Whitehall IT chiefs have been warned by the intelligence agency GCHQ that security problems with cloud computing could foil their plans to use the technology to slash the cost of public services. The assessment forms part of the first report of the Cyber Security Operations Centre (CSOC), seen by The Register. The new internet …
I hear the sound of public servants getting told their pork barrel is being made smaller and they don't like it, so they respond with FEEEEAAAAAAAAAAAAAAARRRRRRRRR BE AFRAID LITTLE WORMS BE TERRIFIED! YOU WILL __DIIIEEEEE__ BE AFRAID! GIVE US MONEY! WE ARE THE ONLY ONES WHO CAN PROTECT YOU! FEEEEED US YOU MONEY!!
More lives could be saved by investing in social services (preferably directly avoiding central government/civil service of all kinds) then will ever be saved giving money to the assorted leeches in whitehall.
If they're trying to scare you they're likely to be trying to f--k you.
Did we just step back in time?
Storing info in other countries - CSOC presumably never heard of encryption
Losing credentials is a problem - but it has nothing to do with the physical location of the identity thief
I'm sure there's lots of security issues with cloud computing - it would be nice if our govt cyber security team could spot one of them
BB is watching you - but he has cataracts
I'm sure they're looking forward to the day when the national ID database is stored in the cloud, on servers in Israel. Still think the location of the servers is not an issue?
And an IQ of 4!
I'm not so sure
I'm not an expert in this 'cloud' thingy, but I always had the impression that for those systems to work, at least part of the data in the servers (index fields and the such) must be unencrypted at some point. Putting those servers in other countries would make very easy for the governments of said countries to eavesdrop or even modify the data. If the data is never unencrypted in the servers, then each transaction would imply sending all or most of the database to the clients, which seems quite impractical and poses its own security risks.
Even if no data is unencrypted, said governments would be able to control the communication channels, allowing them to use any kind of cryptanalysis they please. It would also be easier for them to create and use use 'cribs' to break the crypto.
In the best of cases -an unbreakable cryptosystem with no data in the open- said governments would be able to put a stranglehold on your communications, i.e. cutting access to your country's taxes, NHS or passport data.
So yeah, what could possibly go wrong?
*Nota bene: while hosting those cloud servers in your country makes these activities more difficult for foreign governments, it doesn't rule them out completely . IMHO the problem here is the whole 'cloud' concept.
We already ousorce out torture to the yanks so why not our data to whoether?
.. and gov email checking ..
Every email in or out the UK government secure intranet goes via Messagelabs. Last time I checked, that was a US company so the boys in Washington probably get copies faster than the intended recipients..
I wonder how much they paid
for these brilliant nuggets of common sense^W^W advice.
Probably more than I can reasonably expect to earn in my entire life.
Funny that they can't slap together an NHS IT system worth two shits but they can upload our biometrics to some pervserver faster than we can lube up our collective ass.
Next stop: government firewall, delivered on time so that us prols know who's boss. Don't worry about paying for it, they've delayed the NHS project another 20 years.
In other news...
CSOC warn against use of the new-fangled 'telephonic communication apparatus' - claims civil servants could be seduced from their duty by communications from 'external untrusted sources'....
and @anon coward 14.40, it's not even common sense.
It wouldn't matter one jot where the data is stored, or in which country. If the login credentials are available to a malicious user, and given the nature of the internet, what difference, precisely, would it make, if all of our sensitive data was stored in N.Korea.
I think the best people to ask about where to store sensitive data to be safe from prying eyes, might be, say Google, or intel, or maybe any one of the alledged 33 other major corporations hacked.
Or have I got that wrong, if UK data is stored only in/by the UK, then only people with the correct login credentials, who are only located in the UK can access that data, provided of course that there are technologies available to detect access from abroad via a VPN from a spoofed IP running through a proxy, connecting from a secondary/tertiary junction within an IP range registering UK location.
Or do UK Embassies abroad not need access to any of the data that may or may not be stored whatever the case.
It's not common sense at all, someone is just not thinking clearly about the dangers of electronic storage at all, and why would I not be surprisede about that coming from the UK's intelligence services. Expect to see more terminated Brazillian carpenters littering our streets in future.
