Transcription
SECURITY INTRO 2020 digi.me limited. All rights reserved.1
Digi.meKeeping your data secure at all timesAll your data in one placeTo share with peoplewho you choose 2020 digi.me limited. All rights reserved.Securely held in yourown online storeSo no-one can runaway with it2
IntroducingThe digi.me technologyDigi.me applications run on your mobile and desktop computers to let you see and use all your online data. The app has asecure connection to a Cloud service that fetches all your online data and moves it into you personal online storage. The appdoes everything for you and the digi.me company never sees, touches or holds your data. We empower you to hold it and use ityourself.online servicesyour app collects data fromAPPLICATIONTHE CLOUDCLOUD STORAGEdigi.me applications run on yourdevice and securely asks the cloudto fetch your data from all youronline services and save it in yourpersonal online storage servicecloud computing power that fetchesall your online data for youdigi.me apps ask the Cloud to fetchyour data and store it here in yourcloud files, like Dropbox, OneDriveand Google Drive (whichever youchoose) 2020 digi.me limited. All rights reserved.3
DesignSystem security architectureThe overall solution has been designed to ensure all your data is never passed from one place to another in plain-text, it isalways encrypted to a high standard. Data is only stored in your storage areas, there is no digi.me storage. All data stored isencryptedSecure connectionSecure connectionSecure connectionCLOUD PROCESSINGAPPLICATIONCLOUD STORAGEdigi.me cloud processing is created ondemand and can only be initiated via arequest from an authenticated userdigi.me applications authenticate theiruser with a long high-entropy passwordand unlock the credentials storedsecurely on the device to request externalservicesYou select your own cloud storage and alldata held is encrypted and moved ondemand to applications and cloudprocessing in encrypted form 2020 digi.me limited. All rights reserved.4
RiskThe things we design our products againstThe attacks on our security will come from people who have the skills, the motivation and resources required to break manysecurity systems, so we design and build our systems to withstand them.SkilledWe assume all hackers we need to worryabout are skilled and aware of the latestsecurity vulnerabilities and attacks occurring inthe global market.MotivatedWe expect any hacker to be persistent andmotivated sufficiently to stretch our securitydesigns and implementations to the limit.ResourcedWe design and build all our systems towithstand the considerable onslaught possiblewith modern attacks by people with significantresources available.Encryption of files and secretkeysIt is essential to use high quality encryptionmethods to secure data, but to also make surethat there are no shortcuts and weaknesses inthe methods chosen.Security of data in flightWhen our apps share data over the internetthey always use SSL, the “padlock” connectionclass you know from your browser. Weconfigure it to only use the highest securitysettings.Designed for the onslaughtModern cloud systems like the ones our appuses, are not just cracked via securitybreaches, they can be attacked by floods offake traffic and exploratory connections lookingfor chinks in their armour. We design andbuild against all these. 2020 digi.me limited. All rights reserved.5
PasswordsGreat passwords are a key to security60 SecondsLOCKED AWAYWhenever you run your digi.me appyou want all your data to beavailable. Since your digi.me appstores it for you securely in yourcloud you must supply your secretpassword to unlock the dataWeeks/MonthsENTER PASSWORD“1 2 3 4”“MONKEY PERISCOPE”The secret of good security is goodpassword choice, so it’s importantyou choose a good password that isalso easy to rememberIf you choose simple 4-digitpasswords then the effort a goodhacker will require to crack theencrypted files in your cloud storagewill be measured in seconds, it reallyis not very secureWe allow you to create memorablepasswords that have many letters inthem and we use cryptographicalgorithms that are proven togenerate encryption keys that takemonths or years to crack 2020 digi.me limited. All rights reserved.6
EncryptionOur apps protect your filesSECURE STORAGEUNIQUE KEYSKEY MANAGERWhen you use digi.me apps all your datais securely held on the cloud storageservice of your choice, whether it isDropBox, Google Drive, MicrosoftOneDrive or a Western Digital myCloud(or other services we will add over time)All the files our software imports fromyour online data services are storedsecurely. They are encrypted with a setof keys and ciphers that come frominternational banking standardsWhen your digi.me app accesses yourfiles in your cloud storage it can decryptthem because your secret keys aresecured on your mobile device. It doesthis by holding them in a protected vaulton your mobile that is secured by thedigi.me password that only you know 2020 digi.me limited. All rights reserved.7
Add a Data SourceYour data secured on your storageSELECT A SERVICEMAKE REQUESTREQUEST APPROVALSECURITY PROFILEWhen you use our apps you havethe choice to select which sources ofdata you would like your personaldigi.me app to collect and managefor youYour app makes a request to youronline service so that you can log-into it and confirm we are allowed tocollect the data from it for youYour app then connects to yourfavourite online cloud storage libraryto safely save all your data for you.Its in your storage not ours, becausewe don’t have anyYour Facebook account allows youto approve apps like digi.me toaccess it remotely. It issues aspecial security token that only yourdigi.me app can use each time itwants to access your social data 2020 digi.me limited. All rights reserved.8
