Is there a digital "safety deposit box" equivalent?

Question

Digital safety deposit boxes: do they exist? if yes, are (any|they) trustworthy?

There are many bricks and mortar financial institutions where one can rent a locked box in a locked room and be assured the contents are secure, that access is constrained and under strict and constant surveillance, and that no one other than yourself and certain named and properly authenticated others will ever have access. It's the traditional place to safekeep things like one's last will and testament, property deeds, family jewels, the map to great grandpap's treasure box under the ol' crooked oak tree, and so on.

Is there a digital analogue? A place to keep one's master password file and other digital treasures safe and secure, but available to authorized people upon one's death or other defined circumstances?

update, 2011-Jun-13 - Here's the central idea presented as a story, provided by this.josh:

Alice has some data protected with access controls to maintain the data's confidentiality. Alice has a friend (or family member) Bob. In the event of Alice's death, she wants to pass ownership of the data to Bob. If Alice had stored the data on a DVD and kept it in a safe deposit box, and had written a will specifying that she wanted Bob to receive the DVD after her death. All Bob would need to get access to the DVD would be a copy of the will and a death certificate. Something that works like this, but digital.

I selected the tag `authentication` because I had choose at least one. Please feel free to delete/retag as appropriate. — matt wilkie, Jun 08 '11 at 16:51
Are you thinking of something like a GPG encrypted file on your own computer? Or more like tarsnap, for secure backups? — user502, Jun 08 '11 at 18:19
I think it might help to flush out the [safe deposit box](http://en.wikipedia.org/wiki/Safe_deposit_box) metaphore. My safe deposit box is not as available as I would like; the bank keeps certain limited hours. I need to wait in line for a teller to let me into the vault (aka safe). It provides good integrity. The contents of my box are protected against a lot of potential threats: fire, flood, etc. The confidentiality is pretty good. I am required to present a government issued photo ID, handwriten signature, and box key. What threats are you looking to protect your digital data from? — this.josh, Jun 08 '11 at 22:13
@this.josh, thanks for fleshing out the metaphor. At the moment the most significant threat I can think of is family (or authorized executor) not having access to physical devices (stolen, flood, fire, etc.) which would have name, password etc. on them. Or they have access but can't use it for some reason. — matt wilkie, Jun 09 '11 at 22:30
Ok, I think this is what you mean. Alice has some data protected with access controls to maintain the data's confidentiality. Alice has a friend (or family member) Bob. In the event of Alice's death, she wants to pass ownership of the data to Bob. If Alice had stored the data on a DVD and kept it in a safe deposit box, and had written a will specifying that she wanted Bob to receive the DVD after her death. All Bob would need to get access to the DVD would be a copy of the will and a death certificate. You want something that works like that but digital. — this.josh, Jun 09 '11 at 22:56
@this.josh, yes, that's it. Thank you for stating clearly what I couldn't! — matt wilkie, Jun 09 '11 at 23:04
@matt wilkie, i think the most simple solution to this, is to put the master password or decryption key into the will. — Hendrik Brummermann, Jun 12 '11 at 09:52
@Hendrik, thanks. That's a good idea for handling the decryption key, one not presented yet, but it doesn't deal with storing the encrypted data part (see this.josh's story). — matt wilkie, Jun 13 '11 at 18:29

score 11 · Answer 1 · edited Oct 07 '21 at 06:58

There are three meanings for "safety" here:

safe against eavesdroppers (confidentiality);
safe against malicious alterations and/or theft (integrity & availability);
safe against accidental alteration and/or loss (integrity & availability, also).

Amazon S3 is a service which strives at providing safety types 2 and 3, but not 1. However, their liability in case of alteration or loss seems to be limited.

There exist solutions for higher security (at least for protection against loss), but they are not cheap. They involve storage duplicated into several data centers which are physically remote from each other (as was said in the aftermath of the World Trade Center destruction in 2001, "a local in the basement" is not remote enough, even in a 400m high building). One example of a society which offers that kind of "secure archival" is Zantaz.

Provable long term integrity (i.e. not only the files are not altered, but it can be proven in a way which could convince a judge during a dispute) requires Time Stamps, and (for the "long term" part) more time stamps in successive layers (e.g. as specified in ERS).

Confidentiality is mostly orthogonal to all of that. You get it through encryption, which reduces the problem (you no longer have to worry about 400 GB of data, but only a 128-bit symmetric key or an equivalent such as a "long" passphrase). You should be able to remember a single passphrase; for added safety, print it and store the paper in a bank (in case you forget it, or your heirs must get it after your demise).

The tough part, from the augmented question, is enforcement of rules like "People named in the will can get at it but only after the death of the owner". — nealmcb, Jun 11 '11 at 23:38
Integrity is also important as a way of preserving the [non-refutability](http://www.cp.org.ar/imagenes/columnistas/archivos/Los%20desafios%20eticos%20de%20comercio%20electronico.pdf) of any rights encapsulated in data stored therein such as the authenticity of another digital will stored in the dropbox. — Mike Samuel, May 01 '12 at 23:30
@nealmcb, if the proof of the ability to access the will is a large random string, then part of that that string can serve as proof of ownership via signature verification, and the rest can serve as preservation of confidentiality via encryption. You present part of your key, and you get the data which you can then decrypt with the rest of your key, and maybe even use a third part to check the signature of the decrypted content to make sure it was not tampered with. Obviously, the part that establishes authority could be a swiss-number so the content need not be stored at a guessable URL. — Mike Samuel, May 01 '12 at 23:32

score 9 · Answer 2 · answered Jun 15 '11 at 09:05

This may sound very non-technical, but the simple way to do this is:

Start as per @ThomasPornin's answer -

use strong encryption on your data for confidentiality, and use a very long passphrase (sufficent to rule out brute forcing in any reasonable timeframe)
store the encrypted data in various locations for availability (personally I wouldn't want to trust any 'cloud' service for availability...)

