Open Source Software
- The device software’s source code is publicly available and can be tested by anyone for potential weaknesses.
Strong User Authentication
- Strong password procedures & display of password strength
- 2-Fold authentication via password & SMS pass code
- Optional IDGARD Login Card
(credit card sized TAN generator)
Protection against Producer Clouds
- Local access to files from system areas that are not synchronized with producer clouds (iCloud, Google-Share, etc.)
Safe Offline Access to Files (Smart Caching)
- Encrypted storage (AES 256) of the downloaded files
- Offline access only until logoff of app. After that, all local data is reliably deleted.
Application Security at User Interface in Browser
- No use of technologies that represent, per se, weak points for XSS attacks et al.
- No use of technologies that could allow, per se, dry-by attacks
Encryption & Key Distribution
- A-rated SSL encryption (2048 bit key length) for transfer from device to Sealed Cloud
- Private key for SSL connection creation not in the hands of the Cloud provider (import only upon boot by independent party)
- Accessible from any browser without additional software
- Man-in-the-middle attack alarm possible per broswer plug-in
- No system key; each user set is encoded with an own key, created through user name & password. No storage of these keys.
- Individual AES-256 encryption for each file and each Privacy Box, respectively.
- None of these keys are accessible by the provider of the cloud or the applications.
- Completely new encryption of the Privacy Boxes when these are closed. Link abuse is even impossible for provider employees.
- Invitation of new users or box guests via Box Link and optional Box Code
Trustworthy Software & Software Integrity
- TPM & HW based “Chain of Trust”, that comprehends the entire software stack.
- Development & deployment process in progress, with software components and versions certified by external auditors
- Central software deployment through Net-Boot. Only completely certified stacks can be booted.
- Classical methods of trustworthy software development (Peer Programming, Committer Model, etc.)
- Dynamic software component and operation certification methods (in development)
- Methods of improved trustworthy software development (e.g., automatic code creation) are being researched (in cooperation with Fraunhofer AISEC, et al.)
Perimeter Security (Security against External Attacks)
- Security & data protection concept pursuant to basic BSI protection, both for the provider Uniscon GmbH and the Sealed Cloud alike
- Implementation of respective admission, access, transfer, input, order, availability and disconnection control measures
- Use of multi-stage, state-of-the-art firewalls (classical multi-level ones, plus web application wirewalls)
- Application of state-of-the-art intrustion detection & prevention systems
- Hardening of server operating systems
- Physical network separation for booting, alarming and user data
- Load sharing without termination of encryption
- Electro-optical and electromechanical supervision of all door, floor, wall and roof systems
- Electromechanical locks control access pursuant to Sealing Control Policy
- Recording of all administrator activity and system conditions with WORM technology
Data-Clean-Up (Internal Attack Reaction)
- Unencrypted data is processed in so-called data clean-up areas only (without persistent storage)
- Logical and physical sensor technology trigger an alarm that activates data clean-up.
- Data clean-up is triggered off by both planned and unplanned access attempts.
- Present user sessions are migrated for this purpose to unaffected segments of the Sealed Cloud, and unencrypted data is encrypted and stored.
- The data on the servers’ respective segments is then deleted, and the servers are disconnected.
- Server power is off for 15 seconds, so that all unencrypted data is deleted safely, before the electromechanical doors unblock server access.
Diese Darstellung des Sealed Cloud Systems zeigt die drei wichtigsten Prinzipien des Sicherheitskonzeptes:
This Sealed Cloud diagram depicts the three most important constituents of the security concept:
- Key distribution for the connection of users to Sealed Cloud and encryption in the database, i.e. the file system
- Protection of unencrypted data in so-called data clean-up areas.
- Static & dynamic audits and certification through trustworthy external organisations.
Sealed Freeze allows law compliant access to connection data only. Thus, pre-defined rules, that can not be modified retroactively, technically exclude dragnet investigations.