[Box Backup] Cryptographic checking

Ben Summers boxbackup@fluffy.co.uk
Tue, 14 Sep 2004 13:01:53 +0100 

On 14 Sep 2004, at 12:48, Peter Harrison wrote:

> On Tue, 14 Sep 2004 22:24, Ben Summers wrote:
>
>> But this is not good enough. Now that it is getting popular, I really
>> think the crypto needs to be checked out by one of these professionals
>> with a view to getting a statement from them for the web site.
>
> Peter Gutmann of the University of Auckland is an internationally 
> renoun
> encryption expert - and has written crypto libraries. I don't think 
> you could
> find anyone better to examine and endorse the application. I'm not 
> sure what
> kind of money he would want though. I would have to talk with him 
> about it.

That would be appreciated.

>
>> Fortunately, I know just the people to do this, but it's not
>> particularly cheap to get this done. I would estimate between 1000 and
>> 2000 UK pounds based on my previous experience of using them to check
>> out things. I really can't afford this on my own.
>
> We would consider funding this effort. Right now I have coders working 
> on some
> new functionality that we will be donating to the box backup project. 
> This
> includes a web based registration system that sets up accounts via web
> interface, and a web (apache) based system for restoring files.

I'm looking forward to seeing these!

>
>> Is it worth me getting a quote from them and asking the user community
>> for donations to get this funded?
>
> I would like to know who would be doing the work personally - as they 
> must
> have a pretty high profile.

I have worked with Prof Fred Piper of the ISG at Royal Holloyway, 
University of London. He was also my head of department when I was 
studying there. Put his name into Google and see what happens!

>  I think that it will probably cost more and take
> longer than you expect. We probably also need to do some prepatory 
> work in
> documenting the protocols and procedures that the application uses. 
> Trying to
> work out these things from code generally isn't where these guys start.

If you look in the notes/ directory of the distribution, there is the 
beginnings of the required documentation. This would obviously be 
expanded a bit before commissioning the work.

>
> Peter Gutmann is one of the foremost experts on Encryption. I also 
> know Bill
> Raike personally. Bill Raike invented RPK public key encryption, and 
> started
> the company called SecureMedia. Bill might be an option for 
> certification of
> the software, although he is not as well known as Peter.
>
> There is also PGP inventor Phil Zimmerman, although I doubt he has 
> much to do
> anymore with this kind of work. There are of course many other 
> recognised
> experts - but I would strongly suggest we find someone who has some
> authority.
>
> Actually I think the first stage should be the documentation of the 
> protocol
> used by Box Backup, and the submission of that protocol to a journal 
> that
> concerns itself with Encryption.

The protocol itself is merely TLS implemented using the standard 
OpenSSL library. What I'm more concerned about is the static storage of 
the data, something which couldn't be done using a standard method.

>  This means that experts in the field will
> have the opportunity to critique it without examination of the code.
>
> We should then seek to have commercial interests pay for a formal 
> examination
> of both the protocol and the implementation - which must be considered
> separate things. We need to develop units tests to show that the box 
> backup
> behaves correctly, and that it cannot be comprimised by buffer 
> overruns and
> other subversion.
>
> I know that my company is willing to provide some financing to make 
> this
> happen. We are not big though - I don't have hundreds of thousands of 
> dollars
> to throw at this project, but its not nil either :)

Thanks!

>
> Once the protocol has been examined the protocol itself should be 
> submitted to
> become a RFC, and perhaps to other standards bodies to become a formal
> standard in remote backup. In this way we are being open, and perhaps 
> other
> companies will adopt our protocols, and thus we will have a larger 
> effect
> than just writing the software.

That would be a nice aim, although I'm not sure there is quite enough 
interest in the project yet.

Perhaps if I get a couple more expressions of interest in this idea, I 
will have a word with Fred.

Ben