But then go low tech - store the passphrase in an envelope, in that safe deposit box - just the same as you would with documents.

Simple process; tried and tested, and the controls are well understood.

score 1 · Answer 3 · answered Sep 06 '12 at 18:15

1

You could encrypt the file in several layers, each using a different key. Then give those keys to a number of trusted people, some who have an interest in the data, some who are neutral, such as the lawyer who deals with the will.

Each person involved would also have a copy of the file once it was fully encrypted, so the odds of all of them losing the file are reduced. They can store the file wherever they like, on their computers or in the cloud or wherever they like.

Now for the data to be revealed ahead of time all the people with keys would have to collude, which, if some are not interested parties is unlikely.

You could vary this scheme in other ways, such as giving the key to each layer to more than one person, so should one of those people die before your will can be acted on there's still someone who can get through each layer. This would make it easier to collude of course, but would make the scheme more reliable.

Which you choose would depend on what was the worse outcome - having the data released too soon, or not having it released at all.

Of course, now you're somewhat of the mercy of the security skills of those other people, which may be undesirable, in which case you might want to get them to stick their key in their deposit box.

answered Sep 06 '12 at 18:15

Peter Bagnall

111
3

I'm not sure this really hits the nail on the head - there's other ways to address the safety deposit box issue. When you wrap the same data in layers of encryption, one atop the other, you can both introduce weaknessness in the cryptotext, and end up with a situation where all keys (and keyholders) need to be around to decrypt the data. The essence of both a real-world safety deposit box, and a digital implementation is that there is a trusted 3rd party with an extra set of keys. – bethlakshmi Sep 14 '12 at 20:42
I thought I'd addressed the issue of all the keyholders being needed by suggesting that each key could be known to more than one person. Could you elaborate on the risks of encrypting something which is already encrypted. I understand you'd need entirely unrelated keys, but I don't see what the risk is so long as that is the case. Notably Truecrypt allows you to encrypt using multiple algorithms with independent keys - although I presume that is to protect against defects being found in an algorithm in the future. What have I missed? I assumed than none of the parties can be entirely trusted. – Peter Bagnall Sep 14 '12 at 20:51
The example in question suggests that Bob can only get to Alice's data after her death... giving the key to the collection of people works quite differently - anyone can get access to the data at any time. – bethlakshmi Sep 14 '12 at 20:55
No, I think you misunderstood, I wasn't suggesting you give the only key to many people. I was suggesting that you encrypt in (say) three layers, and then give each key to (say) two people. So if one of the keyholders dies before Alice, you have a backup for that layer. But because there are two other layers the data is still safe. Perhaps I should redraft to make that clearer. – Peter Bagnall Sep 14 '12 at 20:58
1

It's not true for every algorithm or every combination, but 2DES is the classic example - running DES twice with 2 keys does not increase the security over DES as there is a meet-in-the-middle attack for it. – bethlakshmi Sep 14 '12 at 20:58
ah, ok, yes, hence the use of 3DES rather than 2DES. So you would have to consider your algorithm selection with some care - good point. – Peter Bagnall Sep 14 '12 at 21:00
OK, so the cipher text= E1(E2(E3(data, key3), key2),key1) meaning I have 3 keys, all three needed to decrypt. I'm assuming you mean Alice gets all keys, Bob gets key 1 & key 2, some other guy that Alice trusts (Charlie) gets key 2 & 3. This is fine if you trust Bob and Charlie to both have access to the data (provided they both collaborate to get it), but it's still not a direct analogue. Two people Alice trusts is not the same thing as an independant, neutral third party (the bank in the safe deposit box case). – bethlakshmi Sep 14 '12 at 21:03
Actually, you'd need more than two keyholders, since as you've written it if either Bob or Charlie loses their keys you're stuck. So you'd need Daniel to have key 1 & 3. Now any one of the three can lose their keys and you can still get the data. – Peter Bagnall Sep 14 '12 at 21:10
As for this not being equivalent to an independent third party, that depends entirely on who the keyholders are. I suggested that some of them should be uninterested third parties (such as a lawyer). But having interested parties involved too protects against fraud by, or compromise of, the "trusted" third party. – Peter Bagnall Sep 14 '12 at 21:13
Right... but the initial question for a digital analogue of a safety deposit box... so I'm assuming that's what's wanted. I agree that the risk analysis works out differently, but if what you want is an online version of trusted third party both protecting against theft, providing access as directed, then three peers holding a key is rather different. – bethlakshmi Sep 17 '12 at 13:11

score 1 · Answer 4 · answered Jan 17 '13 at 18:28

What about something like this?

Alice stores the data in (device) with a strong encryption, say RSA with keylength of 4096 bits.
Once a (period, say 1 month), she logs into her (device).
Alice (put issue here), so she doesn't log in for (period).
The (device) releases the key.

Yet there's a problem because you need to store the key somewhere, but that's a start point.

score 0 · Answer 5 · answered Jan 17 '13 at 18:34

Verisign / Symantec offers a service like this at https://pip.verisignlabs.com/ They encourage you to upload sensitive documents into their digital locker for safekeeping.

Symantec and Verisign is a trusted brand, however the "labs" naming makes me wonder how permanent the service offering will be.

Is there a digital "safety deposit box" equivalent?

5 Answers5