

Ask HN: How to secure a server without physical control of the hardware? - freerobby

I&#x27;ve seen a lot of DIY alternatives to GMail, Dropbox, etc. lately (most recently: https:&#x2F;&#x2F;github.com&#x2F;al3x&#x2F;sovereign), all focused on the software aspect of replicating those services. However, the most practical way to do this is to spin up a cloud box on EC2 or Rackspace, or a VPS on Linode or Media Temple and install it there.<p>The problem I have is that for all the effort, you&#x27;re still keeping your data at a third party, who 1) can be ordered to provide a backdoor to your data, and 2) would invalidate your expectation of privacy by the Third Party Doctrine (see: http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Stored_Communications_Act).<p>Short of owning every bit of hardware up to the fiber, is there any way to secure a virtual box such that a service provider could not achieve or grant others access to it?
======
patio11
_is there any way to secure a virtual box such that a service provider could
not achieve or grant others access to it?_

No.

------
avifreedman
A virtual box, no. Or... There are some ideas about how to make it work if you
run the hypervisor and want to allow trusted folks to audit that, say, you're
not logging or are running specific software. But to do it on 3rd party
infrastructure, no.

A physical box with some hacks, potentially - though even then there are
challenges.

[https://www.havenco.com](https://www.havenco.com) is planning to get into
that later this year in well-connected collos in the US and EU, with cameras
and pluggable USB displays to allow users to verify machine identity.

The target is $50/mo per machine and potentially lower (though that may
require some kickstarter magic to do a Lima-like low-end hardware with serial
console). For super low end, mount local LAFS or encfs+NFS or encfs+fuse+S3
storage, depending on the use case.

On top of that though you'd have to set paranoia vs convenience tradeoffs - do
you trust a KVM? Want to drive to the machine and do serial console yourself?
FOSS KVM or cheap serial console box?

------
wmf
In theory, the third party doctrine can be worked around with a contract that
says that the data is owned by the customer; that won't help with NSLs,
though.

Also in theory, trusted computing can be used to prove to the customer that
the provider is using a secure hypervisor. There are a lot of technical and
business issues making that actually work.

------
gulfie
We are increasingly finding out that even owning and having physical control
over the hardware isn't enough to insure secure a physical device.

Google 'BIOS based Advanced persistent threat' and 'Hardware Trojan'.

Oh but wait, it gets worse. Even "well thought out" industry standards are
horrible security problems waiting to happen. Cypher 0 , who thought this was
a good idea?

[http://fish2.com/ipmi/](http://fish2.com/ipmi/)

The solution you are looking for may be known as homomorphic encryption, which
is still rather far out in the theoretical place.

The horse has been out of the barn so long it has had a good life, grown old
and has great grand children playing in the fields.

~~~
avifreedman
I wonder if there is a sufficient supply of MicroVaxes in the world to do
hosting for the geeks who would want it. Paul Vixie has one we were going to
put online in Ashburn. On the other hand, the idea there was that the value of
the data inside would be low enough that no one would want to bother trying to
break in. The larger Vaxes had a scary ability to do overridable microcode
(maybe even the smaller ones) so maybe the Vax isn't the best 'classic'
platform for this, hmm...

------
dholowiski
1) Power off the server

2) Unplug all of the cables

3) Enclose the server in a lead box

4) Encase the box in concrete

Repeat steps 3-4 as necessary

5) Bury the box in a mile-deep hole at the bottom of the Mariana Trench

6) Don't tell anyone where you put the server.

