agent icon indicating copy to clipboard operation
agent copied to clipboard
verified publisher icon kerberos-io

Feature request: Multiple-level asymmetric encryption

Open GHNewbiee opened this issue 3 years ago • 3 comments

Nice to have such a feature, in the cunning times we live, for the (compressed) raw recording; for example:

  • owner's key (individual, company)
  • security company's key
  • recognised state authority's (police, notary/conveyancer/scrivener, etc) key

GHNewbiee avatar May 27 '22 17:05 GHNewbiee

great idea! is there any specification for this? @GHNewbiee

cedricve avatar May 27 '22 17:05 cedricve

Very sorry, I have only had the idea. I am not an IT folk. But it has to be implemented at the highest standards in order to be accepted by any state authority (eg police investigators, court, etc).

GHNewbiee avatar May 27 '22 17:05 GHNewbiee

I have found some information about data streaming encryption:

Based on the information received from the above links, I would like to distinguish some matters which may clarify and simplify the scope of the feature.

In a few words, encryption and efficient long-time storage for probable display in the future is what we want!

  • Data are not viewed/watched in real time in any encoded form.
  • Data might be required to be saved for a very long time; from 10 to 20 years. That's why data compression is very important.
  • Data are not live-streamed in real time.
  • Data are not necessary to get encoded/compressed during recording in real time
  • Data are not necessary to get saved in encrypted form during recording in real time
  • Data are saved in encrypted form, preferably remotely, only for future reference; perhaps never.

For example:

  • I have an apartment in which I have installed N cameras in all spaces.
  • All these cameras monitor/record(/both) in real time (I suspect there is already an option "monitor/record/Both").
  • When a camera detects a motion (entering the room) may start a new chunk of raw recorded/saved data.
  • When the same camera detects that motion has stopped (exiting the room) closes the chunk and starts a new one.
  • It is important here to understand that detecting motion start and stop can take place not necessarily in real time but after automatic video analysis of raw in ample time; preferably not more than a couple of minutes.
  • Each chunk does not have the same duration. A chunk of an empty room might last hours. A chunk of a visited place might last from some minutes to hours, too.
  • If "motion" lasts too long, other time criteria might be used to avoid creating long/big chunks. An optimisation among chunk size, encoded time and encryption time should be considered to avoid bottleneck of chunks.
  • Next, the chunk (more effectively) is encoded/compressed, time/power permitted and not in real time (maybe by another server).
  • Next, the chunk is encrypted, time permitted and not in real time (maybe by another server).
  • Next, upon successfully encoding/compression and encryption, the chunk is stored either locally or remotely.
  • Next, the corresponding raw data are erased from the stream which is temporarily getting stored in real time.
  • Chunks are bundled based on time order.
  • If ever in the future, chuck(s) have to be viewed, they should be easily decrypted and displayed.

I hope to have clarified better the idea of the feature I have suggested. Tia

GHNewbiee avatar Jun 02 '22 12:06 GHNewbiee

@GHNewbiee we started working on a lightweight form of encryption. See above PR for follow up #97

cedricve avatar Apr 08 '23 17:04 cedricve

@cedricve Is chunking feature/requirement/operation, as described above, currently available? Tia

GHNewbiee avatar Apr 11 '23 15:04 GHNewbiee

Yes chunking is already there.

cedricve avatar Apr 11 '23 15:04 cedricve

I do not know if there is a similar surveillance system with asymmetric encryption. If not, then a commercial term and a pic/logo would be given to it for marketing and trading reason. -:) For example: 3AKSS like HQ, HFS, HD, UHD, etc.

GHNewbiee avatar Apr 12 '23 15:04 GHNewbiee

Thanks for the feedback, so what we have been designing so far looks like this. We've implemented some mechanism to secure the keys as much.

encryption

We might tweak this more but so far the "encryption" key is only stored in the Kerberos Agent, and is shared in an encrypted form through Kerberos Vault and Kerberos Hub using a private key, non-stored passphrase and a time-lock for in-memory processing. Once the time window decryption is out-of-scope, the only way to decrypt the recording is by:

  1. Edge: Obtaining the encryption key of the agent
  2. Cloud: Obtain the private key of Kerberos Vault, intercept the passphrase of the user used for encryption/decryption of the shared key (which is not stored).
  3. Cloud: Obtain the private key of Kerberos Vault, intercept the shared key from memory in a time window of x minutes.
  4. Cloud: Man-in-the-middle attack in Kerberos Vault, obtaining access to the private key, and read incoming requests from memory.

cedricve avatar Apr 14 '23 12:04 cedricve

Just a basic (silly) question: AFAIR/K, there are not consistent basic operations between pairs of asymmetric keys ie there are not operations ° and § for which PuK1° PuK2 <=> PrK1 § PrK2 is valid, aren't they? Hence, 2 or more public keys cannot be safely and operatably combined. Tia

GHNewbiee avatar Apr 15 '23 16:04 GHNewbiee

@GHNewbiee not sure if I understand your statement, or I'm missing some information. The whole point of two assymetric key pairs (kerberos agent and kerberos vault), is to encrypt messages in such a way we are sure they are the only one to decrypt the message. So hence create some level of trust between Kerberos Agent and Kerberos Vault. On the other hand we will not trust Kerberos Hub application, even if the users obtained access through password and MFA, hence the use of a non-stored passphrase.

On Kerberos Hub which is publicly accessible by any user (with the right credentials and MFA tokens), the encryption key is stored in an undecryptable format (you need both the passphrase and the private key of Kerberos Vault to obtain the encryption key).

cedricve avatar Apr 16 '23 09:04 cedricve

Sorry for accidentally closing the issue. Writing from mobile is not my favorite activity at all.

My question had nothing to do with Kerberos Agent, Hub or Vault.

As I have already stated, I am not an IT folk and my knowledge is very limited. In fact, I cannot follow very close the technical matters regarding Kerberos Agent, Hub and Vault.

As long as multi asymmetric encryption will be supported, I would be very happy.

Private keys, if required, will only be taken and used by official state departments. Public keys of them (eg. national police, general prosecutor office, etc) can be found either directly online or retrieved by official servers.

I asked the question to see if multi encryption operation can be deducted to one by combining the public keys. For example. Three PuKs are used, mine, security company's and national police's ones. Data have to get encrypted 3 times in sequence. If there is a way these three public keys to be combined by giving one, then encryption will happen only once. In addition, increasing the security by adding extra PuKs (eg. general prosecutor office) will be much easier.

GHNewbiee avatar Apr 16 '23 10:04 GHNewbiee

Closing for now, as we have integrate end-to-end encryption. Not 100% matching the requirement in this issue by getting close. End user is able to bring their own keys, and encrypt their data. https://github.com/kerberos-io/agent#encryption

cedricve avatar Dec 03 '23 21:12 cedricve