Results 1 to 9 of 9

Thread: Private key storage in Viivo 3.x

  1. #1

    Private key storage in Viivo 3.x

    Dear all,

    first of all I want to thank you for this great tool! It's a pleasure to see that there are still people out there who care about security in cloud environments.

    Here is my technical question:

    I've read in the FAQ that the private key will not be stored on the Servers. Instead the private key will remain on the device itself (although a transfer of the key to another device shall be possible somehow...). I was not able to find the private key in the mentioned folders (at least in Viivo 3.x).

    Could it be, that the private keys are now stored on Viivo Servers? If yes: Why don't you stick to the 'old' behavior which I definitely like a lot more from the security point of view. Is there a possibility to get the private key stored only on the device?

    If there is no possibility to store the key on the device only: How are your key servers protected against hackers and others?

    Thanks in advance.

    Best regards

  2. #2
    Viivo Support
    Join Date
    Jan 2013
    Posts
    159
    @divinity666,

    When you create your account and any encrypted assets, you generate the keys on your system. The keys are encrypted by your login and stored on the Viivo server (in an encrypted state that we cannot decrypt). When you log in to another device, assuming you use the same email address/password, your credentials pull the encrypted key down you your machine and then decrypt it locally, so it can be used to access your data.

    The encryption key is passed along with the file thru the metadata, that's why both machines have to use the same account info (and why yu could not find it). And no one, not even Pkware, has the ability to decrypt any viivo files from anyone else's account.

  3. #3
    Viivo Staff matt's Avatar
    Join Date
    Jan 2013
    Location
    Milwaukee
    Posts
    207
    In addition to what Joe said, the encrypted keys are stored here:

    Windows: %LocalAppData%\Viivo\.meta
    Mac: /Users/<username>/Library/Application Support/Viivo/.meta
    --
    Matt

  4. #4
    Ok, that is what I expected. In my words:

    The private and public key is generated on my device when creating a new account. The private gets encrypted somehow with my user credentials and is then transferred to a Viivo Server along with the public key. On accessing Viivo from another device (at first) with my credentials, the encrypted private key is downloaded and decrypted on the new device for use.

    If this is correct, I still see a security issue: Someone simply needs to hack my account information and then has full access to everything. This is from my point of view not a good design.

    Usually in a private/public key environment the private key is kept hidden (means only on my device) and if (in slight cases) someone might get the private key, he then additionally needs to find the correct password, which is definitely a secure way.

    Next question: Is it possible to somehow deny to send the key to a new device? A possible way to restrict it, would be to send an email to the account owner, if a new device tries to get access. The account owner could then decide what to do.

    Thanks for your support so far!

  5. #5
    Viivo Support
    Join Date
    Jan 2013
    Posts
    159
    @divinity666,

    Regarding your suggestion of an e-mail notification / approval process for allowing keys on new devices - this functionality is not within VIIVO's current design, but it is a great suggestion. We are passing this information along to our product managers, and we greatly appreciate all of your feedback!

  6. #6
    Viivo Staff matt's Avatar
    Join Date
    Jan 2013
    Location
    Milwaukee
    Posts
    207
    Quote Originally Posted by divinity666 View Post
    Ok, that is what I expected. In my words:

    The private and public key is generated on my device when creating a new account. The private gets encrypted somehow with my user credentials and is then transferred to a Viivo Server along with the public key. On accessing Viivo from another device (at first) with my credentials, the encrypted private key is downloaded and decrypted on the new device for use.
    Close enough for government work! The private key is encrypted with your password. This password isn't stored anywhere (even encrypted) on our servers. It's yours.


    Quote Originally Posted by divinity666 View Post
    If this is correct, I still see a security issue: Someone simply needs to hack my account information and then has full access to everything. This is from my point of view not a good design.
    Based off what I said above we will now interpret "hack my account" to mean "guess/determine" my password. We have a lot of stuff in place to keep people from brute forcing it, but if someone knows it, they can decrypt your keys. So don't use "swordfish" -- Also, multi-factor authentication is a significant deterrent available to keep people from even attempting to *try* and authenticate.

    Quote Originally Posted by divinity666 View Post
    Usually in a private/public key environment the private key is kept hidden (means only on my device) and if (in slight cases) someone might get the private key, he then additionally needs to find the correct password, which is definitely a secure way.
    Don't disagree. That said, I think everyone here would also agree that the purpose of Viivo is to make public key generation and distribution easy, private key generation and synchronization to all of your devices, including mobile easy and to make key exchange with others, easy. To say nothing of data encryption. We're just discussing identity. It is a true statement that "PGP is the reason we can't have secure e-mail."

    For what its worth, i'm not talking about *you* as in the people that seek out encryption software, I'm talking about everyone else. It might be easy for *you* to use PGP and figure out how to securely get your private key onto your device (Apple used to suggest e-mailing it) -- I'm talking about *them*. The people we all want to collaborate with. PGP/traditional PKI sets the bar too high for the masses, especially when it comes to cloud and mobile. Therefore solutions like Viivo exist to bridge that gap.

    Quote Originally Posted by divinity666 View Post
    Next question: Is it possible to somehow deny to send the key to a new device? A possible way to restrict it, would be to send an email to the account owner, if a new device tries to get access. The account owner could then decide what to do.
    MFA. E-mail is too.... accessible to used in important identity verification or security steps.
    --
    Matt

  7. #7
    Hello matt,

    thanks for your response. I am fully with you! Especially the part of PGP ;-)

    What I see is, that Viivo now uses a rather strong encryption method, which therefore uses a strong key, the private key. This private key ist additionally secured by a user known password. What I want to say now, is: The strong encryption is now no longer secured by the strong private key, but only by the (hopefully) strong password only.

