Disclaimer to people who view this post:
- All rights reserved to the respectful authors/owners, I was just a little guy who use their stuffs to build open source security stuffs.
- The links I share may or may not be informational, unless I specify the link with "Others" else all links sources from me.
- Some of the information I stated might not be true as my technical knowledge puts a limit on me.
- English is not my mother tongue. Do expect grammar errors and the way I explain stuffs.
- Consensus is an element that builds our society, the requests within my post do bind to that element as well.
A little about security:
Majority of the time, people have the common concept of security build around hiring IT experts to guard network or server. However, considering that there're skillful hackers and malicious insider, such security model is not effective against them. Not to mention that NDA(Non-Disclosure Agreement) or GDPR(General Data Protection Rule)/GDPL(General Data Protection Law) does not have restraining effects towards the hackers/malicious insiders. This is a very common security model known as Pre-Compromise Security Model. These are the problems that company needs to face and bear with.
There're another security model which is called Post-Compromise Security Model. This kind of security model sources from privacy and with criminal mindset. When people first heard of Post-Compromise Security Model, it's more or less commonly referring to something related to encryption. Viewing it only on encryption is too narrow and we should look at it at a more broader perspective.
For more details on how to achieve or use Post-Compromise Security Model, kindly refers to this link which guides user to a text file that written by me. (https://mrchewitsoftware.com.my/PCS.txt)
In common security model, we have 2 main models, first model is require user full trusts towards the service provider, 2nd model is service provider require to fully trust user. In summary, Post-Compromise Security model is the latter model.
Idea of File Storage:
In general there're 2 types of file storage:
A. This type of file storage generally performs encryption and decryption on server side. Common examples of such file storage are Google Drive.
B. This type of file storage is similar to type A. However, they either have temporarily access to the encryption key(passwords/passphrases) [Cloud/Server/BlockChain] or the encryption/decryption takes place on local machine/device.
The idea comes when there's no confidential based file storage that uses full cryptography randomness to generate keys, SSH key style login(Digital Signature with challenge and respond login mechanism), uses randomness in generating symmetric encryption key for encryption/decryption that takes place locally at user devices/machines, not collecting original file name along with its extension regardless if it's encrypted and not requiring any of the personal information when using the file storage(exclude payment).
GitHub link that points to the file storage:
Client Application(C# Winform)
https://github.com/Chewhern/PriSecFileStorageClientApplicationServer Web API (C# ASP.Net Core) [Linux Ubuntu Debian) https://github.com/Chewhern/PriSecFileStorage
Idea of SQL Database(MySQL) hosting:
When we talked about database, be it SQL structured or NoSQL structured, common SQL database hosting out there does not even have confidentiality to begin with. In order to achieve user friendliness, what I suspect is they use either decentralization within the database hosting company(Similar to how Google Drive works) which enables us as a user to view the records and possibly the field/column name or they just rely on strong network.
Even though hosting company do uses decentralization within their organization it's still a special form of centralized encryption key management system, any hosting company that uses centralized encryption key management system is essentially creating and holding a ticking time bomb which will eventually be detonated(refers to data leakage/breaches). If the hosting company do not use any encryption key management system be it centralized or decentralized(E2EE,TOR,LOKI/OXEN,endpoint encryption), the database hosting service that you as a developer rent from them is most likely not confidential.
It's uncertain to me how database hosting can actually be confidential. However, it's no longer case as I discovered sealed box in libsodium. At the moment, I know it's possible to create a confidential based database hosting. The concept of confidential based database hosting relies on encryption mechanism that's similar to sealedbox(Single DH/X3DH) in libsodium, the using of symmetric encryption algorithm like XSalsa20Poly1305 or XChaCha20Poly1305 and digital signature with challenge and respond login mechanism/SSH key login mechanism. In most cases, the confidential database hosting will not require user to use the SSH key login mechanism as it was used typically in locking/unlocking db account.
GitHub link that points to confidential database hosting:
PriSecDBClientPanel (C# Winform)
Purpose: This client panel was designed to guide developer/user in early stages.
https://github.com/Chewhern/PriSecDBClientPanelPriSecDBAPI-Server Web API (C# ASP.Net Core) {Linux Ubuntu Debian}
Purpose: This API application will allow developer/user to access their databases and perform CRUD operations confidentially.
https://github.com/Chewhern/PriSecDBAPI
Shared characteristics of both applications:
- The application by default relies fully on cryptography randomness to generate cryptography keys(public/private keys or symmetric encryption keys) rather than relying on passwords[Flawed in some sense] to generate cryptography keys.
- The application by default has low ease of use because I deliberately sacrifice ease of use for security.
- Currently, the application by default has a problem which was cryptography keys authenticity.
- If you lost your cryptography keys(private key in public key cryptography or symmetric encryption key[AES/Salsa20/ChaCha20]), there's no way for user to request for keys recovery.
- Anything that involves with sealed box style encryption or SSH key style login will no longer works if you lost your cryptography keys.
Regulatory data generated on both application:
Currently, the application uses PayPal as the payment platform. PayPal will let me know the emails of the buyer.
Self regulation on both application:
There's no plan to host the application in a server that signs up for TOR hidden services[Dark Web Not Deep Web(Browser)].
Purpose of sharing/writing this post:
As the application is running in PayPal sandbox and both of them are consider a prototype, I did like to get feedback or possibly improvement suggestions from developers that cares about security/privacy after using them. Running in sandbox means that any payment made is just a fake payment, people can play around with it without their actual balance(bank) get deducted.
If people here did like what I am doing as a whole, I will need your help in sharing the news to the right audience by sharing to social media or increase my reach so I can reach the right audience.
I also would like to mark my journey as a minor solution provider in providing post-compromise security model solutions as I have started my journey. It's uncertain to me, how it will end.
Side Note: If this post was inappropriate, moderators can remove my post without warning.
Top comments (0)