CipherCloud Responds to the Crypto StackExchange Controversy

Weasel wording filter:<p>Graf 1, sentence 1: "a few board threads" -&#62; Internet's current most important programming forum.<p>Graf 1, sentence 1: "contributed to by our competitors" -&#62; Smoke screen, unsupported, irrelevant.<p>Graf 2, sentence 2: "basically admitted they really didn't know the facts" -&#62; Because the facts weren't provided, the contributors set about reversing them from published material, the point of the thread.<p>Graf 3, sentence 4: "does use publicly available, well researched, and NIST validated cryptographic algorithms" -&#62; Virtually all cryptography anywhere can make a similar claim, and most of that code is broken. NIST validates primitives and a few basic constructions, but tying those primitives into a functional cryptosystem is outside their purview.<p>Graf 4, sentence 1: "for any customer deployments" -&#62; Leaves open the question of whether they implement semantically insecure constructions in any setting.<p>Graf 5, sentence 2: "fundamental security features (full field encryption, randomization through IVs) were disabled" -&#62; Randomized encryption isn't a feature, it's a fundamental property of a cryptographic construction.<p>Graf 6, sentence 1: "currently in the process of obtaining our FIPS 140-2 certification" -&#62; FIPS 140-2 doesn't involve a rigorous analysis of cryptographic primitives; the crypto-specific components focus on use of NIST-approved ciphers and block modes, but do not assure that those primitives are used securely. To illustrate that point: every vulnerable version of SSL3 and TLS1.0 and TLS1.1 has had a FIPS-compliant implementation somewhere.<p>They should just be honest about their desire to suppress the use of their copyrighted IP in critiques of their product. They're in a competitive space, they're a small company, hard to manage their online reputation <i>and</i> build product, &#38;c. The Reddit/HN/Stack Overflow scene wouldn't like that response, but it's better than this one, which actually creates more questions about their product capabilities.

This is a good example of bad legal/PR turning a company from a fairly well respected new security company to a joke.<p>Tokenization, which CipherCloud does, could actually be done fairly securely if you had a decent amount of local storage. They IIRC use a FIPS HSM for local key storage in their local appliance (I talked to one of their founders as a security event a year or two ago and was initially suspicious of their claims, but it seemed adequate for certain use cases based on how they were using it -- maybe things have changed). It's fundamentally not too different from when Stripe gives you a user key vs. PCI information.<p>Basically, if you can correctly identify certain fields as sensitive and others as not, and force all your traffic through a proxy, you could do totally unrelated random tokens in fields, and then do search locally on the appliance, rather than on the untrusted service. E.g. if you wanted to use Salesforce, but keep customer addresses secret (because they were super-confidential government sites or meth labs or something), you could still put names in Salesforce and do everything else, but just put a random string in for addresses; do address searches on the proxy, either going from single record to address or maybe even "give me all the records in Missouri". There is no magic here. Someone could do an open source implementation for any specific site (via scraping or a public API) easily. The difficulty is doing it for many sites, and keeping it updated, supporting it, and selling it to fortune 500.<p>I don't know if they've been pushed to do stupid stuff, or if they just have horrible marketing/PR now (which is weird since they raised a fuckton of VC), or what.

This is total BS. How is posting a few screen-grabs from their publicly available video a violation of their copyright? Isn't it considered fair use? I was expecting more on the lines of "we are sorry for the whole fiasco, our legal team acts independently whenever it feels like there is a violation", instead of him defending the DMCA. They used DMCA to try and censor a debate about their lies. Talking about DMCA, is it just me, or does anybody else think that government is always eager to pass copyright protection (aka censorship) laws, rather than passing laws to protect the citizens from corporate greed?

May be honest, it's just very convenient. "That demo we have on our site to show off the technology? It's really crippled and doesn't actually show off the technology... We promise the real thing actually works! Oh, you want to hear about the DMCA takedown? That was just our legal team, you know how they can be!"

I'm a little confused about not wanting to disclose IP during a patent process. Isn't that what the patent process is designed to do? Disclose a novel invention, and have it (among other things) vetted for prior art. They say these patents are pending, in which case, shouldn't they be searchable? Has anyone found them? I did an albeit cursory search and couldn't find anything. I'd like to give these guys the benefit of the doubt as they are funded by a16z, but the lack of information is troubling.

Link to the Crypto StackExchange thread: <a href="http://crypto.stackexchange.com/questions/3645/how-is-ciphercloud-doing-homomorphic-encryption" rel="nofollow">http://crypto.stackexchange.com/questions/3645/how-is-cipher...</a>

Favorite line in the whole thing "Some of the fundamental security features made available (e.g. full field encryption, randomization through IVs, etc.) were disabled because we were not comfortable sharing such IP on the internet while our patents are still pending"<p>So, apparently they are going to be patenting padding/randomization in encryption and "full field encryption". Our patent system at work for obvious things.

