Man­age en­cryp­tion on macOS

Glenn Fleish­man looks at user-owned en­cryp­tion

Macworld - - Contents -

I’m glad to see a pos­i­tive se­cu­rity trend: more com­pa­nies have soft­ware avail­able for hosted back­ups and cloud-based stor­age ac­cess that in­cor­po­rates user-owned en­cryp­tion. With th­ese prod­ucts and ser­vices, you are the only per­son or en­tity that con­trols the en­cryp­tion key or passphrase that un­locks the key. The com­pany that makes the soft­ware

or runs the ser­vice not only never sees it, they have no way to ac­cess it.

Ap­ple en­gages in this only with iCloud Key­chain and iMes­sage. While Ap­ple doesn’t know your Ap­ple ID pass­word, you do have to en­ter it for the com­pany to trans­form it into a cryp­to­graph­i­cally se­curely formed ver­sion that it can com­pare against what it has stored for you.

But with iCloud Key­chain, it doesn’t have enough in­for­ma­tion to ex­tract in­for­ma­tion from the mid­dle, be­cause it uses a process that cre­ates en­cryp­tion keys on the end­points on your de­vices. The data sent through Ap­ple’s ser­vices is locked away from its eyes. I wrote about how AgileBits and LastPass used a sim­i­lar ap­proach for their synced ser­vices. (Ap­ple’s sys­tem could be changed in such a way that it would be able to sniff that data, which is one of the weak­nesses of its cur­rent model that needs to be and could be changed.)

With other iCloud data, like pho­tos and con­tacts, and with ev­ery­thing you store on Drop­box, Box, Google Drive, and other cloud stor­age, the en­cryp­tion keys are in the hands of the com­pany run­ning the ser­vice. Drop­box uses en­crypted con­nec­tions be­tween its apps and its servers, and it stores the data only at rest in en­crypted form with keys it possesses. The data has to be de­crypted be­tween at-rest stor­age and tran­sit to and from your de­vices.

I pre­fer that peo­ple have the op­tion for a one-step re­move for ev­ery­thing, not just a few cat­e­gories, to avoid putting their de­crypted data in the hands of third par­ties. That’s for both se­cu­rity (pre­vent­ing un­wanted peo­ple from break­ing through pro­tec­tions) and pri­vacy

(pre­vent­ing un­wanted eyes from see­ing your stuff ). For in­stance, Google has em­pha­sized se­cure tran­sit, push­ing https con­nec­tions widely, and work­ing to help users se­cure their ac­counts and keep data away from snoop­ers. But Google’s busi­ness is based on be­ing able to look at your stuff in order to push ads at you based on it, even if they sand­box their ap­proach so they al­lege they can’t in­di­vid­u­ally iden­tify you. (Which doesn’t ex­plain how they’re go­ing to con­nect re­tail credit-card pur­chases and on­line ad view­ing.)

But you can by­pass this kind of creepy-thoughas­sumed-to-be-le­gal peer­ing over your shoulder as well as se­cur­ing your­self against in­tru­sion should a third-party sys­tems be breached.

Own the keys to rooms in the cas­tle

The se­cu­rity world of­ten talks about the ‘keys to the cas­tle’, re­fer­ring to what secures a sys­tem. If those keys get nabbed, the cas­tle is in­de­fen­si­ble, and the at­tack­ers can ran­sack it. What I de­scribe here is more like keys to panic rooms in the cas­tle. If in­vaders storm the for­ti­fi­ca­tion suc­cess­fully, your room re­mains im­pen­e­tra­ble, even if it’s lit­er­ally cut out of the cas­tle and carted away.

You have five cat­e­gories in which you can be sure to vary­ing de­grees that you’re the only one able to de­crypt or man­age a con­nec­tion or re­motely stored data.

Mes­sag­ing. As noted above, iMes­sage uses an ap­proach that pre­vents Ap­ple from hav­ing ac­cess to the keys that en­crypt your com­mu­ni­ca­tions. Sig­nal, an in­de­pen­dent com­pany, and What­sApp, owned by

Face­book and us­ing Sig­nal’s pro­to­col, both take the same tack, but are frankly bet­ter im­ple­mented and of­fer a way to val­i­date other par­ties’ iden­ti­ties.

Pass­word stor­age. Ap­ple’s iCloud Key­chain is done right, and so are 1Pass­word and LastPass. While other op­tions ex­ist, none seem to com­bine of en­cryp­tion, se­cu­rity, and app ecosys­tem as ro­bustly.

Ser­vice-hosted backup. I ex­plored at length back in Septem­ber 2016 the way in which sev­eral hosted backup ser­vices – like Back­blaze and CrashPlan – man­age your en­cryp­tion keys and passphrases. A few meet rig­or­ous tests of never pos­sess­ing the keys or only pos­sess­ing them in lim­ited cir­cum­stances un­der your con­trol.

Self-hosted backup. If you want to con­trol where your data goes, Arq is the only so­lu­tion for Mac that works with mul­ti­ple cloud providers, SFTP servers, and sync ser­vices (such as Drop­box) and al­lows you to set a lo­cal en­cryp­tion pass­word for ar­chives that

is never trans­mit­ted. (ChronoSync works with fewer ser­vices, but only sup­ports cloud-side en­cryp­tion op­tions with Google and Ama­zon’s stor­age-unit­based cloud of­fer­ings.)

Re­mote ser­vices mounted lo­cally. The lat­est ad­di­tional to the ar­se­nal is an up­date to CloudMounter, which lets you mount SFTP and cloud ser­vices as if they’re Fin­der vol­umes. Ver­sion 2 uses Ap­ple’s built-in en­cryp­tion libraries in macOS to au­to­mat­i­cally en­crypt and de­crypt data at mounted ser­vices on the fly. That bridges the last gap for not re­ly­ing on cloud-side en­cryp­tion. (Panic’s macOS file-trans­fer app, Trans­mit, can mount re­mote file sys­tems as Fin­der vol­umes, and [its sneak-peek screen cap­ture of ver­sion 5][*] shows more cloud ser­vices in­cluded. But ver­sion 4, at least, doesn’t over­lay en­cryp­tion as an op­tion.)

Given the ex­tent and kind of in­tru­sions into all sorts of on­line ser­vices, keep­ing the keys to our cas­tle rooms close seems ad­vis­able if you’re in a po­si­tion where any or all of the above op­tions can work for you. For most peo­ple, they should, although it might in­volve tran­si­tion­ing from one soft­ware pack­age or ser­vice to another.

With CloudMounter and Arq, you may have the last pieces in place to get the ben­e­fits of af­ford­able sync ser­vices with­out hav­ing to buy into their se­cu­rity mod­els, too.

You set your own passphrase for each des­ti­na­tion’s en­cryp­tion keys

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.