Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)

Topic Author
oldnewb

interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Postby oldnewb » Fri Jan 02, 2015 5:35 pm

Hi,

I use cryptostorm since a few month and I am very happy with performance and security features. I read in a lot of diferent forums about the vpn-scene and other providers. I found in the last days/weeks these 3 interesting things. What do you think: Are these features, that are worth to implement in cryptostorm?

- https://ramvpn.com offers:
https://ramvpn.com/encrypted-volatile-s ... ontainment:
"ENCRYPTED VOLATILE SERVER CONTAINMENT

The virtual machine running OpenVPN resides within an encrypted RAM container. The encryption is randomized each boot sequence. Not only is the key for the encryption randomized, but the cipher and digest are also randomized. Our containment environment has support for the following ciphers and digests: (...)
Storing the virtualized environment within encrypted RAM has multiple benefits. RAM is much faster than a hard disk, and this improves performance for the virtual machine dramatically. Being stored in volatile memory has the added benefit that data needs only be overwritten once to be destroyed. A simple reboot of the host operating system can destroy all traces of activity within the container. Combined with physical tamper resistance, RAM VPN delivers a unique approach to securing your privacy."

and:
https://ramvpn.com/physical-tamper-resistance
"PHYSICAL TAMPER RESISTANCE

Our physical host system has been configured using IPMI policy to monitor sensors that can detect signs of physical intrusion. The first policy, monitoring the case intrusion sensor, triggers a system reboot into a memory test (destroying the encrypted volatile container that the VPN server resides on).

Other sensors with policies include four temperature sensors (PCH, Peripheral, CPU, and Motherboard) that react with a reboot in case of sudden drops or spikes in temperature. These sudden changes in temperature may indicate a physical outsider attempting to cut the case or otherwise bypass the case intrusion sensors.

The hotplug detection of the host has also been modified to reboot in the case of sudden "hot-adds" or "hot-removes" of RAM memory. As a final measure of protection, we monitor the voltage and current to the VDIMM controller as well. Any addition or removal of RAM would result in a sudden noticeable power fluctuation, causing a system reboot."
------------------------------------------------------------------
-ImmunityZone: https://www.immunityzone.com/
https://www.immunityzone.com/security
"Secure containers for all users

For security reasons Immunity Zone uses a custom Operating System. Because we don't trust in standardized technology - which regularly contains backdoors or similar attack vectors - we decided develop our own OS for this service. We are using a minimized Linux derivative with only 30 MB in size. Immunity Core is open source - the source can be found on Github.

Every user gets his own temporary Operating System on our servers. After logging in a fresh instance of your OS is created and started within seconds. After the OS booted up your remote virtual browser starts and you are ready to use the remote browser. We are not able to log into your OS-instance or access your browser's data as long we encrypt it using 1-time passphrase that are getting thrown away immediately. We are providing isolated browsers inside 1-time OS-instances running on a minimized hypervisor on hardened servers. "
------------------------------------------------------------------
- Cyberghost built their own datacenter: https://www.indiegogo.com/projects/cybe ... nospyproxy

"Now we want to take things to the next level and improve our proxy servers! As a global player, CyberGhost provides plenty of VPN servers all over the world in many countries, and taking care of these servers is a crucial part of our daily work: The hardware needs maintenance as the software does. But most important of all: Technicians have to make sure a system has not been compromised – a task so important it needs to have a proper schedule. And while built-in alerts and remote check-ups are sufficient enough to make sure the software has not been overtaken, a hardware check will always lack the times ‘in between’. If the secret service takes a chance on intruding a server for the time between two hardware checks, they will go uncovered for exactly that period of time – and they could do so, because there is no direct control over the servers by CyberGhost.

And that’s exactly what the company is up to now: Bringing the hardware under direct control as another layer of security. We have already invested $ 67.000 (approx. €50,000) towards this goal, but we need your help to finish the task. With you, our users and friends, we will be able to build the world’s first #NoSpyProxy data center."
------------------------------------------------------------------

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

...random ciphers?

Postby Pattern_Juggled » Fri Jan 02, 2015 5:46 pm

oldnewb wrote:The virtual machine running OpenVPN resides within an encrypted RAM container. The encryption is randomized each boot sequence. Not only is the key for the encryption randomized, but the cipher and digest are also randomized. Our containment environment has support for the following ciphers and digests: (...)