&#62; A couple of recent discussions in a few board threads contributed to by our competitors have questioned CipherCloud’s approach to delivering cloud information protection.<p>My BS meter is running high.

10 links to their own website in that post. Not even links to other content, just root links. I feel bad not having much more to add because I don't really understand their technology, but that really stood out.<p>Probably some auto highlighter running amok.

looking at the page in Google's cache, it looks like they have a bunch of spam on their site :)<p><a href="https://webcache.googleusercontent.com/search?q=cache%3Ablog.ciphercloud.com%2Fresponding-to-the-myths-about-cipherclouds-encryption-technology%2F&#38;aq=f&#38;oq=cache%3Ablog.ciphercloud.com%2Fresponding-to-the-myths-about-cipherclouds-encryption-technology%2F&#38;aqs=chrome.0.57j58.845j0&#38;sourceid=chrome&#38;ie=UTF-8" rel="nofollow">https://webcache.googleusercontent.com/search?q=cache%3Ablog...</a><p>"A couple of recent discussions in a few board threads contributed to by our competitors have questioned CipherCloud’s small online payday loans. same day payday loans. easy online payday loan. direct lender payday loans online. approach to delivering cloud information protection."

Looks like they stand firmly behind their DMCA takedown. EFF should slap them with a trout, as far as I'm concerned.

Here is a link to the DMCA notice, in case anyone cares. Its not just a DMCA notice, it contains claims against slander and defamation too.<p><a href="http://www.pdf-archive.com/2013/04/20/notice130419/" rel="nofollow">http://www.pdf-archive.com/2013/04/20/notice130419/</a>

Coral cache version as site seems to be struggling already: <a href="http://blog.ciphercloud.com.nyud.net/responding-to-the-myths-about-cipherclouds-encryption-technology/" rel="nofollow">http://blog.ciphercloud.com.nyud.net/responding-to-the-myths...</a>

&#62; <i>Service Temporarily Unavailable</i><p>&#62; <i>The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.</i><p>Everything they do is destroying their reputation. Unfortunately, only among a few people who would have been suspicious anyway.

&#62; A couple of recent discussions in a few board threads contributed to by our competitors have questioned CipherCloud’s approach to<p>...DMCA takedown requests.

"All of our customers, that I know of, have selected our solution as the recognized standard for cloud information protection after a thorough evaluation, testing, and scrutiny of our product’s design and implementation by <i>their cryptographers</i> and key management experts."<p>If you had to guess, how many of CipherCloud's customers do you think keep cryptographers on staff?

I see no way this could ever work the way they want and still be secure. They have two conflicting requirements - strongly encrypting the data and not breaking the functionality of third party applications operating on this data, that is making the encryption transparent to a (sub)set of operations (not under their control).<p>It is feasible to strongly encrypt all data but you have to make sure that you do not accidentally implement ECB mode or something similar when using a common block cipher like AES. So you definitely want a unique IV for every piece of data you encrypt. But now you have also broken all server-side functionality because (almost) no useful operation will produce the expected result when operating on encrypted data. Client-side functionality is no problem because it only sees decrypted data.<p>Therefore they (have to) make compromises. Actually the user has to make the compromise - keep some data unencrypted or lose the server-side functionality. This is most prominent in the demos with numeric data that needs to be aggregated, averaged and what not. Actually it would be not to easy to encrypt this numeric data because you have to preserve the format including limits and disallowed values or otherwise the server would reject some values.<p>What about the infamous text fields? They are probably the easiest to encrypt but you still have to be careful not to break validation rules, for example by making the encrypted text much longer or making an e-mail regular upset (but I bet most applications perform only client-side validation). But this again makes the third-parts application a lot less useful because you lost the ability to search in your textual data. The problem to solve is the following one (with some minor details ignored).<p><pre><code> text.contains(searchText) == encrypt(text).contains(doSomething(searchText)) </code></pre> I - not being a cryptography expert - can not think of a way to get this working without leaking information and CipherCloud's solution as discussed on Stack Exchange definitively leaks a lot of information. This is really a very tough problem. (Probably) not even homomorphic encryption would help because you have no control over the comparison method - it is plain old substring search, maybe case insensitive and that's it. It is solvable using private information retrieval in the relaxed case when you have control over the comparison operation but with substring search it is probably to hard (if you want to keep the cipher text length similar to the plain text length).

I didn't follow this story. Where can I find more information about this "Controversy"?

"We are terrible at putting out fires" is what I read here. And that's not a quality I want in a service provider...