Google Apps

Easy-to-use encryption add-on secures your Google Docs

Nick Hardiman explains how the Cipherdocs TAiLS add-on works to encrypt your documents on Google Docs.

I am starting to get security paranoia. I want to take steps to ensure my privacy even when I'm enjoying the convenience of using Google Docs to store documents and collaborate with others via the cloud. What can I do to protect them?

What if an attorney, who has a duty to preserve customer confidentiality, wants to be guaranteed a cloud-based document cannot be read? What if an accountant must protect company accounts from the cloud company storing it? What if a clinician wants to store patient data in the cloud, but doesn't want to fall foul of HIPAA?

None of these people want their document scanned by a targeted advertising robot, forwarded by a disgruntled employee, or analyzed by a governing authority. They can protect the document by encrypting its contents.

Impartio's Cipherdocs

Impartio, a Dublin-based startup security company, is a supplier of a Google Docs extra. Impartio want to give TAiLS to everyone. TAiLS is an Impartio acronym standing for Transparent Application Layer Security.

  • The Transparent bit of TAiLS means the end-user doesn't notice it. The effort to use it is zero (or at least minimal).
  • The Application Layer is the end-user part of the Internet protocol suite (it has four layers in total). Impartio products work with applications, rather than the lower data networking layers
  • Security is IT realm security -- protecting a user's data.

Impartio aim to allow users to edit and collaborate just like they are used to, with the added benefit of encryption and with none of the drawbacks of extra security procedures.

Impartio's  first product is a security add-on for encrypting documents, called CipherDocs. It's a document encryption technology for securing documents that are stored in the cloud. At the moment, there is only one available version: a Firefox plug-in that encrypts everything being sent to Google Docs, and decrypts everything coming back.

How it works

The security add-on works like this. The Google Docs user opens Google Docs in the Firefox web browser and works on his documents as normal. Behind the scenes, the text is passed through the security add-on before heading off to Google. A symmetric key cipher (we're back in the world of security jargon now) reads in the plain text and a secret key and writes out encrypted text. This is what gets stored on Google's servers.

The symmetric key cipher is AES-256, good enough for the U.S. government to use on their classified documents.

  • The symmetric part of "symmetric key cipher" means it can both encrypt and decrypt text, unlike a "public key" cipher and a "cryptographic hash" function.
  • The key part means this cipher can use a secret key to make the encrypted text hard to crack (Usenet's "ROT13" cipher didn't use a key, but then it wasn't very good at protecting anything). Everyone who wants to work on the text must share this secret key.

Figure A

How the encryption works. Click to enlarge. (Image courtesy of Feltipen.)

When a document owner opens a protected file stored in Google Docs, this process happens in reverse. The encrypted text and the secret key are automatically fed into the cipher, plain text comes out and the document appears in the web browser. All without the user having to do anything special.

There is one small action required when collaborating on a document with others. Everyone who works on the document needs a copy of the secret key. Keys are exchanged using Impartio's KeyHub service.

What's next for Impartio?

Impartio will create an Office 365 version of their plugin. Apparently Google Docs and Office 365 are similar when you get under the hood.

After that, maybe they will start offering encryption for Facebook wall or Twitter streams. Nothing says "in-crowd" like a garbled status that only your friends can read.

About

Nick Hardiman builds and maintains the infrastructure required to run Internet services. Nick deals with the lower layers of the Internet - the machines, networks, operating systems, and applications. Nick's job stops there, and he hands over to the ...

7 comments
leo.ochoa
leo.ochoa

Thanks for the info this is pretty good encryption solution. I've been playing around with a service called penango. They offer a 14-day free trial so i decided to do it. So far I've only sent a few test emails and it seems to be working great. It's end-to-end encryptions, FIPS 140-2 certified, S/MIME and works on a bunch of platforms like gmail, google apps, vmware email, outlook...check it out penango.com

