Protecting “Cloud” Secrets with Grendel

by

More and more web applications are storing sensitive data for their users, a trend of which Wesabe is certainly a part. Security breaches like the RockYou hack show what can happen when a popular web application stores sensitive data unencrypted and then has a lapse: millions of people can be affected at once. As some of the coverage of the attack pointed out, it was a good reminder not to store sensitive data unencrypted.

Wesabe has worked hard to come up with tools to protect our members’ data, both because the nature of our application requires that we ask for extremely sensitive information, and because we believe that all web applications should take security seriously. Today we’re open sourcing a piece of software, Grendel, that we think can help many sites (not just financial applications) protect users’ data from a RockYou-style mass disclosure in a simple way. Grendel is a new project that combines ideas we’ve used on Wesabe for years with other pieces we believe should be common infrastructure for web applications.

Nearly all web sites keep all of a user’s data unencrypted. In many cases this is a necessity, since the web site intentionally publishes that data; an encrypted blog wouldn’t have many readers. In other cases, though, the only time the data is used is when the user is logged in, such as in a word processing web application.

The idea of Grendel is to provide an internal (behind-the-firewall) REST-based web service to keep a user’s data encrypted and ensure its integrity when the user isn’t using it. Grendel uses OpenPGP to store data, with the user’s password encrypting an OpenPGP keyset. That model makes it easy for a web site to store data safely and only decrypt it when the user is logged into the site. Since only the user has their password, once they log out, their data is safe, even if the web site’s database is compromised or stolen. Of course this isn’t an infallible protection — there is no such thing — and in particular it doesn’t protect against web site developers acting in bad faith. It does, though, protect against an attacker getting access to all the secrets stored by users in one step.

Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user’s password can gain access.

It’s very easy to screw up when building a cryptography system — check out Nate Lawson’s excellent Google Tech Talk on common crypto flaws, or Matasano’s Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We’ve been fortunate at Wesabe to have a number of people who think very carefully about security, and they’ve put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make “cloud” applications in general much safer for everyone, and second, to open up what we’ve built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.

Grendel is available on GitHub now, thanks to the efforts of Coda Hale (also the author of bcrypt-ruby) and Sam Quigley, who designed and built it. If you’re building a web site that stores sensitive data for users, go check it out, and if you’re of a mind to, help us make it better. We’d love to see “cloud” applications have an easy time treating users’ data securely, and we hope Grendel will be a useful tool for that purpose.

19 Responses to “Protecting “Cloud” Secrets with Grendel”

  1. Jason Higgins Says:

    Thank you for doing this!

  2. David Gonzalez Says:

    Very well done. I’ll be sending this to several clients.

  3. Francesco Sullo Says:

    A great work. Very interesting.

  4. Esteban Gutierrez Says:

    Marc et al,

    This is a very excellent thing you’ve done. I really hope others literally rush to embrace it. You guys are a good example of doing it “right” from the beginning. So many sites just get their stuff working and leave security an afterthought. Kudos.

  5. Marc Hedlund Says:

    Thanks much, but for the record I didn’t do anything but write the blog post. Coda and Sam deserve all the credit for the inspiration, design, implementation, and quality.

  6. dubek Says:

    I didn’t quite understand where is the user’s password to Grendel is kept. If it is kept plain in another DB, then stealing that DB will give access to all the user’s secret document. If it not kept, the user has to retype it again for every request? I probably missed something.

  7. Richie Vos Says:

    @dubek, I believe it works like this:

    1. you login with your password
    2. the server decrypts your secret key and stores it in your session
    3. whenever you do something that requires the key, the key is grabbed from the session.
    4. when you logout (manually or your session times out) your session is cleared out

    It also could store your password in the session instead of the secret key, but I’m not sure why you’d do that.

  8. Marc Hedlund Says:

    @dubek, what @Richie Vos says is right. I opened an issue about this on the Grendel GitHub site: http://github.com/wesabe/grendel/issues#issue/4 and Coda suggested an approach that would help.

  9. David Ascher Says:

    This is great, Marc, thanks!

  10. Nathan Freitas Says:

    Interesting idea and thanks for releasing the code. Reminds me of how http://www.hushmail.com/ works a bit, though they used a Java applet as part of the process to ensure the key decryption happened locally on the users machine.

    Of course, that didn’t stop them from being forced to backdoor users accounts when asked to be the FBI!

    Otherwise, this seems like a great project to run on Amazon AWS as a front-end to S3 or some other infinite storage system.

  11. Anonymous Says:

    Grendel is the name of our 6 month old puppy. Since your app is a watchdog of sorts, I want to propose him for your use (like Tux or Mozilla’s firefox or thunderbird) when you get around to branding.

  12. C Says:

    Out of curiosity, why did you choose the name “Grendel”? It’s usually associated with destruction (as opposed to protection). I teach Beowulf to my high school students and would love to show them this and explain the link.

  13. Marc Hedlund Says:

    Oftentimes Wesabe comes up with clever and meaningful names for our projects. This is not one of those times.

    I asked around and got these answers:

    “It sounded cool.”

    “It didn’t have curse words in it.”

    “Maybe you can say it, like, destroys the data when it’s not in use? Or something.”

    So there you go. Not exactly professional branding work. But then, it is from a company called “Wesabe,” so maybe it’s a step up.

  14. Edwin Martin Says:

    I think it’s obvious what Grendel stands for: it’s the Dutch word for a certain kind of lock!

    Lock, encryption… sounds right, doesn’t it?

    I’m not kidding, see for yourself:
    http://images.google.nl/images?q=grendel+site%3A.nl

    I was a bit surprised not one of the developers is Dutch :)

  15. Marc Hedlund Says:

    @Edwin: we will use that explanation from now on. It is much more impressive than the ones I offered. Thanks!

  16. Stephan Says:

    Two questions.

    * Do you offer full-text search?
    * Can the user change their password?

    Stephan

  17. Marc Hedlund Says:

    Stephan:

    If you’re asking whether Grendel provides search, no. Documents in Grendel are kept encrypted so search would not be available. However, Grendel is not intended to be a standalone product, but instead a tool for use by web developers (like Memcache is). If the product using Grendel offers search over your documents, they would do it by first decrypting and then searching, while you are logged in.

    Grendel does provide a method for changing passwords. See “Changing A User’s Password” in http://github.com/wesabe/grendel/blob/master/API.md

    Hope this helps.

  18. christefano Says:

    Naming this “Grendel” is potentially unfortunate because Grendel Scan is already a well known and respected security testing tool: http://www.grendel-scan.com/

  19. Marc Hedlund Says:

    @christefano: Grendel was named as an internal project and only later became open source. I think the realms are sufficiently different that no confusion will be common.

Comments are closed.


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: