vCage Cloud Deployment Protects Tor Data in Use from Compromise
Wed Oct 23, 2013 9:33am EDT
PrivateCore, the private computing company, today demonstrated the first cloud Tor server protected from NSA PRISM-like programs by fully encrypted memory. The company deployed a Tor server protected by PrivateCore vCage software to a dedicated server hosted by infrastructure-as-a-service provider SoftLayer. Tor directs Internet traffic through a free, worldwide volunteer network consisting of more than three thousand relays to maintain the anonymity of a user’s location or usage.
This PrivateCore Tor deployment provides undeniable evidence that organizations can achieve private computation in the public cloud. Without vCage full memory encryption, Tor servers operating in hosted provider environments expose secret key material in memory, where it can be accessed through NSA PRISM-type programs. Using PrivateCore vCage, no trace of Tor server code or data is maintained in memory or on disk, eliminating the possible exposure of secret key material through memory forensics.
As demonstrated by the NSA PRISM program, information owned by an organization can be handed to authorities without their knowledge by cloud service providers who control the cloud servers. While organizations need to respond to lawful requests for information such as the NSA PRISM program, PrivateCore vCage enables them to remain in control of servers in the cloud and prevent access without their prior authorization.
- .@PrivateCore vCage memory #encryption software enables #PRISM proof Tor server http://bit.ly/1gCCkMP
“PrivateCore vCage is a very important step forward for cloud security that uses a brilliant design created by experts who really know what they are doing,” said Felix “FX” Lindner, Head of Recurity Labs a leading security consultancy based in Germany.
Service providers and enterprises face growing risks of physical access to sensitive data through the proliferation of outsourced IT infrastructures in untrusted environments including the cloud, co-location facilities and remote sites. Sensitive data-in-use is subject to compromise due to lawful requests, such as the recently disclosed NSA PRISM program, as well as illegal compromise. For example, state actors can target server memory which typically contains sensitive information such as digital certificates, encryption keys, intellectual property and personally identifiable information. While sensitive data may be protected by encryption while at rest or in transit, it is unprotected and “in the clear” while in use. PrivateCore’s unique vCage software encrypts data-in-use without requiring application or hardware modifications.
“The NSA PRISM program has raised concerns around the world among organizations considering deploying sensitive data in the public cloud. This proof of concept shows that data in the public cloud can remain under the control of the owner under any circumstance,” said Oded Horovitz, CEO of PrivateCore. “Protecting data-in-use has been a challenge in security sensitive industries for years, but hardware advances such as larger processor caches have enabled PrivateCore to develop an innovative platform that shrinks the hypervisor into the CPU to secure data even in memory.”
Service providers and enterprises interested in learning more about PrivateCore vCage can contact firstname.lastname@example.org.
PrivateCore is the private computing company. PrivateCore vCage software transparently secures data-in-use with full memory encryption for any application, any data, anywhere on standard x86 servers. PrivateCore was founded in 2011 by security industry veterans from the IDF, VMware and Google. The company is based in Palo Alto, California and has received venture funding from Foundation Capital. For more information, please visit http://www.privatecore.com.
PrivateCore and vCage are trademarks of PrivateCore, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.
Marc Gendron PR
Marc Gendron, 781-237-0341