htewari
htewari

Hello, this is Hitesh Tewari from the CipherDocs team. Just to clarify a few aspects of the technology. Traditional bulk encryption can be applied to files which can then be subsequently stored on services such as Dropbox. Google Apps on the other hand does not have a save button, so as the user is typing into the document, revisions are being sent up to the Google servers, and thus bulk encryption techniques are not applicable. See the following video for an overview of the CipherDocs technology in action: http://www.youtube.com/watch?v=CVIthlM7P3Q&feature=plcp Secondly, Google Apps has a collaborative feature which allows multiple invited users to view and edit a document. Again if one were to apply bulk encryption then one would loose this unique feature. CipherDocs on the other hand preserves this by piggybacking on Google's sharing mechanism to seamlessly share document encryption keys with other users. However all data on Google's servers remains encrypted, see video below: http://www.youtube.com/watch?v=FTHCQfUHyfc&feature=plcp We also have an alpha version of the plugin for Google Spreadsheets: http://www.youtube.com/watch?v=q1MkaOkpj5Y&feature=plcp Finally, we also have a mobile keychain service called KeyHub that allows a user to seamlessly reconstitute their keychain on any machine they decide to use. For example, one could create a document at work and then wish to view the same at home or another location. We store an encrypted version of the keychain on our KeyHub service and only the user has the master password to decrypt the same. In an enterprise environment we envisage that the KeyHub service would be under the control of the organization using the service. Feel free to send us an email if you need further info or clarification.

joshuaburke
joshuaburke

Or, you could just use eFileCabinet. They are FINRA, SEC and SOX compliant cloud storage as well as a document imaging solution. I don't work for them but I've been evaluating them and thought they were cool.

Michael Kassner
Michael Kassner

Opens a huge door for attackers, negating any advantage. Also, as with most cloud services, from their privacy policy: "Impartio may apply security technologies and procedures to help protect against unauthorized access or use of the Services. Impartio does not guarantee the success of such technologies and procedures.Customer is solely responsible for the security, protection and backup of its Customer Data, and any other data, software or services it uses in connection with the Services."

Neon Samurai
Neon Samurai

I wouldn't shoot the idea down just because it's a hosted service (buzword; "cloud") without first knowing how they implement it. Lastpass and Spideroak both manage synchronization between multiple user end points through hosted storage but in a way that cryptographically limits access to only the relevant user end points. In terms of privacy policy, the quoted section seems pretty standard. "we'll do our best to keep servers secure but sh,t happens; customer is responsible for having other backups if our servers eat your data" I'd have more problem with it including things like; "we will hand your data to authorities upon request and without notifying you; we are able to decrypt your data should you be unable to; we are able to recover your password if you loose it".. all things that point toward an implementation insecure by design and intent. Now, this is a program to encrypt your Google Docs and there are a few things to like about it: - it sounds like like side encryption; if the encryption happens on the user's own machine with only encrypted data touching the network and service provider's servers then well done. If client sends data to Impartio's servers which encrypt and forward on to google's servers then boo.. broken by design. - it potentially encrypts user files without breaking a lot of the google document sharing and such (though obviously breaks any "search for text in your document" type functions. Ultimately, I'm not the target customer though either. This product is like using Truecrypt volumes to make Dropbox secure instead of just using a properly implemented secure system. Great that it's available if one has to use Google Drive but there are other options to consider first.

Michael Kassner
Michael Kassner

It is a weak link for a myriad of reasons. And, just because a privacy policy mimics others doesn't make it acceptable, IMO.

Neon Samurai
Neon Samurai

There are probably two different things I was trying to comment on also. First, the policy content. My point was not that mimicking another privacy policy makes this one OK. It was more that these are common policies now found across most services; "we promise to try not getting broken into but if it happens we take no responsibility for your losses".. Microsoft has been software with that one for ever. You pretty much have to damn the entire industry if your going to damn this one company for it. Second, the "Weak Link" question. This is very much a matter of implementation details. I'm not saying this service is or is not implemented securely; it's really more of a question. It is possible to implement a hosted service in a way that blocks even the service host from accessing user data; is this sharing service implemented in such a way or is it broken by intent/accident? Lastpass and Spideroak where offered as examples of hosted services implemented properly to keep even the service provider out of the user's data. Services that would be discounted as "cloud" even though they do not share the design flaws that other hosted services choose to include. If you have found weak links in them though, that would be huge news.