The cloud is vulnerable in a way Space Monkey is not

With recent news about powerful entities getting access to much of your private information stored in the traditional cloud, it is important to consider ways to keep your data not only safely stored, but safe from those who would like to pry.

The tradtional cloud is made of datacenters. Datacenters are buildings packed full of computing equipment, rack next to rack, row upon row. These datacenters are highly centralized, and this centralization creates a tremendous opportunity for data compromise, whether it be at the behest of powerful nations, criminals, or even complicit mining by the very companies which store your data.

Even worse, since most cloud companies get a false sense of security from the idea that physical access to datacenters is restricted, they often take catastrophic shortcuts with encryption and security architecture.

Space Monkey is fundamentally different

Since data in the Space Monkey network is stored on the devices that make up the network itself, there are no shortcuts we can take as a company with regard to security architecture. Space Monkey has to get it right. We've devoted tremendous effort to doing just that, using well-trusted and time-proven cryptographic primitives in simple combinations to provide robust protection of your data.

Additionally, since data in the Space Monkey network is geographically distributed across political boundaries, a single country cannot compromise all the distinct locations without significant effort and cooperation from other countries. And even if they could, that data still remains protected by top-grade cryptography.

The Details

Each user in the Space Monkey network is given a unique public/private RSA key pair. This credential is protected by the user's password, and is managed primarily by the device in the user's posession. Optionally, Space Monkey, Inc. holds a copy of this credential as well, in order to provide central access via the web and in order to provide a backup in case the user loses their copy.

From this root credential can be derived additional secrets which allow the system to unlock the user's root filesystem. Each component (file and directory object) of the user's filesystem contains additional keys, which are stored — encrypted — in the filesystem itself. These keys are used in conjunction with the AES encryption standard to lock and unlock files and directories.

Filesystem objects also contain read-only and verify-only keys, which can be optionally used to do things like share data with other users so that they cannot overwrite it, or provide other components in the system to self-heal data in behalf of another user, without ever exposing that data to any component.

Because each file and directory is encrypted with a distinct key, users can do fine-grained sharing of files and directories with others without exposing any part of their filesystem other than those they'd like to share.

When a file is stored to the Space Monkey network, it is first transferred to the user's home device, where it is encrypted. After encryption is applied, the data is erasure-coded — a technique that adds some redundancy using linear algebra to chop up the encrypted data into small pieces — and then each small, encrypted chunk of data is stored to a distinct geographical location in the Space Monkey network. This scheme allows data to be restored in the face of many individual failures, but also makes attacking the system very difficult; in order to be successful, an attacker would need to compromise dozens of individual devices in distinct geographies, and even then, would still need to get access to the user's encryption keys in order to make any sense of the data at all. This is a much higher bar for attack than is possible in cloud datacenters.