[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: [Cryptography] storage encryption
From:       John Denker via cryptography <cryptography () metzdowd ! com>
Date:       2018-07-21 23:51:30
Message-ID: f9e38554-9821-28a6-691e-3f18a3eef84c () av8n ! com
[Download RAW message or body]

On 07/19/2018 11:54 AM, John Kelsey wrote:

> What kind of access to the documents is needed?

Their goals are the same as everybody else's:
  confidentiality + integrity + availability

If you want an example, here's an obvious use-case:
  Each of N people are told to write their chapter of
  a report, then put a draft on the cloud drive where
  all N can see it.  There is no need for the other
  M-N members of the organization to read the draft,
  or even know that it exists.

An easy-to-read overview of small-organization security
issues, including some useful checklists, is here:
  https://nvlpubs.nist.gov/nistpubs/ir/2016/nist.ir.7621r1.pdf

> What are the threats they are worried about? 

There are too many threats to mention, even if I knew
what they all are, which I don't.

If you want an example, start with a Podesta-style
spearphishing attack.  That worked in 2016.  Attackers
are going to keep using it until it stops working.
  http://theconversation.com/spearphishing-roiled-the-presidential-campaign-heres-how-to-protect-yourself-68274


Reportedly, the Hillary campaign was advised to use
2fa (which might have blunted the spearfishing attack),
but decided that would be too burdensome.

On 07/17/2018 04:02 PM, Tom Mitchell wrote:

> > A file has a single key.   

True but not the whole story, I would hope.  Methods
for dealing with multi-recipient messages have been
around for eons.  See e.g. PGP.  Single session key
versus multiple access keys.

> > Are all files encrypted with the same key?

I would hope not.  Neither same session key nor
same access keys.

> > Do all members of the group have equal access and trust.

I would hope not.  Need-to-know reduces the attack
surface by a factor of N/M, ideally.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic