Decentralizing the Information Fortress
17th April, 2018 | Data Security | Entropic
Over the past 20 years, as a result of implementing cost savings, better efficiency, and improved manageability, we have seen a significant migration of software, hardware, and data to public and private cloud-based storage infrastructure.
Within these fortresses of information - data centers, and possibly unbeknownst to many, a large amount of personal information continues to accumulate.
The result of this accumulation is a series of massive physical repositories of vulnerable historical information about people, which is becoming an increasingly high value target for cybercriminals. Though many organizations see this accumulation as an asset, it also represents a significant liability.
Only now are we starting to see some significant efforts to mitigate the accumulation of this information. One good example is the emergence of GDPR - a newly established set of regulations that goes into force on May 25th, 2018. GDPR regulates how data protection and privacy of individuals of the European Union must be managed. Amongst these regulations are rules that give individuals the right to access what personal data is being collected, and how it is being used and shared, and the right to be forgotten. Though regulations help to slow the bleeding of people's personal information in the absence of more definitive security technologies, there is a significant flaw in the way that personal information is stored today.
A big reason why stored information is so vulnerable today, is because - encrypted or not, the fabric of the information is holistically stored in one place.
We are still using a fortress-based mindset to protect personal information - a mindset of protecting people and important artifacts that originates from a time that pre-dates the existence of cloud computing, the Internet, and computing devices.
Historically, fortresses were used to protect people and communities, ammunition, and other objects of value. When a fortress was breached, the consequences were that people were injured or perished, and their goods might be stolen. However at this time, some of this was reversible.
For example if documents were taken, it was easier to definitively get them back. The lack of available duplication technology meant that copying them was time consuming.
However with todays technologies, information can be indefinitely duplicated and transferred, with a high degree of efficiency, and the copies may never be recovered. Once systems are compromised, extracting information is relatively trivial, and may be done in only a few seconds or minutes. It is also not necessary that the attacker be physically present to steal the information.
This is why using a series of one or more fortresses to store holistic data is totally unsuitable for protecting information.
Through repeated incidence of large-scale data breaches and neglect of information, such as Yahoo! (3 billion accounts), Equifax (147 million people), FaceBook (87 million accounts), and Anthem (78 million people), we have seen that the fortress-based approach to protecting information, which has become pervasive with the evolution of cloud computing, is failing.
As a result of these breaches, much of the personal information of individuals from around the globe are now readily available for access by anyone, either for purchase or for free. The theft of your personal information is initially a quiet process - there are no alarm bells, and no one screams when it happens. We might feel the personal impact of this theft weeks, months or years after it is stolen.
But, did you ever wonder how this problem could be solved? How can we more definitively protect personal information that is neglected and forgotten, from the eventuality of theft and abuse - preventing even encrypted information from being reverse-engineered over time?
In this discussion, we won't focus as much on redundancy, which is a critical aspect of decentralization, but on the actual security of the data after it is decentralized, and on the assumption that, over time it will be neglected or forgotten. In addition, we'll focus on using files in our examples, though the concepts of how we protect them can be carried across to other applications of information security.
One possible solution to this problem is to decentralize the information. This process includes breaking up, or delinearizing the fabric of the information, so it is no longer stored in the same predictable sequential manner. Illustrated below, we can delinearize information on a blockwise, or a bitwise level, to create a series of nonlinear blocks called shards. For increased security, these shards may be encrypted either before or after breaking them up. Following this, the shards can be transferred to, and stored across a series of 2 or more physically separated storage sites.
Delinearization empowers us to use a decentralized approach to protect our personal information.
To ensure redundancy in the event one or more of the shards are damaged, we can supplement them with historically proven methods of erasure coding, such as Reed-Solomon error correction. This allows us to rebuild shards in the event they are lost or damaged. We can also safely duplicate them as backup copies across other storage sites.
The most critical factors behind this type of protection are the physical separation of the shards, combined with the secrecy of the storage site locations. We can even use existing storage hardware, storage media and online storage (in data centers) as storage sites.
Keep the fortresses, but lets not put everything in one place!
This approach to data security makes it significantly more difficult for an attacker to reconstitute the original information, since they are now required to know about, and hack into two or more different locations to access the original information. Additionally, if one of the storage sites is air-gapped - meaning it is not Internet-connected, you have a vastly improved method of protecting information, since the cybercriminal now needs to find a way to get access to an unknown physical location.
How To Decentralize?
Several consumer-centric options exist today, for decentralizing your files and personal information. Since not everyone has the same opinion about online vs. network attached vs. local media storage, there are several decentralized storage options out there that cater to different preferences.
For those that prefer the convenience of decentralized online storage, Sia is a file storage service that allows you to decentralize the fabric and storage of your files across a peer-to-peer network - the Sia Network. This network consists of storage hosts that act as storage sites managed by anyone who chooses to participate in the Sia Network. Participating hosts lease their storage space by running the Sia hosting software that transacts with the Sia Blockchain, and are compensated by clients (users) based on the amount of data they store, and how long they store it.
An important distinction is that your files are not actually stored on the Sia Blockchain - which is not meant for archiving large volumes of data. Instead, the Sia Blockchain is used to manage and secure storage transactions, or smart contracts between the Sia Network and participating storage hosts.
If you already have existing trusted storage media, or storage services and prefer to manage your own decentralized storage, Panwrypter is a simple consumer-based app that allows you to delinearize the fabric of your files and transfer them to your own preferred storage sites. Your files are transformed on a bitwise level, into nonlinear data blocks called protected volumes that you can transfer to your own designated storage sites. These storage sites are defined by you, based on your existing trusted storage media, or storage service(s).
Lets assume we want to protect some important files by decentralizing across 2 storage sites:
- If you prefer the convenience of accessing your files from anywhere, you could store one protected volume on iCloud Drive, and the other on Google Drive.
- Alternatively, you could use the Sia Network as a storage site for one protected volume, and store the other on a USB drive at home, which is naturally air-gapped.
- Finally, if you don't trust online storage at all, and don't mind the inconvenience, you could transfer each protected volume to a USB drive or Blu-ray disc, and store each of them at physically separate locations.
Panwrypter also allows you to selectively restrict the physical locations where your files can be accessed, and has features to help you efficiently recall where your storage sites are, when you need to access them at a later time.
Call to Action
Though the solutions discussed in this article focus primarily on storage decentralization, we also need to evolve the way that information is transmitted, handled and presented to the user, so that it is protected at every point in its existence. An example is how to apply decentralization to protect raw data that is embedded in forms while still allowing the user to view and modify it. Organizations should continue to push their vendors and the industry to evolve their products and solutions, so that information is always in a decentralized state at every point where it is handled.
"What is Siacoin? A Beginner's Guide to Decentralized Cloud Storage"
Originally Published: January 29, 2018 by Colin Harper on CoinCentral.com