SlideShare a Scribd company logo

Security and Privacy in Cloud Computing with Mega

Guy K. Kloss
Guy K. Kloss

Seminar talk given at the Service & Cloud Computing Research Lab of Auckland University of Technology (AUT) on 2014-10-17.

Technology
1 of 26
Download to read offline
About Mega Technical Crypto @ Mega Demo You do it . . . Security and Privacy in Cloud Computing Beta-Testing the New Mega Web Client Guy Kloss gk@mega.co.nz Lead Software Developer Mega Limited Guy Kloss | Security and Privacy in Cloud Computing 1/26
About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 2/26
About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 3/26
About Mega Technical Crypto @ Mega Demo You do it . . . Our Business: “The Privacy Company” SaaS Cloud Software Guy Kloss | Security and Privacy in Cloud Computing 4/26
About Mega Technical Crypto @ Mega Demo You do it . . . Facts Guy Kloss | Security and Privacy in Cloud Computing 5/26
About Mega Technical Crypto @ Mega Demo You do it . . . Products File Storage (now) Chat/Messenger (next) Email (later) Guy Kloss | Security and Privacy in Cloud Computing 6/26
About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 7/26
About Mega Technical Crypto @ Mega Demo You do it . . . File Storage Servers File storage servers (many many . . . ) Meta-data servers (file attributes, user attributes, thumb nails, . . . ) API servers DB servers Servers helping with managing concurrency Guy Kloss | Security and Privacy in Cloud Computing 8/26
About Mega Technical Crypto @ Mega Demo You do it . . . Messenger Servers Cluster of messaging servers for XMPP (using ejabberd) For scalability and load balancing For reliability STUN/TURN servers ! Overcome problem through private IP networks (NAT) Load balancers, HAproxy, redirectors Note: Voice/video normally connects browser’s WebRTC containers directly Guy Kloss | Security and Privacy in Cloud Computing 9/26
About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 10/26
About Mega Technical Crypto @ Mega Demo You do it . . . Concept: Everything is End-to-End Encrypted! Guy Kloss | Security and Privacy in Cloud Computing 11/26
About Mega Technical Crypto @ Mega Demo You do it . . . File and Attribute Protection Keys Involved Master Key Everything private is protected by a master key The master key itself is password protected: PBKDF RSA Key Pair Used for sharing access to files Stored as user attributes Private key is protected with master key Public key is “world readable” Guy Kloss | Security and Privacy in Cloud Computing 12/26
About Mega Technical Crypto @ Mega Demo You do it . . . File and Attribute Protection File Protection File content (segmented into blocks) encrypted with session key (AES-128 CTR mode) Session key is encrypted with the master key All file attributes (incl. file name) encrypted with the session key Access information to shared files encrypted with recipient’s RSA public key Shared folders use a folder’s share key to protect file data and attributes Share keys are protected by own master key or by RSA public key Guy Kloss | Security and Privacy in Cloud Computing 13/26
About Mega Technical Crypto @ Mega Demo You do it . . . File and Attribute Protection User Attributes Private attributes are encrypted with master key Public attributes are “world readable” Guy Kloss | Security and Privacy in Cloud Computing 14/26
About Mega Technical Crypto @ Mega Demo You do it . . . Keys and Authentication Every user has an additional signing key pair (Ed25519) Own RSA public key is signed with it All public keys are “tracked” (fingerprints of RSA and signing keys) Signing keys can be authenticated (comparison of fingerprints) ! “Grounding” of authentication on one single identity key ! Prevention of man-in-the-middle attacks ! Prevention of impostors Guy Kloss | Security and Privacy in Cloud Computing 15/26
About Mega Technical Crypto @ Mega Demo You do it . . . Chat Text Messaging Encrypted via a new group encryption protocol: mpENC Inspired by OTR – Properties: Confidentiality (AES-128 CTR encrypted) Full chat partner authenticity (digital signatures) Plausible deniability (ephemeral signing keys) Multi-party capability (Group Diffie-Hellman for shared key agreement) Reveal as little meta-data as possible (Exponential message padding) Based on elliptic curve cryptography (Curve25519 and Ed25519) ! Not compromised by the NSA! lorem ipsum ... Guy Kloss | Security and Privacy in Cloud Computing 16/26
About Mega Technical Crypto @ Mega Demo You do it . . . Chat Voice & Video Voice/video is also end-to-end encrypted Using SRTP between WebRTC containers Usually directly connecting peers Guy Kloss | Security and Privacy in Cloud Computing 17/26
About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 18/26
About Mega Technical Crypto @ Mega Demo You do it . . . Where/How to get it . . . https://beta.mega.nz Exclude search engins and other externals: Simple Web server authentication Best to use a current/stable Google Chrome or Mozilla Firefox Guy Kloss | Security and Privacy in Cloud Computing 19/26
About Mega Technical Crypto @ Mega Demo You do it . . . Accounts/Contacts Create an account (if you don’t have one, yet) Add your contacts (for now bilaterally) Guy Kloss | Security and Privacy in Cloud Computing 20/26
About Mega Technical Crypto @ Mega Demo You do it . . . File Storage Store files Share files Share folders Guy Kloss | Security and Privacy in Cloud Computing 21/26
About Mega Technical Crypto @ Mega Demo You do it . . . Chat Text chatting Voice/video chat Transfer files (via cloud or direct) Guy Kloss | Security and Privacy in Cloud Computing 22/26
About Mega Technical Crypto @ Mega Demo You do it . . . Early Adopters Guy Kloss | Security and Privacy in Cloud Computing 23/26
About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 24/26
About Mega Technical Crypto @ Mega Demo You do it . . . Provide Feedback Feedback to beta@mega.co.nz Report bugs ! Information to provide Operating system Browser and version Steps to reproduce the problem (if applicable) Maybe a screen shot Possibly exceptions or internal information (see browser debug console) Make suggestions Guy Kloss | Security and Privacy in Cloud Computing 25/26
About Mega Technical Crypto @ Mega Demo You do it . . . Questions? Be Safe! Guy Kloss gk@mega.co.nz Shane Te Pou stp@mega.co.nz Guy Kloss | Security and Privacy in Cloud Computing 26/26