    If someone somehow achieves to copy the encrypted private keys of all Viivo users from the Viivo servers, he "only" needs to guess passwords and then has access to all data. If there would be an option to store the private keys only on the user device, this would be far more secure, as an hacker would have to hack all single devices, where he might run into time issues ;-)

    What do we learn about it now: Security by using Viivo is only achieved by "trusting" the security of the Viivo private key server and/or the (hopefully) strong user passwords.

    Compared to common cloud services (which also use encryption, which is only secured by user logins) this means, that there is an additional step for attackers to get to the data, which is by no means bad, but not perfect :-)

    I agree with you, that E-Mail as MFA might not be a good idea, but why not implement it directly in the Viivo clients in a secure way? This would at least reduce the risk of weak user passwords.

    Please think about my two suggestions (Option to store private key only on device, without recovery functionality and MFA for new connected devices).

    Best regards

  8. #8
    Viivo Staff matt's Avatar
    Join Date
    Jan 2013
    Location
    Milwaukee
    Posts
    207
    Quote Originally Posted by divinity666 View Post
    What do we learn about it now: Security by using Viivo is only achieved by "trusting" the security of the Viivo private key server and/or the (hopefully) strong user passwords.
    I don't 100% agree with this. MFA (used to support mobile-push via Toopher until they were acquired by SFDC and then we had to switch to OTP/Authenticator) combined with a password, which we strengthen with 50K iterations of PBKDF2 is putting a lot of trust in the user. Trust me, we get a lot of support requests for "I forgot my password, reset it please." -- We can't.

    Quote Originally Posted by divinity666 View Post
    Compared to common cloud services (which also use encryption, which is only secured by user logins) this means, that there is an additional step for attackers to get to the data, which is by no means bad, but not perfect :-)
    This isn't really accurate. Most cloud services use their key, not yours. Yes, you have a password but that's not the same thing at all. The password authenticates you to the service, it doesn't protect your data. There are only a few cloud services that actually secure your data with your key which is protected by your password and all of them (I'm looking at you SpiderOak and Tresorit) do server-side decryption (for document/data preview) which means their servers (in memory) have a copy of your key or some other key that gets them the plaintext. Viivo doesn't have any of your data. To pull off an attack on Viivo encrypted data you need to compramise 3 things. Viivo Servers, Cloud Storage Servers, User Credentials. That's implausible for anyone but 3-letter agencies / nation state attackers. The old XKCD holds true here. Way easier to hit you with a wrench until you cough up your password and MFA device.

    This topic has been discussed a *lot* on this forum and in general. With Viivo (and everything PKWARE does), Security is the product. With the "Secure Dropbox Alternatives" collaboration, sharing or storage is the product and security is a sidecar differentiating feature. This ultimately drives product decisions away from security. Maybe we're too rigid in our ideals but right now we strongly believe in the separation.

    Quote Originally Posted by divinity666 View Post
    I agree with you, that E-Mail as MFA might not be a good idea, but why not implement it directly in the Viivo clients in a secure way? This would at least reduce the risk of weak user passwords.
    Point of clarity here, our MFA *is* implemented in the App. It's not e-mail based.

    Quote Originally Posted by divinity666 View Post
    Please think about my two suggestions (Option to store private key only on device, without recovery functionality and MFA for new connected devices).
    The team has discussed this frequently as it pertains to *your* key. Obviously a huge part of the system is the ability to share keys with others for which this makes no sense (from a usability perspective). We've discussed how to implement it (you initiate a transfer from an authenticated device to new/secondary device) and we store nothing, just pass the encrypted blob. Ultimately we keep deciding to not implement it given it kills usability and anyone that doesn't want us to store something encrypted with a key you hold is the same person that won't want it to pass through us (even briefly) either.

    PKWARE has other products that work this way (SecureZIP is one of them) -- uses your keys (passphrase, OpenPGP, X.509) and 0 server infrastructure behind it. All key generation, publication, exchange, protection and synchronization is on you.


    $0.02
    --
    Matt

  9. #9

    Quote Originally Posted by matt View Post
    I don't 100% agree with this. MFA (used to support mobile-push via Toopher until they were acquired by SFDC and then we had to switch to OTP/Authenticator) combined with a password, which we strengthen with 50K iterations of PBKDF2 is putting a lot of trust in the user. Trust me, we get a lot of support requests for "I forgot my password, reset it please." -- We can't.
    Ok. I don't get it 100%, but it sounds good


    Quote Originally Posted by matt View Post
    This isn't really accurate. Most cloud services use their key, not yours. Yes, you have a password but that's not the same thing at all. The password authenticates you to the service, it doesn't protect your data. There are only a few cloud services that actually secure your data with your key which is protected by your password and all of them (I'm looking at you SpiderOak and Tresorit) do server-side decryption (for document/data preview) which means their servers (in memory) have a copy of your key or some other key that gets them the plaintext. Viivo doesn't have any of your data. To pull off an attack on Viivo encrypted data you need to compramise 3 things. Viivo Servers, Cloud Storage Servers, User Credentials. That's implausible for anyone but 3-letter agencies / nation state attackers.
    Well, this sounds reasonable. You are right regarding the attack. Though the data is encrypted, everything is only based on the password security and your servers, which are trying to keep attacks away. If someone guesses the password, he is there. But then he is only there regarding the keys! He still needs to get access to the cloud data. So, I am with you.

    Another very detailed answer can be found there: https://forums.viivo.com/showthread....ull=1#post5786

    Quote Originally Posted by matt View Post
    $0.02
    And here are my $0.02

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •