Best Practices for Decentralizing Information
27th April, 2018 | Data Security | Entropic
In our previous article, we discussed how the fortress mindset has influenced how we instinctively protect information. Today, encryption and authentication are the foundation of how we secure information that is holistically stored in one location - the fortress.
If an attacker knows that all of the information they seek is holistically secured in one place, their motivation to break through the barriers that protect this place becomes very high. Over time, both encryption and authentication have had to adapt to contend with evolving attack techniques, many of which exploit vulnerabilities arising from the need to balance security with convenience for the user.
One example of this evolution is the gradual deployment of two-factor authentication (2FA), which boosts authentication capabilities by requiring additional checks from the user, before allowing access to the secured information. An overview of two-factor authentication by Bennett Garner is originally posted on CoinCentral.com.
What is Decentralization?
When it comes to securing stored information, decentralization is an alternative approach to encryption. Decentralizing information ensures that when it is neglected or stolen, it is far less likely to be reverse-engineered, or "cracked" over time.
Decentralization involves separating, or more specifically delinearizing, the fabric of data into protected volumes (also referred to as shards) that are stored across two or more separate locations, or storage sites. If one storage site is compromised, the attacker gets meaningless delinearized data, which cannot be reverse engineered without having the remaining protected volumes from the other storage sites.
We can delinearize information on a blockwise or a bitwise level, into a series of nonlinear protected volumes. For increased security, these volumes may be encrypted either before or after breaking them up. Following this, the protected volumes can be transferred to, and stored across a series of two or more separated storage sites.
While most of us are familiar with using encryption in one manner or another, the concepts behind decentralization of information require a change in mindset. You are no longer storing all of your information in one place. Instead, a file that is delinearized for instance, has it's fabric spread out across multiple places.
For this reason, we have prepared a list of best practices to help you safely use this type of information security. To keep things simple, in our discussion below we'll use files as a familiar unit for information that needs to be protected, and we'll assume that you are using Panwrypter to protect them.
The physical separation of your protected volumes is the most important principle for this type of information protection. Properly separating your volumes across separate storage sites means an attacker needs to not only know about, but also gain access to all of your storage sites before your original files can be accessed.
The number of storage sites you use to protect your files represents the number of places that need to be compromised by an attacker, before they can gain access to all of your original protected volumes. While choosing more storage sites dramatically increases the security of your files, it also makes it less convenient to access your protected files when you need to, since you need to transfer to, or collect back your protected volumes from all of your storage sites.
Choosing the wrong storage site might result in losing a protected volume, which will prevent you from recovering your original files.
There are many reasons why your protected volumes at one storage site may not be available. This might happen for instance, if you lose account access to your online storage provider, or if it goes out of business. Another example is if the protected volumes at one site are corrupted or erased.
Air gapping one storage site means that an attacker will require physical access to this storage site before they can recover all of your protected volumes. If at least one of your protected volumes cannot be accessed, an attacker will be unable to recover your original information. If all of your storage sites are Internet-connected, there is always a chance that these sites could be compromised over time.
If you need to restore your protected files at a later time, you may not be able to recall the locations of your storage sites. If this happens, you won't be able to recover your original information. Storing information about your storage sites on an Internet-connected device, leaves it open to eventual theft from a cyber-attack.
Panwrypter provides you with flexible options to achieve these best practices, allowing you to secure your files on your own terms, while traveling, for sharing, or just for safekeeping. Panwrypter can be downloaded from the Mac App Store. For more information, please refer to our tutorials and how it works references.