Microsoft Live Mesh: What are the Security Implications?
Microsoft recently released a tech preview of their new Live Mesh service. This is the "cloud computing" service we have been waiting for since Ray Ozzie hinted about it in a keynote speech at Microsoft's Mix conference last March. It enables over-the-Internet file and device synchronization among all your PCs (and eventually your Macs and Windows Mobile devices, too). But with all this sharing going on, what about security? This article takes a look at the security implications of cloud computing in general and Live Mesh in particular, and what mechanisms Microsoft has built in to protect your "meshed" devices and data.
How secure is the Cloud?
Before we focus on Live Mesh in particular, it is appropriate to ask a few questions about the security of cloud computing in general. Gartner released a report earlier this summer, which emphasizes the fact that although the risks can be ameliorated by selecting the correct cloud provider and taking steps to address the threats, cloud computing does pose considerable security concerns.
The very characteristics that make cloud computing such a convenient alternative can also make it a risky one. Cloud-based computing makes your data, and in many cases your applications as well, accessible from anywhere in the world - but that also means that unless strong measures are employed to protect them, they may be accessed by anyone in the world, not just by you. In fact, as the Gartner document points out, you may not even know where in the world your data is being stored. To most control-obsessed security experts, that is a very scary thought.
On the other hand, cloud computing can impart some security benefits, too. Because your data does not "live" on your local machine, it is not as vulnerable to LLS (lost laptop syndrome) - although, of course, you must be aware of data caches that reside locally. Sure, those laptops should be using file encryption, full disk encryption, be equipped with "phone home" software or remote wipe software - but how many corporate employees are carrying around portable computers that are not properly protected? Having your data stored on a server somewhere in the cloud may prevent a thief from accessing it.
On the other other hand, this centralized storage carries a risk of its own. If a hacker does gain access to your data on the cloud vendor's server, he has it all. But when deployed correctly, cloud storage makes it easier to protect the data that is all in one place, rather than trying to secure files stored across many different machines. And the cost of security may be reduced, since the cloud vendor spreads the cost of its security mechanisms across multiple clients.
Bottom line: when it comes to security, the cloud has both advantages and disadvantages. Much depends on how it is implemented, and that brings us back to the individual cloud vendor and its applications.
How does Live Mesh work?
Before we get too far into the technical aspects, it is important to note that in its current incarnation, Microsoft is marketing Live Mesh as a consumer service, not one specifically targeted to business. However, the company has rolled out many of its products and services to consumers first and many industry pundits believe it can and will be extended to the business environment if it catches on. For more on this discussion, see Mary Jo Foley's article in Redmond Magazine titled Does Live Mesh Have a Business Future?
So what are the practical differences between the cloud and the mesh? The greatest conceptual difference is probably that the mesh is your personalized mesh (as opposed to a nebulous cloud that you share with who knows who else). Your mesh includes the different devices with which you want to access your data and programs: for example, your home desktop, office desktop, laptop, and mobile device (the currently available tech preview of Live Mesh supports only Windows PCs but Microsoft plans that in future, it will also support Windows Mobile devices and Mac OS X computers).
Your information is automatically synchronized on the devices that you join to your mesh by installing the Mesh Operating Environment (MOE) software. You can also use the Live Mesh Remote Desktop feature to access the desktop of your PCs - including XP Home and Vista Home edition computers that do not otherwise support incoming Remote Desktop connections. In addition, the mesh also contains a "cloud" element, the web-based Live Desktop by which you can store files (up to 5 GB) on Microsoft's servers. For more about how the mesh works, see this blog post.
What is Microsoft doing about security in the mesh?
Now comes the big question: what about security? Live Mesh authentication is based on the Windows Live ID (formerly Microsoft Passport). Passport was conceived as a single sign-on service for e-commerce. In 2007 a vulnerability was revealed in Live ID that allowed users to register a false or non-existent email address with the service but it was corrected soon after it was revealed.
Live ID accounts can be authenticated in different ways, including:
- Usernames and passwords
- Password/PIN combinations
- Smart cards
- Windows Cardspace information cards
- RADIUS (for authentication from cell phones and Xbox)
- Federated Identity Authorities (WS-Trust)
Since most Live ID users depend on the first (and least secure) method, the security of the account is dependent on selecting a strong password. Live ID supports lengthy passwords (up to 16 characters) that include symbols as well as alphanumeric characters. When you create your credentials, the Live ID interface judges and reports on your password strength.
Live ID undergoes periodic security audits by independent auditors. Kim Cameron, an early critic of Passport, joined Microsoft as Identity and Access Architect and had much input into the development of Live ID.
After the user or device is authenticated, Security Assertion Markup Language (SAML) tickets are used for accessing resources on the mesh. SAML is a standard that's based on XML, created by the Organization for the Advancement of Structured Information Standards (OASIS) Security Services Technical Committee. To find out more about SAML, see Security Assertion Markup Language (SAML).
The tickets are signed with a private key and set to expire after a specified time. The Live Mesh service checks the tickets and if the correct tickets are presented, authorizes access. Generally, access is granted between two devices if the ticket shows that both devices belong to the same user or in the case of shared folders, if the ticket shows that both devices have the same Live Mesh folder mapped.
The traffic between client and server is encrypted with HTTPS. This prevents replay attacks. The devices that you join to your mesh each have their own private key. Only the client knows its private key, thus the traffic can't be intercepted and read in the "cloud." When you connect one device to another through the mesh, asymmetric encryption is used for key exchange and data and files are transferred using 128 bit AES. The integrity of the data is verified via a keyed Hash Message Authentication Code (HMAC) which uses a hash function with a secret key. For more about HMAC, see RFC 2104.
The files that are stored on the Microsoft servers "in the cloud" (the 5 GB of Live Desktop storage that each user gets) are protected by access controls but are not encrypted.
Another area of concern to some is the Remote Desktop feature. The service that enables the Remote Desktop, wlcrasvc.exe, is configured to start automatically. If you end the process, another one starts. If you want to disable the service for more security, open a command prompt with administrative privileges and type net stop wlcrasvc. You can also disable the service in the Startup Type column in the Services console.
Bottom line: for the purpose for which it is currently being marketed - allowing consumers to more easily integrate their many devices and provide easy access, security is probably good enough. To become a viable option for the business world where the consequences of data compromise can have serious financial, legal and career ramifications, we'd like to see a "high security" option. Microsoft might look to the way Groove does it, splitting and encrypting data on the local hard drives so that a file you add to a workspace has no corresponding file on the local drive.
- Cloud Security Blog
- Technology Reports: Security Assertion Markup Language (SAML)
- Behind Live Mesh: Authorization and Encryption by Nikolai Smolyanskiy