Tuesday, June 18, 2013

Reactive Computer Security

Wouldn't it be great if a computer operating system (OS) could prevent data theft by reacting, after the data was stolen, even without an Internet connection? I'm sure that the State Department and the NSA would love that.

When I was in the Marines we used to hit the beach in amphibious tractors (amtracs). Packed with a couple dozen troops, they look like light-weight tanks and they could swim on the surface of the ocean and then transition onto land. Since the amtracs were made of aluminum, not steel, they didn't offer much protection against rockets such as RPGs and other shaped charges that focused their explosive force in a single direction. However, to combat the threat of rockets the amtracs were covered with reactive armor that was designed to prematurely detonate and deflect a rocket blast – it worked very well.

Preventable Data Theft

Yesterday, I was at a Tech Coffee Meetup in downtown San Diego where we discussed how reactive security could be implemented in an OS. The process works in much the same way that iTunes implements digital rights management in music. To play a song purchased from the iTunes Store a user must enter his/her credentials (login and password) which is authenticated with a central iTunes server.

In a similar way, data on a hard drive running a reactive security OS (RSOS) would be encrypted. The data could only be read with the proper pair of passwords – one entered by the user and the other stored on a central server. Additionally, the RSOS would only allow data to be copied to another location (flash/thumb or hard drive, etc) with the proper passwords and each copy would have its own pair of passwords. The target destination must be running a RSOS before the data is copied. Once the data is copied onto a flash drive it would be erased after a certain amount of time unless the RSOS on the flash drive checked in with a central server, for a pairing password, before expiration. Alternatively, the pairing password on the central server could simply be erased rendering the encrypted data undecipherable. Additionally, every time the secure data checked into the central server its pair of passwords would change and the data would be re-encrypted, in place, with the new passwords similar to frequency hopping radios used in the military.

The key to making this work depends on two parts. First is using strong encryption with two keys (one password is entered by the user and the other password, which changes each time the file is copied, is stored on a central server, AKA double integrity). Second is having the RSOS properly implement the reading and copying process in a way that couldn't be circumvented (hacked). It's a very doable solution.

No comments: