## Privacy in the Cloud: Ephemerising your Data

2009/10/11

This post is the first in a series that I would like to call Privacy in the Cloud. My aim is to look at various techniques and technologies that can be used to not only protect our data being stored in the Cloud, but to also  inform us of that protection. I shall also look at the notion of privacy from the view points of the entities involved i.e. service provider and service requester, in terms of legal obligations and ramifications, and the societal aspects. Other topics will be introduced and addressed once I have thought of them…

### Destroying Data

One of the interesting problems that can arise in the Cloud is that of data availability, where data is reliably available on the cloud. Another, related and just as important notion is that of data unavailability, where data is made unrecoverable after a set period. This is important for information that is sensitive and transitory in nature. Recall the messages (or instructions) in the popular television series Inspector Gadget and Mission Impossible:

This message will self destruct in 40 seconds.

In such messages the aim is to reduce number of copies that can be made and also stop access to that data after a set period of time has elapsed.

The obvious solution is to use encryption in which the data is encrypted and the keys used are deleted after a certain period of time. Note normal erasure methods i.e. deletion and repeated rewrites of the data on disk, are not enough as the data can still be recovered via special techniques, obfuscation of the data is needed. The crux of the problem regarding any cryptographic system is that of key management. Recently I have read the Sun Micro-systems technical report SMLI TR-2005-140 in which Radia Perlman introduced the idea of the Ephemeriser as a means to provide self-destructing data. This has been part of recent reading for a course I am undertaking.

In this post I shall introduce the idea of the Ephemeriser , subsequent posts shall look at a variant of the Ephemeriser called Timed-Ephemeriser and other data destroying methods such as Vanish.

### The Ephemeriser

In the Ephemeriser System there are three entities:

1. Alice — the data generator
2. Bob — the data consumer, who can also be Alice herself, and
3. Eve — the Ephemeriser that provides key management

The aim of the Eve (an external server) is to create and advertise a series of Public Key and expiration time pairs. These keys shall be used to encrypt the ephemeral (transitory) data and that after the expiration time the Secret Key is then destroyed. Once Alice has selected and encrypted her data using the key, she then sends the message to Bob. In order for Bob to access the data he collaborates with Eve.

The message passing can be summarised as follows:

In order to ensure the proper destruction of data and also the unwanted copying of the data, Perlman assumes that the software involved (especially in relation to Bob) does not have the ability to copy the decrypted data or hold it in stable storage for use later on.

In the tech. report Perlman provides two implementations of Ephemeriser, one using Triple Encryption using Public Key Encryption and another more efficient implementation that uses blind encryption. In this posting only the Triple Encryption variant shall be described.

### Implementation Using Triple Encryption

Each entity has their own long term encryption and encryption key pairs. Eve will advertise a triple that consists of a public key, Key ID and expiration time. The Key ID is used to identify the corresponding secret key that is stored by Eve.

Please note that the notation used to denote asymmetric encryption goes against the grain of the standard, but this is the notation used in the report itself.

#### Encryption

In order to encrypt the message m, Alice:

1. Encrypts M using a secret per message key S
2. Chooses an ephemeral secret T, that will act as an integrity check
and link between the message encryption key and the ephemeral key.
3. Selects an expiration date, thus obtains a suitable ephemeral key from Eve.
4. The key S shall be triply encrypted using the Public Key of Bob,
the Ephemeral Key and finally the ephemeral secret T
5. Produces a message authentication code of the message encryption key S that has been double encrypted using the public key of bob and the ephemeral key, that has been concatenated to the ephemeral key using a keyed hash function using the ephemeral secret T as the key.

Finally Alice sends to Bob the following:

which is the encrypted ephemeral secret T, the protected per-message key S, the encrypted message M, the Key ID of the ephemeral key, the ephemeral key and the message authentication code.

#### Decryption

The decryption itself consists of three stages the initial decryption of the data by Bob, the use of Eve to remove the ephemeral protection and finally the actual access to the data by Bob.

On receipt of Alice’s message Bob will:

1. Obtains the ephemeral secret T.
2. Obtain the protected per-message key using T.
3. Verifies the produced per-message key through calculation of a message authentication code and comparison against the sent one.
4. Then Bob chooses a per-message key J to secure communication between himself and Eve.
5. Encrypts this key with the ephemeral key sent by Alice.
6. Encrypts the protected per-message key using J.

Finally Bob sends to Eve the following:

which is the key id, the protected per-message key J and the protected per-message key S.

On receipt of Bob’s message Eve:

1. Selects the decryption key corresponding to the ephemeral key ID sent.
2. Obtains the per-message key J.
3. Using J obtains the protected per-message key S used.
4. Decrypts the protected per-message key S using the secret ephemeral key, so that it is now only protected by Bob’s public key.

Finally Eve re-encrypts the protected per-message key S using J and sends this back to Bob, hence the final message is:

Thus on receipt of Eve’s message, Bob:

1. Decrypts the protected per-message key S using J.
2. Obtains S by decrypting the previous result using his secret key.

Once Bob has obtained S he can then obtain the message M.

## QuickQuide: Adding LNCS Springer Style to Ubuntu LaTeX install

2009/09/01

For all you LNCS and LaTeX users here is a quick guide to adding the LNCS LaTeX package to your local Texlive install. This will remove the need for adding the actual lncs.cls file to your LaTeX document directory.

This quickguide has been based upon the information from the posts found here and here.

Currently I am running Ubuntu 9.04 ‘Jaunty Jackalope’ and my LaTeX install is the latest one from TeXlive. I do not use the version as found in the Ubuntu repositories as they are a little bit out-of-date (just like a frigging proper install of Firefox 3.5, who wants Shiretako) and there are more packages available such as TODO.

Here are the steps:

1. If you have not done so install the latest version of TeXlive.
2. Obtain the LNCS styles from Springer.
3. Place the contents of llncs2e.zip into /usr/local/texlive/2008/texmf-dist/tex/latex/lncs
4. finally run $sudo texhash , If you have any problems running texhash then this command might be better: $ sudo bash -c 'export PATH=/usr/local/texlive/2008/bin/i386-linux:$PATH;texhash' And thats it. Enjoy!! ## Letters using LaTeX 2009/03/17 LaTeX is used extensively through out the academic world for writing reports, articles and books. You name it, LaTeX has probably been used to create a document. Recently I had to write a few letters and could not wait for open office or Pages to load and have a nicely laid out letter. So I thought I would decided to use LaTeX instead. The jist of it is that the letter class works the same as any LaTeX document just with a little bit of wrapping. An example of a bog standard letter coded in LaTeX is shown below and its output can be found here: Generated using GeSHi \documentclass{letter} \signature{The Muffin Man} \address{13 Drewery Lane\\ InLondon\\ London\\ LD03 9KL} \begin{document} \begin{letter}{GingerBread Man and Associates\\ 12 Bakery Lane\\ Mordor\\ Middle Earth\\ MO1 ICU} \opening{Dear Gingerbread Man:} \begin{center} \textbf{Don’t you know who I am??} \end{center} Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. \closing{Yours Faithfully,} \end{letter} \end{document} ## Quick Guide: Installing Bt3 on a VirtualBox Machine 2009/02/08 Recently I have been playing around with the Backtrack3 penetration testing OS and decided like many a tech enthusiast being able to have it running on a vmachine is better than booting a LiveCD all the time. Below are the steps that I have taken to install it based upon those found here . I personally prefer to use Virtual Box as it is free software and hasn’t let me down yet. I take no responsibility of the actions generated as a result of the tutorial. Step 1: Obtaining and Installing Software 1. Just go along to the Virtual Box site http://www.virtualbox.org and download the latest version and follow their instructions to install. 2. Go to http://www.remote-exploit.org/backtrack_download.html and download the bt3-final.iso Step 2: Creating Virtual Machine and Loading BackTrack3 1. First create a new Virtual Machine, you can call it what you like. The wizard from Vbox is easy to follow and quite straight forward. However care must be taken at the following points: • Ensure that the intended OS is Linux and Version is Linux 2.6 • At the end of the wizard that you remember to attach the bt3-final.iso as a mounted CD image 2. Launch the new Virtual Machine 3. During the boot please remember to select VESA KDE mode from the options present (Vbox has some graphics issues with the others). 4. Login with user name and password mentioned. 5. And start KDE using startx Step 3: Installing Backtrack3 to the harddisk Step 3.1: Wipeout Wipein For this installation we are going to install Bt3 on a new partition and we are going to WIPE the current virtual machine hard drive. In the terminal presented to you when you first log in to Bt3 enter the following (with /dev/hda representing the virtual machine’s harddisk): $ fdisk /dev/hda p o p n p 1 enter enter a 1 p w 
Then reboot the machine using the command reboot. And remember to select VESA KDE mode on boot up and log in as normal. The next step of commands will set up the hard drive for the intallation.
 $umount /dev/hda1$ mkfs.ext3 /dev/hda1 $mkdir /mnt/bt3$ mount /dev/hda1 /mnt/bt3 $mkdir /mnt/bt3/boot Step 3.2: Copy left, right and center These commands will perform the actual copy of the os across: $ cp –-preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/bt3 $mkdir /mnt/bt3/{mnt,proc,sys,tmp}$ mount –-bind /dev/ /mnt/bt3/dev/ $mount -t proc proc /mnt/bt3/proc/$ cp /boot/vmlinuz /mnt/bt3/boot/ 
Step 3.2: Lilo on the Filo
This will enable the OS to boot properly:
 $chroot /mnt/bt3 /bin/bash # nano /etc/lilo.conf  Edit the lilo.conf file to look as so:  lba32 boot = /dev/hda change-rules reset vga = normal image = /boot/vmlinuz root = /dev/hda1 label = Backtrack3  Then we save with: $ lilo -v

Step 4: Shutdown and reboot

That is it simply restart the virtual machine (make sure the iso has been unmounted) and there you go. Enjoy

Future tutorials may include upgrading the base os of Backtrack3 to the latest slackware distro and or upgrading to KDE 4.2.