Recommended

The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingJohn D. Johnson
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Building a (Really) Secure Cloud Product
Building a (Really) Secure Cloud ProductBuilding a (Really) Secure Cloud Product
Building a (Really) Secure Cloud ProductGuy K. Kloss
 
WTF is Blockchain???
WTF is Blockchain???WTF is Blockchain???
WTF is Blockchain???Guy K. Kloss
 
Cloud Computing Vision or Reality
Cloud Computing Vision or RealityCloud Computing Vision or Reality
Cloud Computing Vision or RealityCarlos Veira Lorenzo
 

Recommended

The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingJohn D. Johnson
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Building a (Really) Secure Cloud Product
Building a (Really) Secure Cloud ProductBuilding a (Really) Secure Cloud Product
Building a (Really) Secure Cloud ProductGuy K. Kloss
 
WTF is Blockchain???
WTF is Blockchain???WTF is Blockchain???
WTF is Blockchain???Guy K. Kloss
 
Cloud Computing Vision or Reality
Cloud Computing Vision or RealityCloud Computing Vision or Reality
Cloud Computing Vision or RealityCarlos Veira Lorenzo
 
Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Jason Haislmaier
 
走出IT人才荒 研討會
走出IT人才荒 研討會走出IT人才荒 研討會
走出IT人才荒 研討會Charles Mok
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCybera Inc.
 
IBM's four key steps to security and privacy for big data
IBM's four key steps to security and privacy for big dataIBM's four key steps to security and privacy for big data
IBM's four key steps to security and privacy for big dataIBM Analytics
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cédric Laurant
 
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraOutsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraSonera
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
Qrious about Insights -- Big Data in the Real World
Qrious about Insights -- Big Data in the Real WorldQrious about Insights -- Big Data in the Real World
Qrious about Insights -- Big Data in the Real WorldGuy K. Kloss
 
Privacy preserving detection of sensitive data exposure
Privacy preserving detection of sensitive data exposurePrivacy preserving detection of sensitive data exposure
Privacy preserving detection of sensitive data exposureredpel dot com
 
Future of Data Storage in the Cloud
Future of Data Storage in the CloudFuture of Data Storage in the Cloud
Future of Data Storage in the CloudBret Piatt
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2PT Bank Syariah Mandiri
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudsibidlegend
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochureJean Luc Creppy
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersWSO2
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Fuji Xerox Singapore
 
Kauri ID - A Self-Sovereign, Blockchain-based Identity System
Kauri ID - A Self-Sovereign, Blockchain-based Identity SystemKauri ID - A Self-Sovereign, Blockchain-based Identity System
Kauri ID - A Self-Sovereign, Blockchain-based Identity SystemGuy K. Kloss
 
Representational State Transfer (REST) and HATEOAS
Representational State Transfer (REST) and HATEOASRepresentational State Transfer (REST) and HATEOAS
Representational State Transfer (REST) and HATEOASGuy K. Kloss
 
Introduction to LaTeX (For Word users)
Introduction to LaTeX (For Word users) Introduction to LaTeX (For Word users)
Introduction to LaTeX (For Word users)Guy K. Kloss
 
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"Guy K. Kloss
 

More Related Content

Viewers also liked

Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Jason Haislmaier
 
走出IT人才荒 研討會
走出IT人才荒 研討會走出IT人才荒 研討會
走出IT人才荒 研討會Charles Mok
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCybera Inc.
 
IBM's four key steps to security and privacy for big data
IBM's four key steps to security and privacy for big dataIBM's four key steps to security and privacy for big data
IBM's four key steps to security and privacy for big dataIBM Analytics
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cédric Laurant
 
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraOutsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraSonera
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
Qrious about Insights -- Big Data in the Real World
Qrious about Insights -- Big Data in the Real WorldQrious about Insights -- Big Data in the Real World
Qrious about Insights -- Big Data in the Real WorldGuy K. Kloss
 
Privacy preserving detection of sensitive data exposure
Privacy preserving detection of sensitive data exposurePrivacy preserving detection of sensitive data exposure
Privacy preserving detection of sensitive data exposureredpel dot com
 
Future of Data Storage in the Cloud
Future of Data Storage in the CloudFuture of Data Storage in the Cloud
Future of Data Storage in the CloudBret Piatt
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudsibidlegend
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochureJean Luc Creppy
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersWSO2
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Fuji Xerox Singapore
 

Viewers also liked (18)

Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Data Privacy & Security Update 2012
Data Privacy & Security Update 2012
 
走出IT人才荒 研討會
走出IT人才荒 研討會走出IT人才荒 研討會
走出IT人才荒 研討會
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
 
IBM's four key steps to security and privacy for big data
IBM's four key steps to security and privacy for big dataIBM's four key steps to security and privacy for big data
IBM's four key steps to security and privacy for big data
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
 
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraOutsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
 
Qrious about Insights -- Big Data in the Real World
Qrious about Insights -- Big Data in the Real WorldQrious about Insights -- Big Data in the Real World
Qrious about Insights -- Big Data in the Real World
 
Privacy preserving detection of sensitive data exposure
Privacy preserving detection of sensitive data exposurePrivacy preserving detection of sensitive data exposure
Privacy preserving detection of sensitive data exposure
 
Future of Data Storage in the Cloud
Future of Data Storage in the CloudFuture of Data Storage in the Cloud
Future of Data Storage in the Cloud
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloud
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
 

More from Guy K. Kloss

Kauri ID - A Self-Sovereign, Blockchain-based Identity System
Kauri ID - A Self-Sovereign, Blockchain-based Identity SystemKauri ID - A Self-Sovereign, Blockchain-based Identity System
Kauri ID - A Self-Sovereign, Blockchain-based Identity SystemGuy K. Kloss
 
Representational State Transfer (REST) and HATEOAS
Representational State Transfer (REST) and HATEOASRepresentational State Transfer (REST) and HATEOAS
Representational State Transfer (REST) and HATEOASGuy K. Kloss
 
Introduction to LaTeX (For Word users)
Introduction to LaTeX (For Word users) Introduction to LaTeX (For Word users)
Introduction to LaTeX (For Word users)Guy K. Kloss
 
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"Guy K. Kloss
 
Operations Research and Optimization in Python using PuLP
Operations Research and Optimization in Python using PuLPOperations Research and Optimization in Python using PuLP
Operations Research and Optimization in Python using PuLPGuy K. Kloss
 
Python Data Plotting and Visualisation Extravaganza
Python Data Plotting and Visualisation ExtravaganzaPython Data Plotting and Visualisation Extravaganza
Python Data Plotting and Visualisation ExtravaganzaGuy K. Kloss
 
Lecture "Open Source and Open Content"
Lecture "Open Source and Open Content"Lecture "Open Source and Open Content"
Lecture "Open Source and Open Content"Guy K. Kloss
 
Version Control with Subversion
Version Control with SubversionVersion Control with Subversion
Version Control with SubversionGuy K. Kloss
 
Beating the (sh** out of the) GIL - Multithreading vs. Multiprocessing
Beating the (sh** out of the) GIL - Multithreading vs. MultiprocessingBeating the (sh** out of the) GIL - Multithreading vs. Multiprocessing
Beating the (sh** out of the) GIL - Multithreading vs. MultiprocessingGuy K. Kloss
 
Thinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationThinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationGuy K. Kloss
 
Thinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationThinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationGuy K. Kloss
 
Gaining Colour Stability in Live Image Capturing
Gaining Colour Stability in Live Image CapturingGaining Colour Stability in Live Image Capturing
Gaining Colour Stability in Live Image CapturingGuy K. Kloss
 
LaTeX Introduction for Word Users
LaTeX Introduction for Word UsersLaTeX Introduction for Word Users
LaTeX Introduction for Word UsersGuy K. Kloss
 
Thinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationThinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationGuy K. Kloss
 

More from Guy K. Kloss (14)

Kauri ID - A Self-Sovereign, Blockchain-based Identity System
Kauri ID - A Self-Sovereign, Blockchain-based Identity SystemKauri ID - A Self-Sovereign, Blockchain-based Identity System
Kauri ID - A Self-Sovereign, Blockchain-based Identity System
 
Representational State Transfer (REST) and HATEOAS
Representational State Transfer (REST) and HATEOASRepresentational State Transfer (REST) and HATEOAS
Representational State Transfer (REST) and HATEOAS
 
Introduction to LaTeX (For Word users)
Introduction to LaTeX (For Word users) Introduction to LaTeX (For Word users)
Introduction to LaTeX (For Word users)
 
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
MataNui - Building a Grid Data Infrastructure that "doesn't suck!"
 
Operations Research and Optimization in Python using PuLP
Operations Research and Optimization in Python using PuLPOperations Research and Optimization in Python using PuLP
Operations Research and Optimization in Python using PuLP
 
Python Data Plotting and Visualisation Extravaganza
Python Data Plotting and Visualisation ExtravaganzaPython Data Plotting and Visualisation Extravaganza
Python Data Plotting and Visualisation Extravaganza
 
Lecture "Open Source and Open Content"
Lecture "Open Source and Open Content"Lecture "Open Source and Open Content"
Lecture "Open Source and Open Content"
 
Version Control with Subversion
Version Control with SubversionVersion Control with Subversion
Version Control with Subversion
 
Beating the (sh** out of the) GIL - Multithreading vs. Multiprocessing
Beating the (sh** out of the) GIL - Multithreading vs. MultiprocessingBeating the (sh** out of the) GIL - Multithreading vs. Multiprocessing
Beating the (sh** out of the) GIL - Multithreading vs. Multiprocessing
 
Thinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationThinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ Integration
 
Thinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationThinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ Integration
 
Gaining Colour Stability in Live Image Capturing
Gaining Colour Stability in Live Image CapturingGaining Colour Stability in Live Image Capturing
Gaining Colour Stability in Live Image Capturing
 
LaTeX Introduction for Word Users
LaTeX Introduction for Word UsersLaTeX Introduction for Word Users
LaTeX Introduction for Word Users
 
Thinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ IntegrationThinking Hybrid - Python/C++ Integration
Thinking Hybrid - Python/C++ Integration
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Security and Privacy in Cloud Computing with Mega

  • 1. About Mega Technical Crypto @ Mega Demo You do it . . . Security and Privacy in Cloud Computing Beta-Testing the New Mega Web Client Guy Kloss gk@mega.co.nz Lead Software Developer Mega Limited Guy Kloss | Security and Privacy in Cloud Computing 1/26
  • 2. About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 2/26
  • 3. About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 3/26
  • 4. About Mega Technical Crypto @ Mega Demo You do it . . . Our Business: “The Privacy Company” SaaS Cloud Software Guy Kloss | Security and Privacy in Cloud Computing 4/26
  • 5. About Mega Technical Crypto @ Mega Demo You do it . . . Facts Guy Kloss | Security and Privacy in Cloud Computing 5/26
  • 6. About Mega Technical Crypto @ Mega Demo You do it . . . Products File Storage (now) Chat/Messenger (next) Email (later) Guy Kloss | Security and Privacy in Cloud Computing 6/26
  • 7. About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 7/26
  • 8. About Mega Technical Crypto @ Mega Demo You do it . . . File Storage Servers File storage servers (many many . . . ) Meta-data servers (file attributes, user attributes, thumb nails, . . . ) API servers DB servers Servers helping with managing concurrency Guy Kloss | Security and Privacy in Cloud Computing 8/26
  • 9. About Mega Technical Crypto @ Mega Demo You do it . . . Messenger Servers Cluster of messaging servers for XMPP (using ejabberd) For scalability and load balancing For reliability STUN/TURN servers ! Overcome problem through private IP networks (NAT) Load balancers, HAproxy, redirectors Note: Voice/video normally connects browser’s WebRTC containers directly Guy Kloss | Security and Privacy in Cloud Computing 9/26
  • 10. About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 10/26
  • 11. About Mega Technical Crypto @ Mega Demo You do it . . . Concept: Everything is End-to-End Encrypted! Guy Kloss | Security and Privacy in Cloud Computing 11/26
  • 12. About Mega Technical Crypto @ Mega Demo You do it . . . File and Attribute Protection Keys Involved Master Key Everything private is protected by a master key The master key itself is password protected: PBKDF RSA Key Pair Used for sharing access to files Stored as user attributes Private key is protected with master key Public key is “world readable” Guy Kloss | Security and Privacy in Cloud Computing 12/26
  • 13. About Mega Technical Crypto @ Mega Demo You do it . . . File and Attribute Protection File Protection File content (segmented into blocks) encrypted with session key (AES-128 CTR mode) Session key is encrypted with the master key All file attributes (incl. file name) encrypted with the session key Access information to shared files encrypted with recipient’s RSA public key Shared folders use a folder’s share key to protect file data and attributes Share keys are protected by own master key or by RSA public key Guy Kloss | Security and Privacy in Cloud Computing 13/26
  • 14. About Mega Technical Crypto @ Mega Demo You do it . . . File and Attribute Protection User Attributes Private attributes are encrypted with master key Public attributes are “world readable” Guy Kloss | Security and Privacy in Cloud Computing 14/26
  • 15. About Mega Technical Crypto @ Mega Demo You do it . . . Keys and Authentication Every user has an additional signing key pair (Ed25519) Own RSA public key is signed with it All public keys are “tracked” (fingerprints of RSA and signing keys) Signing keys can be authenticated (comparison of fingerprints) ! “Grounding” of authentication on one single identity key ! Prevention of man-in-the-middle attacks ! Prevention of impostors Guy Kloss | Security and Privacy in Cloud Computing 15/26
  • 16. About Mega Technical Crypto @ Mega Demo You do it . . . Chat Text Messaging Encrypted via a new group encryption protocol: mpENC Inspired by OTR – Properties: Confidentiality (AES-128 CTR encrypted) Full chat partner authenticity (digital signatures) Plausible deniability (ephemeral signing keys) Multi-party capability (Group Diffie-Hellman for shared key agreement) Reveal as little meta-data as possible (Exponential message padding) Based on elliptic curve cryptography (Curve25519 and Ed25519) ! Not compromised by the NSA! lorem ipsum ... Guy Kloss | Security and Privacy in Cloud Computing 16/26
  • 17. About Mega Technical Crypto @ Mega Demo You do it . . . Chat Voice & Video Voice/video is also end-to-end encrypted Using SRTP between WebRTC containers Usually directly connecting peers Guy Kloss | Security and Privacy in Cloud Computing 17/26
  • 18. About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 18/26
  • 19. About Mega Technical Crypto @ Mega Demo You do it . . . Where/How to get it . . . https://beta.mega.nz Exclude search engins and other externals: Simple Web server authentication Best to use a current/stable Google Chrome or Mozilla Firefox Guy Kloss | Security and Privacy in Cloud Computing 19/26
  • 20. About Mega Technical Crypto @ Mega Demo You do it . . . Accounts/Contacts Create an account (if you don’t have one, yet) Add your contacts (for now bilaterally) Guy Kloss | Security and Privacy in Cloud Computing 20/26
  • 21. About Mega Technical Crypto @ Mega Demo You do it . . . File Storage Store files Share files Share folders Guy Kloss | Security and Privacy in Cloud Computing 21/26
  • 22. About Mega Technical Crypto @ Mega Demo You do it . . . Chat Text chatting Voice/video chat Transfer files (via cloud or direct) Guy Kloss | Security and Privacy in Cloud Computing 22/26
  • 23. About Mega Technical Crypto @ Mega Demo You do it . . . Early Adopters Guy Kloss | Security and Privacy in Cloud Computing 23/26
  • 24. About Mega Technical Crypto @ Mega Demo You do it . . . Outline 1 About Mega 2 Technical (GeekFood) 3 Crypto @ Mega (GeekFood++) 4 Demo Web Client and Chat 5 You do it . . . Guy Kloss | Security and Privacy in Cloud Computing 24/26
  • 25. About Mega Technical Crypto @ Mega Demo You do it . . . Provide Feedback Feedback to beta@mega.co.nz Report bugs ! Information to provide Operating system Browser and version Steps to reproduce the problem (if applicable) Maybe a screen shot Possibly exceptions or internal information (see browser debug console) Make suggestions Guy Kloss | Security and Privacy in Cloud Computing 25/26
  • 26. About Mega Technical Crypto @ Mega Demo You do it . . . Questions? Be Safe! Guy Kloss gk@mega.co.nz Shane Te Pou stp@mega.co.nz Guy Kloss | Security and Privacy in Cloud Computing 26/26