Google’s Project Vault Is A Secure Computing Environment On A Micro SD Card, For Any Platform

Discussion in 'privacy technology' started by ronjor, May 29, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://techcrunch.com/2015/05/29/go...ironment-on-a-micro-sd-card-for-any-platform/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    I wonder how secure this actually is, from the baseband.
    If it's just storage, how can it protect apps that are otherwise pwned?
     
  3. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    "Onboard the Vault itself is an ARM processor running ARTOS, a secure operating system focused on privacy and data security."
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    OK, but what does that "secure operating system" do?

    Smartphones are fundamentally insecure. Is this an entirely separate OS, which can just communicate with the phone via those text files? Does it run its own apps? If it's not, and it doesn't, I'm not getting how it can be secure.
     
  5. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    brokers the keys and file system

    eg

    I want to: Log into a site. Interface with nfc doggle. ARTOS takes password on secure device. Encrypts using site's keys. Drops that to the app. You log in. App/Host never sees password cleartext.

    Just an example.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    OK, I get that.

    But the app/host does see the data, right?
     
  7. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    yes...
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    OK, so it seems to me that this is a "secure computing environment" only in the sense that it can't grab your net credentials. Yes?

    When I see "secure computing environment", I'm expecting that the cellular service provider (and its friends or pwners) can't see what's being computed. Maybe I'm expecting too much ;)
     
  9. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I think this is just a marketing gimmick to make people think Google is protecting privacy.

    The average consumer will get the phone install Angry Birds or whatever privacy sucking app of choice they want and render the security gain useless.

    I agree with mirimir that smartphones are inherently insecure, I dont believe that it is futile and that the correct combination of behavior and software can provide security and privacy but it requires both to be effective.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    http://www.theverge.com/a/sundars-google/atap-lab-regina-dugan-google-io-2015

    Interesting, but arguably limited. Unless I'm missing something.

    But this sounds interesting:
    See http://www.projectara.com/ and http://en.wikipedia.org/wiki/Project_Ara
    But I see nothing about the baseband :(
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,151
    Location:
    UK
    I've been mulling over a similar requirement, but for the PC environment. Sadly, we cannot trust our hosts sufficiently, and certainly not to let them have unrestrained access to our data files (think Cryptolocker, exfiltration etc). Plus use of encryption technology such as Truecrypt results in a mounted drive where all the files are open to all processes without any form of protection or TFA.

    So I would really like to have a usb3 storage device that was probably something like an RPi, and which encrypted files on its disk at all times, backed by something like a Yubikey with the user having to have inserted the Yubikey and maybe pressed its button to access the file.

    ARTOS looks to be a proprietary RTOS, and there's little information I can find about it.
     
  12. JimmyR

    JimmyR Registered Member

    Joined:
    May 30, 2015
    Posts:
    1
    Google Vault is very strange thing for me .
    I have many questions. For example:
    How does Vault work?
    How can user control encryption on Vault?
    What does Vault encryption algorithms use ?
    Does government can get assess to user data on Vault?
     
  13. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    Seems like they/PR oversold to y'all. Fair.

    But we mustn't forget this is a great tool for everyone. Initially, it will be an enterprise gear and then to consumer. DataLossPrevention etc. Think of it as a roll your own TPM and Yubikey/Challenge-response NFC dongle over a strong self-encrypting disc.

    This has been done before: http://www.go-trust.com/ which shows some of the possible features/usage.
     
  14. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Actually to me that is kind of far more attractive than the PR rubbish.
     
Loading...