Hmmm... :problem:

Ramrandom.png


(source)

Cheers,

    ~ pj

User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: interesting vpn-server-features from competitors

Postby DesuStrike » Fri Jan 02, 2015 8:33 pm

First I want to thank oldnewb about caring enough for CryptoStorm that he is looking for ways to improve it. Community input and fresh ideas are very important and always welcome. You also involuntarily provided a good example for how dangerous the marketing yap of many "VPN-Services" is.

Which leads me to my second statement:

Why on earth would someone want to randomize the used chipher and digest? Especially with those horrible options available! The only thing you'll archive with that is people accidentally using RC4-MD5 or other horrible combinations. Those guys are either not qualified to run a secure service or deliberately try to fool their customers in suggesting that "random" is always the best choice when it comes to encryption. :\
home is where the artillery hits


Topic Author
oldnewb

Re: interesting vpn-server-features from competitors

Postby oldnewb » Fri Jan 02, 2015 11:14 pm

Hi Pattern_Juggled and DesuStrike,

the reason why I used "..." at the encryption section of the site is, that I read the whole discussion on this forum and I agree with your opinion, but the idea of running the service out of RAM is a - I think - more expensive, but interesting additional security addition on servers that are not under the own control in the own datacenter, or? This is no commercial for ramvpn and I would not try this service, because it is USbased, but the - if marketing or not - security features sound interesting. And this is why I wrote it here, to see what the pros think about it.

User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: interesting vpn-server-features from competitors

Postby DesuStrike » Sat Jan 03, 2015 2:32 am

@oldnewb: I hope you didn't took our reaction as critique against you. Our reaction is purely directed against those guys... ehrm... "security decisions"... As I said in my first sentence: I'm glad that you (and hopefully others as well) are looking around, inform themselves and if they got any questions they go ahead and ask instead of just believing what marketing says. I'm far from being an expert, especially compared to PJ, but two years ago I might have bought into that crap ramvpn is selling today. So feel free to continue asking questions and providing ideas how to make CryptoStorm better. It's the best way to learn about those things. :)
home is where the artillery hits

User avatar

parityboy
Site Admin
Posts: 1244
Joined: Wed Feb 05, 2014 3:47 am

Re: interesting vpn-server-features from competitors

Postby parityboy » Sat Jan 03, 2015 4:58 am

@thread

OK, so RAM VPN sounds good on paper until you get to the part about random ciphers and digests. I don't have an issue with random digests as long as every option is SHA-512. I don't have an issue with random ciphers as long as every choice is known to be solid - i.e. the ones PJ would be happy with.

ImmunityZone basically seems to be an HTTP proxy offering client-side SSL termination, where each proxy runs in its own OpenVZ or LXC container (taking an educated guess). Seems to be limited to browsers, so other applications are excluded.

I'm not sure what to make of CyberGhost. If LEO turn up with guns and a court order, they'll likely do precisely what they are told.


Topic Author
oldnewb

Re: interesting vpn-server-features from competitors

Postby oldnewb » Sat Jan 03, 2015 1:10 pm

parityboy wrote:@thread

ImmunityZone basically seems to be an HTTP proxy offering client-side SSL termination, where each proxy runs in its own OpenVZ or LXC container (taking an educated guess). Seems to be limited to browsers, so other applications are excluded.


No, that is not the whole thing. That would not be an interesting feature. The main thing is:
https://www.immunityzone.com/how-it-works
"Each login creates a virtual machine on our servers. Inside our Operating System a one-time browser is opened that streams the webpage content to your inside browser. Whenever you load a webpage in your inside browser, that page is actually loaded on our servers. We then stream the content to you.
A secure Browser-inside-a-Browser

Immunity Zone is a secure remote browsing environment executed on hardened infrastructure. The Browser on Demand consists of mature technologies like Remote Browsing, Operating System Virtualization, AdBlock Technology and Proxy Servers. As a user you can only see a simple web application displaying a virtual browser window. In there all the magic happens automatically. We created the world’s first secure Remote Browser on Demand. It hides your search and browsing from nosy interceptors around the planet and keeps you private. We hope you enjoy it!"

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

server-side physical security

Postby Pattern_Juggled » Sat Jan 03, 2015 4:47 pm

oldnewb wrote:the reason why I used "..." at the encryption section of the site is, that I read the whole discussion on this forum and I agree with your opinion, but the idea of running the service out of RAM is a - I think - more expensive, but interesting additional security addition on servers that are not under the own control in the own datacenter, or? This is no commercial for ramvpn and I would not try this service, because it is USbased, but the - if marketing or not - security features sound interesting. And this is why I wrote it here, to see what the pros think about it.


