Protecting encryption server

Denis BEURIVE denis.beurive at gmail.com
Tue Jul 28 23:45:07 CEST 2020


I think of another way to make things harder for a hacker.

   - Use "data diode isolated" secure servers : one "incoming data diode"
   for requests reception and one "outgoing data diode" for document
   emissions. Make sure that each secure server is only connected to the
   exterior world by these two data diodes.
   - Introduce randomness in the "data diode isolated" secure servers :
   make it hard for a "malicious man in the middle" to "reverse engineer" your
   black box by the analysis of data collected from the observation of your
   "black box".
   - Design a distributed system : make your "data diode isolated" secure
   server exchange data with "dumb nodes." The "dumb nodes" do nothing except
   relay the responses (they act as proxies). When the secure server sends a
   response, it sends messages to many "dumb nodes" chosen randomly. Among all
   these messages, there is only one "real" message. Other messages are fake
   ones, but are indiscernible from the point of view of a "malicious man in
   the middle"). Thus, in order to "spy" your system (to collect data), you
   have to "spy" the entire "galaxy" of "dumb nodes"- and not only one server.
   This makes things much more difficult for "a malicious man in the middle,"
   especially if your "dumb nodes" are located in different countries which
   intelligence agencies are not known to collaborate easily (because cracking
   such a system would require a lot of resources). "dumb nodes" do not need
   to be particularly secured. An attacker could disrupt your system (by
   hacking the "dumb nodes"), but it cannot alter the signed document - unless
   it has a way to crack RSA - or whatever algorithm you use (but, in this
   case, just forget your project...).

Tell me what you think.

Regards.



Le mar. 28 juil. 2020 à 12:19, Ayoub Misherghi via Gnupg-users <
gnupg-users at gnupg.org> a écrit :

> I am going to have a server machine doing encryption. How do you protect against server operator or admin tampering. This is a scenario where internal threat or hostility is high; you cannot trust your own guys. (Real situation; not paranoid.)
>
> Thanks,
>
> Ayoub
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200728/0303e615/attachment.html>


More information about the Gnupg-users mailing list