Messaging services, like other cloud services, have great advantages such as low cost, convenience and flexibility. However these services also have risks, especially if information is confidential, sensitive or private. These risks are real as evidenced by frequent news of data leaks, security breaches, and hackers or rogue administrators compromising people's data.
In the human world, "cloud" services have grown rapidly by making collaboration and applications easy, cheap, convenient, and accessible. For businesses, this has meant reduced cost, expanded services and new market opportunities.
In the machine world, a similar rapid growth is predicted in automated "cloud" messaging driven by the need for businesses and governments to electronically exchange documents.
The fundamental problem with messaging services is that they are a "man-in-the-middle" privy to all information being exchanged. This gives rise to considerable privacy and security risks.
Privacy risks arise from the all-controlling power that cloud providers have over end-user data. Administrators always have the ability to override or bypass user controls to view, change, analyse or copy data. Worse, the provider may reserve the right to do so.
Security risks arise because of the inability of service providers to completely "protect" their systems. Such protection is hard, as it involves trying to protect every piece of server-side infrastructure where the data might reside (e.g. web servers, application servers, storage servers) and every method of access (e.g. users, administrators, third parties). Any single failure, at any time, of any component or process, puts the data at risk.
Challenges to lock-down infrastructure
Despite all the marketing hype from cloud providers, current approaches to privacy and security are clearly inadequate, as evidenced by the relentless and ongoing news of serious data breaches, hacking and unauthorised disclosures. Essentially, these systems can never be secure because lots of "pieces" of security do not add up to "overall" security.
A compelling solution is use end-to-end document-level encryption and signing. This adds an extra "layer" of security and privacy over the top of any cloud messaging system. Such an overlay approach may be summarised as "protect the data, not just the infrastructure".
Document-level encryption effectively encapsulates data in a "tamperproof" (encrypted) package. This gives strong security as the package remains protected regardless of how it transits or is stored in any intermediate servers. The interaction is totally private as only the recipients have keys to unlock the data. Further, the use of digital signatures enables the sender to be verified and prove the document hasn't been tampered with.
End-to-end (E2E) encryption is resilient against nearly all types of server-side attacks because intermediate systems (and operators) are "blind" to the contents of the attachments. It makes the protected data essentially location-proof, network-proof, host-proof, protocol-proof and provider-proof. The overlay only relies on the intermediate infrastructure for delivery of messages and on the endpoints to protect their keys.
In addition, using digital signatures and end-to-end acknowledgements, the system can also ensure:
- Integrity - that a document hasn't been tampered with
- Authenticity - proof that a document originated from the sender
- Non-repudiation - proof that a document was received by the recipient.