Lest my off-the-cuff snippet wrt their cipher randomisation give an appearance otherwise, I'm - along with DesuStrike - extremely grateful you took the time to share this here. I also think there's some interesting concepts mixed in with some of the stuff they're saying they do that's less than confidence-inspiring. I've not replied on that level yet because, frankly, I'd like to think on it more and compare it with my own preconceptions when it comes to hardware security and sever-side hardening against physical attacks.

These issues - server physical attacks - are enormously important, poorly appreciated, and growing in direct relevance to real-world services. Behind the scenes, it's a place where I invest perhaps 30% of my own research/pre-development time, in terms of hardening cryptostorm's model against known, in-the-wild attack vectors. There's not much yet to show for all this research work, publicly anyhow, but it does animate many decisions we make at the server level and is a topic of active - and often heated - discussion amoungst our technical staff.

I think I'm also still in deep mourning for the loss of PrivateCore to facebook, last year... this really kneecapped some long-range work we'd done to frame cryptostorm's approach to physical server security. That put us back to the drawing board, frankly, and I don't feel we've got a strong alternative model yet ready to present to the community for consideration and critique. It's not that there's no alternatives, it's just that none are - to my mind, anyhow - nearly as elegant as that based on the PrivateCore technological footprint.

Sigh.

Anyhow, it's something I need to face. I think I'm (almost) past the grieving phase, and ready to get closer to acceptance. :(

I'm going to promote this thread to global visibility in the forum, and also point to our "under the OS" subforum which, while placed deep down in our subforum list, is nevertheless a crucial resource in our work towards building security in this area of operations.

Anyhow, thanks again for posting - and I expect we'll have much more discussion in this thread as each of us is able to collect and post the rest of our thoughts on the RAM'd/VM'd concept in general.

Cheers,

    ~ pj

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

cyberbunkers for cyberydatacentres facing cyberthreats... sigh

Postby Pattern_Juggled » Sat Jan 03, 2015 4:52 pm

parityboy wrote:I'm not sure what to make of CyberGhost. If LEO turn up with guns and a court order, they'll likely do precisely what they are told.


The whole "secure bunker" model of hosting/datacentre operations has proved to be utterly useless against LEO-driven attacks. From the Pirate Bay to dozens of other examples, it simply doesn't work. I am saddened to see people still pouring money into it, given that it simply doesn't work. Sounds great in cyberpunk books (Cryptonomicon, etc.) and makes for great marketing hype. But doesn't work.

Alternatives must be based on decentralised, distributed, blochckained, .onion'd weirdnesses - that's my conclusion at this point, in any case. Whatever the best alternatives, we can cross off the list the ones we know don't work.

Bunkers don't work. Period.

Cheers,

    ~ pj

User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: cyberbunkers for cyberydatacentres facing cyberthreats... sigh

Postby DesuStrike » Sat Jan 03, 2015 6:58 pm

Pattern_Juggled wrote:Bunkers don't work. Period.


You really strike a chord with that statement. I could start giving talks for hours about this but I just want to boil it down in a few sentences without derailing this thread:

With all this unlimited funds government dragnet surveillance around and on the other side projects like cryptostorm that run mostly on blood, sweat and tears lots of people get the impression that we are in the middle of an internet guerrilla style warzone or something along those lines. Fact is: We are not. Projects like CryptoStorm operate completely within the legal scope of basic human rights and pursue to enable people to assume those rights today and in the future. The only actors breaking the law in all this are those government agencies.

This fact brings up a very important issue: Though I'm one of those who believe the main solution against surveillance is technology, I'm aware of the fact that we (at least currently) very much depend on a world where basic human rights are still mostly intact in enough places. Otherwise we would have a hard time deploying hardware and running free software on top of it to provide our technology solutions. So I urge everyone to try and see within their scope of possibilities that their government is not going postal on their rights or maybe one day the legal foundation for projects like this is gone.
home is where the artillery hits

User avatar

parityboy
Site Admin
Posts: 1244
Joined: Wed Feb 05, 2014 3:47 am

Re: interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Postby parityboy » Sat Jan 03, 2015 7:28 pm

@DesuStrike

You make good points. However, I will say that this is more of a creeping death than an overt war. The media copyright issue is merely an introducer; the laws written to protect them are/will be overly broad so that they can be applied to other areas of free expression, and we don't know what exactly is written in the TPP regarding the Internet, because that document has been kept secret (leaks notwithstanding).

Bumping up against this are the Internet technology companies (OVH, LeaseWeb, OneProvider etc) who aren't about to let go of good revenue. Renting servers and cloud services is more popular than ever, and none of those companies are about to let go of good business. So I say to those who are reading: invest in your own future. Support CryptoStorm by purchasing tokens. Support Tor by running a relay, or sponsoring TorServers/Noisebridge/whoever. Run an I2P relay. If you're technically minded, build bridges between those networks.

Let us legally build enough secure infrastructure such that any law designed to take it down would be viewed as utterly absurd.


Topic Author
oldnewb

Re: cyberbunkers for cyberydatacentres facing cyberthreats... sigh

Postby oldnewb » Sat Jan 03, 2015 7:36 pm

Hi Pattern_Juggled,

at first I want to thank you for your detailed and interesting answer. The "remote"-thing of immunityzone is also a great feature for the IP-/DNS-leak-problem and the protection from insecure user-systems, because the hacked system will be rebootet and cleaned the next start, what "normal" users will not do with their home-system. OK, they could use a VM and use your service and reboot and set the system to 0. I think xerobank with the XB machine (long long ago) had a virtual machine for their customers with a hardened linux and an easy configuration menu. But in my opinion the remote-model from immunityzone is much more interesting.

And to this:

Pattern_Juggled wrote:
parityboy wrote:I'm not sure what to make of CyberGhost. If LEO turn up with guns and a court order, they'll likely do precisely what they are told.

...
Bunkers don't work. Period.


I think it depends on what you want to get with a "bunker"-model. If you want an additional layer of security, that your hardware is only under your control and not full of surveilance-technology, then it is a great solution to have the servers in your own datacenter. I agree with you, that if the police come in, it is irrelevant, if this is your own datacenter or not. And to chain datacenters in different countries is another option to reduce the risks of surveilance of the users. To the bunker model i have the perfect example in sweden: https://integrity.st .


Topic Author
Guest

Re: interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Postby Guest » Tue Jan 06, 2015 1:52 pm

Wouldn't being Ram based mean that the server is Net booting each time it restarts (and conseqently prone to systemic attacks due to this)?
and the part of being 'encrypted' in ram- it still has to be decrypted to run on the cpu, so is this just an overly complicated way of explaining an encrypted ram disk (which would inherently be cached to make useful?)- or am I missunderstanding the process somehow? if they somehow limit ram based caching wouldn't that limit the speed of the ram to the speed of decryption? and if they're doing that, does that mean they're relying on intels' builtin AES accelleration rather then a pure software cyrpt solution (curious on your guys thoughts on that as well- CS doesn't use intels' AES, does it? can/does openvpn utilise that?)? would a modern servers internal cache size be large enough to mitigate all the afformentioned stuff? I can sort of understand the apeal of a 'diskless' machine, (I'm a fan of puppy linux) but why not decrypt the server image locally after transit and save the overhead? is cold boot a legitamate threat, and is it even possible to mitigate? If the server is setup properly, what would be on the disk that would need to be hidden in the first place? Certs? Account info?
gah, sorry if I've rambled a bit. It's very interesting, but I don't understand how the advantage this setup has could outweight the potential risk aspects.


Topic Author
Guest

Re: interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Postby Guest » Tue Jan 06, 2015 2:24 pm

just read about privatecore- now that's interesting! I didn't know that was possible... how? Shame it suffered the same fate as oculus.

On last thing I missed from post above (didn't realise the ram vpn thing did VM as well) - VM makes for a much larger attack surface.

User avatar

parityboy
Site Admin
Posts: 1244
Joined: Wed Feb 05, 2014 3:47 am

Re: interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Postby parityboy » Tue Jan 06, 2015 6:17 pm

@Guest

I think you're right in that the VM's storage is effectively an encrypted RAM disk. However, the RAM in which the process actually executes will be unencrypted anyway; the RAM disk behaves like any other storage device, it's just a lot faster and more volatile (obviously). Furthermore, from their description in terms of the speed of VM boot, I assume they are using containers (either Docker/LXC or OpenVZ).

As far as AES-NI is concerned, I know that some of the servers CS use do support it. OpenSSL >= 1.0.1 support it out of the box, so crypt performance will be faster on the hardware that supports it.


turbz
Posts: 13
Joined: Sat Jun 06, 2015 5:16 pm

Re: interesting vpn-server-features from competitors (VM'd/RAM-loaded models)

Postby turbz » Mon Jun 15, 2015 1:18 pm

The cyberghost seemed interesting, up until reading their license agreement:

"Currently, the traffic volume is not measured. However, CyberGhost VPN reserves the right to install corresponding tracking systems and to prevent unfair use in case of an unusually high utilization degree of the entire network."

The "unfair use" is anything over 80gb/month.


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: Google [Bot] and 17 guests

Login