Security Everywhere Architecture
By David Pfeiffer
mSecure 3.0 introduces the Security Everywhere™ sync architecture that builds on mSecure's security foundation to provide a new level of data security and accessibility. Cloud syncing offers the great advantage of being able to sync anywhere and anytime without firewall restrictions and sync servers, but this convenience cannot come at the expense of data security.
The Security Everywhere™ cloud sync architecture was designed to accomplish three main goals:
- Sync securely without concern about the security of the cloud system, transmission system or backdoor attacks.
- Sync anywhere using a general Internet connection without the hassle of firewall and router settings.
- Sync anytime keeping all mobile and computing devices in sync without a sync server.
These goals were met in the Security Everywhere sync architecture. The Security Everywhere architecture enables mSecure data to be saved on a plethora of cloud systems while satisfying the above goals. To better understand design of any security system, it should be considered in the context of the threat model it mitigates.
There are three primary threat or attack models that we are concerned about:
- Physical device attack (when device is lost or stolen), a subject for another white paper.
- Sync file attack accessed from the cloud (when using Dropbox or other cloud sync)
- Man-in-the-middle attack (interception of the sync file on the way to the cloud)
We currently lump the Sync file attack and the man-in-the-middle together because both represent a compromised cloud attack. We mitigate this attack by encrypting the data before it is sent to the cloud server. As you will see in this white paper that a strong password and a solid security system are key to keeping data secure.
Sync File Attacks
The sync file attack is an important threat scenario because if the hacker accesses the sync file from the cloud, they can apply significant computing resources to crack the file in a brute-force attack. We recognize that cloud servers can be compromised, so we designed the Security Everywhere architecture not to be dependent on the security of the transmission of the data to the cloud or the security of the cloud, but rather to encrypt the file using a strong sync password with a double encryption and compression system designed to thwart rainbow tables (reverse password look up tables for known data items) and the brute force attack. The system requires the user to create a separate strong sync password for the cloud file. The strong password with our encryption system would require super computer over 100 years to crack the data in a brute force attack.
Multiple Cloud System Support
The Security Everywhere sync architecture was design to operate with multiple cloud systems. Currently mSecure supports the Dropbox Cloud, but others such as iCloud is in development and other cloud systems are under consideration. If you have a cloud system that you would like to see us support, please email us at firstname.lastname@example.org.
- 256-bit Blowfish Encryption
- 256-bit SHA Password hash
- File Compression
- Enforcement of Minimum sync password length
The Security Everywhere™ sync architecture is a security system which employs multiple techniques and tools to secure your data. A strong Blowfish encryption system that has not been cracked together with strong passwords can keep your data secure. The Security Everywhere™ sync architecture provides anytime access while providing a solid security model to protect data from brute-force and cloud system attacks.