Getting Data SetsAll files are encrypted with a unique keySOCIAL MEDIA : FACEBOOKPostsCommentsThe Twitter key only fitsthe twitter fileThe Facebook key onlyfits the Facebook fileSOURCE DATA 2020 digi.me limited. All rights reserved.Your digi.me files are securely held in yourown cloud storage service and all files areencrypted, each with a completely uniquekey. This means that anyone who everbreaks a key, only ever gets one file.Which means it is extremely hard foranyone to attack and unlock all your data.LIBRARY9
Secured LibraryThe cloud synchronises all your dataENCRYPTED IN THE CLOUDPASSWORD IS A KEYAll your data is fully encrypted in the cloud.Every file has its own key that can only beunlocked with the secret master key that isunlocked by your passwordWhen you first open your digi.me app you enter yourpassword to unlock its master encryption key andenable it to then access all the keys it needs to usethe storage and synchronisation services 2020 digi.me limited. All rights reserved.UNLOCK YOUR APPThe app can then internally gets the file keysit needs to open up the online storage whereyour files are securely held and ensure yourdigi.me app can access all the encrypted files10
SynchronisationThe cloud synchronises all your dataall your online services social, health,finance, shopping, entertainmentSYNCHRONISATION SERVICECLOUD STORAGE SERVICEThis is the cloud service your digi.me app runs foryou. It never looks at your data or stores any dataabout you. Its only job is to run a synchronisationof your data in your online services with all thefiles you storeThis is the storage service you have chosento hold all your data securely. It is read byyour digi.me apps to provide all the servicesyou need and love 2020 digi.me limited. All rights reserved.all your online files, held in oneplace for each service11
EncryptedAll files are encrypted with a unique keyExtracting Encrypted DataYour digi.me files are securely held in your own cloud storage service and all files are encrypted,each with a completely unique keyMONKEY PERISCOPEACCESS LIBRARYACCESS DATAVIEW DATAYour digi.me app must be runningand you must have logged in tounlock the encryption keys from theinternal storage vaultThe password unlocks the key toaccess the pCLoud libraryThe password unlocks the key tounlock the key for the documentsthat hold the data you wantThe unlocked data is then presentedto the application 2020 digi.me limited. All rights reserved.12
SecuredAll apps use doubly secured SSL connectionsWhen you log-in to digi.me enabled apps, they retrieve all your data from the Cloud Storage using a secure connection and thepersonal data files are also sent over in a fully encrypted form. We use the industry standard ”padlock” connection called SSLand we additionally apply extremely strict filters to ensure every request that reaches our systems is completely valid and is notthe result of attackers guessing or trying to brute force our security.EncryptedDecryptedSSL CONNECTIONdigi.me app to cloud storage connection is to theindustry’s highest specificationWe employ industry leading filters to check everyrequest is completely legitimateEvery file your digi.me app reads from the cloudis decrypted once it arrives on your mobile. Theapp unlocks the encryption keys it needs usingyour master password keyWe use rate-limiters to prevent exhaustivesearches trying to guess passwords 2020 digi.me limited. All rights reserved.13
Security ModelOur products must be provenOur systems are independently tested regularly and monitored continuously for changes and weaknessesWe assume all major attack tools and methods will be used, including but not limited to: Man in the middle (MITM), SQL injection and interlocutionCertificate forgery and replay attacksVolume (denial of service) attack and brute force/fuzzing attacksApplication reverse engineering and corruptionKnown vulnerability profilingTHREAT MODELSECURITY REQUIREMENTSkilledWe assume all hackers we need to worry about areskilled and aware of the latest security vulnerabilitiesand attacks occurring in the global market.Crypto verificationWe require all crypto based code elements tobe verified by a full suite of known good andbad content.Swagger DefinitionsWe require that all public facing API areprotected by strict Swagger definitions thatexplicitly define valid inputs in full RegExformat.Deployment verificationWe require all deployed crypto/securitycomponents to be verified live in use viaacceptance test AND continuous verification ofcertificates and open network servicesMotivatedWe expect any hacker to be persistent andmotivated sufficiently to stretch our security designsand implementations to the limit.AuthenticationWe require all API access to be via valid useridentifiersFirewalledAll remote access must be via commercialfirewall (Checkpoint) and integrated threatmonitoring and profiling (Splunk)ResourcedWe design and build all our systems to withstand theconsiderable onslaught possible with modern attacksby people with significant resources available.Rate LimitedWe require all API access to data requestservices to be rate limited to prevent brute forceand fuzzing attacksCrypto code librariesWe require all crypto libraries used inimplementation to be from proven sources thathave been hardened by significant time inpubic use.Strict SSLWe require all SSL implementations to usePinned Certificates from trusted root authoritiesand all HTTPS connections to explicitly controlknown configuration risks (including ECDHcurve selection, header controls and CypherSuites) 2020 digi.me limited. All rights reserved.14
Thanks for watchingYour life, your terms 2020 digi.me limited. All rights reserved.15
SECURITY PROFILE Your Facebook account allows you to approve apps like digi.me to access it remotely. It issues a special security token that only your digi.me app can use each time it wants to access your social data REQUEST APPROVAL Your app then connects to your favourite online cloud storage library to safely save all your data for you.
