Apple sued for iCloud fine-print
So someone is suing Apple, this time, it would the complaint is that they have a concern that their data was not actually stored on…
So someone is suing Apple, this time the complaint is that they have a concern that their data was not actually stored on Apple’s iCloud servers but rather they outsourced the data to others. While I won’t speculate on the merit of this case, and truly I don’t have a dog in the fight, I will say that to be clear the data stored on the “non-Apple” servers aren’t really at risk in any way.
Convergent Encryption
iCloud employs a version of “Convergent Encryption”, very similar to what I used in the original design of SilentText, SCloud — Silent Circle Secure Cloud Storage.
It works like this:
First you break the data down into equal size chunks and hash the content, in this case using SHA-256.
You then use the resultant hash as the key to encrypt the chunk. Apple used AES-128.
You then take the hash and run it through some one way Key Derivation function, in effect producing a locator for that chunk.
You then store the chunk somewhere in the cloud, using the locator to look it back up again.
In the process of creating all the chunks you also create a table of contents, which you encrypt and store in a safe place.
The chunk themselves are useless without the table of contents, and there is no user-identifying information on them. You can even store the blocks redundantly if you wish and even on other platforms like in this case AWS or Google Cloud. The provider can not decrypt the content.
As a side effect, if you don’t add any user specific salt into the process you get a form of deduplication. In that if two users store the same data, (like a song or photo) you don’t actually have to store the block twice and can save on storage costs.
Apple describes this in some detail in the iOS Security — where it does happen to mention
The encrypted chunks of the file are stored, without any user-identifying information or the keys, using both Apple and third-party storage services — such as Amazon Web Services or Google Cloud Platform — but these partners don’t have the keys to decrypt your data stored on their servers.
By the way this method of encryption has been around for some time, The earliest I came across was from John Pettitt on the cypherpunks list in 1996
There was also some mention of a confirmation-of-a-file attack on this around 2008 Drew Perttula and Attacks on Convergent Encryption, Written by Zooko Wilcox-O’Hearn
AppleInsider had a great article here on the subject
Venue of storage
What I do find interesting about the lawsuit is the claim
The selection of a cloud storage provider is a significant and material consideration, as it involves entrusting all of a user’s stored data … In fact, at the time that Apple was selling iCloud storage as its own to subscribers, but actually reselling (unbeknownst to class members) cloud storage provided by Amazon or Microsoft, these rival entities (Amazon or Microsoft) were providing cloud storage services to the public at prices lower than Apple’s iCloud. Class members, therefore, paid a premium for their belief and understanding that their data would be stored by Apple.
In my (expert) opinion Apple is doing more that just reselling storage space, but rather they are adding value by providing the convergent encryption and managing the keys to that encryption. And while there are some regulations that data be kept in certain jurisdictions depending on your industry and country — I don’t seen any reference in this case.
I will credit Apple with getting better at handing those keys, their latest releases have done more interesting things but not everything is end-to-end encrypted yet, and what is, only exists on Apple’s ecosystem.
If you want your app to do true end-to-end zero-trust encryption of cloud data then I would like to point you to some of the work going on at ZeroDark.cloud.