"I'm sure they're looking forward to the day when the national ID database is stored in the cloud, on servers in Israel. Still think the location of the servers is not an issue?"
I'm not looking forward to having an ID card at all.
However as others have pointed out *all* such database should be fully encrypted so that even a loss of storage media (like a whole hard drive) which IIRC was what happened when a US company the DVLC outsourced a load of driving tests to lost one of them.
@ John Smith 19
Important point... you'ld never be able to prove a dead disc was ever securely destroyed or flogged on.
Oh just think, passport data in the cloud. What could possibly go wrong? Shalom!
Any system is only as secure as it's poorest worker with a big bill to pay.
"Storing info in other countries - CSOC presumably never heard of encryption"
a) You are assuming crypto can't be broken. Tens of thousands of U-Boot men and japanese sailors bet their life on that and lost that bet. Don't assume anything important changed in this area. 3DES and AES will be broken sooner or later.
b) An encrypted database is not that useful except if you only use it as data dump. As soon as you want to query and update it, some kind of cleartext must appear. With a lot of effort one could devise a mapping of cleartext->crypto, so that "Miller" would be stored as "afe284171ed", but that limits the capabilities of the database drastically. For example, if you wanted to get all people whose names start with "Mill" you would be screwed. Because "Milliband" would encrypt to (say) "monkey413664". Each data field would need an initalisation vector (IV) to encrypt same data differently. W/o IV you can neat statistical analysis based on probability of names, for example. IVs would take 16 bytes typically per data field and row.
More importantly, encrypting individual fields of a medical record in a complex relational database might provide some very interesting statistical clues.
For example, Mr Miller lives in a municipality of 267 people and is 47 years old. He has moved much more than the other 267 people and therefore has many more relationships with GPs in the database. This you can correlate with what you know about him. Then you see he has a disease that affects 0.235% of population. You look up public statistics and figure he has Aids, because that is the diesease which affects 0.235% of population.
Bogus data could "mask" these statistical clues, but I am not sure about the effectiveness of this and how to properly do it.
Also, you would a pretty powerful machine Under Your Own Control to encrypt/decrypt all those SQL queries. That also defeats the cloud idea considerably.
Important point... you'ld never be able to prove a dead disc was ever securely destroyed or flogged on.
That is a problem in asset management and writing clearly understood contract with reputable suppliers. Mind you given who HMG thinks *are* reputable suppliers, and its apparent inability to negotiate a contract that does not screw themselves (or rather the taxpayers coughing up the cash for it) that should be a distinct risk factor.
"Any system is only as secure as it's poorest worker with a big bill to pay."
Excellent point. Applicable to *any* system architecture.
"3DES and AES will be broken sooner or later."
Quite right. The question is when. DES was retired because the EFF built hardware to *prove* it could be brute force attacked within an average 3 1/2 days. Till then the US govt maintained it was safe as houses, suggesting the NSA has been reading DES traffic for years.
The EFF tech were ASIC clocked at 20Mhz built for $200k total, when GaAs foundries could do 2 Ghz easily.
AFAIK there is *no* analysis that running DES on date 3 times cubes the complexity of an attack, although it is a widespread belief (I'd welcome any reference to this issue).
The system that Sky Digital uses uses a 2048 bit public key system. I suspect they have a backup plan to roll out something even longer if it is compromised.
You're quite correct that any encrypted stream has to be put in plain text at some point. This is the same as MIcrosoft's efforts to foist DRM on people. It differs in that the whole back end of the system should *not* be accessible to the general public.
Modern practice is the 3 tier approach. bulk data storage feeding a "Business logic" layer feeding the front end interface or interfaces. ON this basis the business logic layer *should* stay under direct UK govt control. The storage can be anywhere as long as latency is reasonable but all held data is encrypted, although how this works with indexes is likely to be tricky.
Of course before getting too enamoured of this approach perhaps a cross depart review of just *how* much has been saved by all this outsourcing might be in order.
Cloud computing identifies the problem in the very words: cloud. The edges are fuzzy, which is why politicians and marketeers like it, and technical and security people hate it.
Cloud computing for government is feasible if the clouds are all in the UK and managed securely. If as much as a whisp (to stay with the image) drifts outside you have serious problems.
That the government is already saturated with people leaking information is no argument to make it even easier, so I'm fully with the doughnut inhabitants on this one.
I was going to say that letting politicians taking decisions about things they don't understand is a bad idea, but then I realised that's exactly what those people do - witness the economy..
...than I thought, as it is impossible to use IVs. "Miller" must always be encoded to the same ciphertext "afe284171ed" if one wants to be able to use the last name column for querying.
As the statistical distribution of names is well known, the database would have to be filled with bogus entries until statistical differences disappear.
The whole idea of an encrypted database seems severly flawed, as long as it is not a very stupid data dump.
Always assuming the cipher is safe, which is a historically hazardous assumption, a huge "binary large object" of patient data could be stored in the "cloud" and decrypted at medical facilites using a smartcard. But the complex stuff like statistics support and accounting of medical services and prescribed drugs would not be securly possible in an untrusted cloud system.
The bottom line is that sensitve data of citizens must be processed in facilites that can be trusted. And that implies that data is not transferred into different countries, just because electricity is cheaper there.
What is definitely possible is to have a kind of "government cloud" operated by a trusted (and certified) private company inside a country's borders. The existing Google Cloud certainly is clearly not secure enough. Access to this cloud can of course be limited using VPN, firewall and cryptologic techniques as it is done already. A lot of security issues still remain unanswered if one looks at the terminals that are used to access the data. I bet there are lots of GP's or hospital's PCs out there infected by viruses and trojans.
good to see they're awake
CSOC are in the organisation that invented serious encryption busting.
Then there's the issue of sovereign govts giving themselves the right to look at any data on any device in their legal jurisdiction (national security).
Add to this the woeful capability in some countries to investigate and their courts enforce data privacy laws (or little or no deterrence to data theft), particularly when the 'nice little earner' is bigger than the possible penalties, coupled with plenty of corporate incentive to cover it up anyway.
Every heard of, breaking encryption? or wire-shark for that matter..
Right. Who says the location of data doesn't matter? rubbish
Regardless of where in the world, if the data-centre is compromised, then TCP/IP traffic can be captured, analysed, de-encrypted, attacked (man-in-the-middle), especial so if it they data-centre is providing the security remotely for that data. The whole concept of putting data onto the cloud, means trusting those who administrate the cloud.
Think about this a little harder people. Ok, so in theory you could setup a secure cloud with no vulns, but has there every been an IT system like this, distrusted over the internet? Even if you ticked the boxs of Integrity and Confidentiality as some of you have mentioned, you can't get availability because you are left open to potential DDoS attacks.
just my 2 cents.
DES vs 3DES
"DES was retired because the EFF built hardware to *prove* it could be brute force attacked within an average 3 1/2 days."
DES was not really "broken". I would rather call it an "exhaustive key search". That will not work against 3DES, because you would have to search a 112 bit key space. That is about 10^30 operations and will probably stay infeasible for the next 100 years.
I was referring to a mathematical weakness being exploited, like the Enigma's Steckerbrett. Enigma would not have been broken, if they had not found this and another weakness.
"DES was not really "broken". I would rather call it an "exhaustive key search". That will not work against 3DES, because you would have to search a 112 bit key space. That is about 10^30 operations and will probably stay infeasible for the next 100 years."
I called a brute force attack, you call it an exhaustive key search. They did not and I do not claim they found some way to radically shorten the key.
However IIRC poor key selection *can* result in a given plain text generating a cipher text from a *much* smaller range of possible outputs than the cipher is theoretically capable of producing.
The ASICs they built tried *every* possible key on a chunk of plain text with registers to check the resulting "plain text" for interesting features. No interesting features, generate next key and repeat. The method might be crude to you, but it demonstrated that the code was no longer *practically* secure, as opposed to theoretically secure. The NSA had continued to claim it was secure at the time. this method was probably used by M15 in its decoding of intercepts from the Russian embassy in London during WW2. Once you have the *raw* data you can run over it as often as necessary to crack it.
I note that despite it being called 3 DES it is viewed as equal to a 112 bit key, not a 168 bit key. I also note that the AES is a 256 (255?) bit key
My point was that encryption can help, but if used, and the data is outside UK and/or EU law plans should be made for its eventual compromise and replacement. Believing anything else is a fantasy.