouldn't doubt that three letter agencies have an attack that lets them access the data, but even if they didn't they can just brute force a pin to get whatever they need.

https://community.signalusers.org/t/proper-secure-value-secu...

[Natanael_L]

Signal relies on the client program to not be compromised to keep conversations secret

[numbsafari]

I believe this is why the government of Singapore appears to fund a lot of work on homomorphic encryption.

Even when you are a nation state, you still have to worry about other nation states.

[arter4]

Especially when you are a nation state.

[wsc981]

I feel the same and Snowden kinda said as much regarding phones. To assume each phone is compromised by state level actors.

[TheRealDunkirk]

I mean, there's a reason that the government was involved with setting up the first cell networks. No assumptions need to be involved. They ARE all compromised.

[RF_Savage]

Lawful intercept has always existed in phone networks. Just that one cannot use that in non-allied nations.

[TheRealDunkirk]

You’re missing the point. It was designed to be transparent to interception efforts up front, so you can’t tell if you’re being surveilled, lawfully or not.

[RF_Savage]

For analog Gen0 and Gen1 networks I'd make the claim that it was just as much about technical limitations of the era.

But for 2G export crypto it definitely was about keeping it weak enough to break on demand.

[lokar]

Cloud HSM services have always been understood as a convenience with limited real world security, without even considering nation state threats.

[dclowd9901]

I think there’s such a thing as plausible deniability here. We didn’t know for certain so we weren’t culpable, but now that it’s public record, we really have to do something about it or risk liability with our customer data.

[bowmessage]

See the Cryptographic Control Over Data Access [0] section here for one answer to this problem.

[0] https://cloud.google.com/blog/products/identity-security/new...

[BlueTemplar]

That's nice, but the only reasons that public clients would use a well known bad actor from a rogue state is laziness / incompetence.

[amenghra]

You don't need to think about this in a binary fashion. You can split your trust across multiple entities. Different clouds, different countries, or a mix of cloud and data centers you own.

[ipaddr]

The cloud act ensures this