How would you protect files of a VPS (Virtual Private Server) from snooping by the service provider?
deleted by creator
Ultimately, you can’t. Even if everything you’re doing is encrypted, they have access to the RAM that’s holding your encryption keys.
If you’re only talking about Storage (data at rest) or Network (data in transit) then encrypt/decrypt offsite and never let symmetric keys (or asymmetric private keys) near the VPS, or for in-transit you could similarly setup encrypted tunnels (symmetric/private keys offsite only) where neither end of the tunnel terminates at the VPS. If you’re talking about Compute then whatever does the processing inherently needs access to decrypted data (in RAM, cache, etc) to do anything meaningful. Although there are lots of methods for delegating, compartmentalising, obfuscating, etc (like enclaves, TPM/vTPM…) the unavoidable truth is that you must trust whomever owns the base-infra ultimately processing your data. The one vaguely useful way to use “other people’s computers” trustlessly is with SMPC (secure multi-party computation) spread sufficiently widely across multiple independent (preferably competing - or even adversarial!) virtual-computation providers, with an “N-of-M keys” policy that avoids any single provider being able to attain a meaningful level of access to your data independently, or being able to view tangible portions of your data while providing functionality during SMPC. That stuff gets super-niche though.
I’ve done a lot of thinking about this over the years.
Ultimately the answer is you cannot, at least with certainty. If you don’t own the host, you cannot trust anything that runs on the machine.
A few people have said similar, and that for me is the right answer here. I’ll expand on how I used to run my servers, but eventually decided it wasn’t worth the effort.
Having said that, there are some things you can do to protect yourself, although it depends on how much you care about your data Vs how much effort you want to put in.
For example, you can disguise your data on disk, by creating an encrypted file on Linux that you mount as a filesystem. Everything you care about runs from there. The ideal solution is you have an encryption key that you store somewhere trusted, that you use to decrypt the volume.
But then of course you have to insert that key each time your machine reboots, such as a kernel update.
You also have to manage and protect that key yourself, otherwise 💥 your data is gone.
Another thing to consider is, is your key in memory or on disk at any time. You need to decrypt the disk without the key ending up on the machine. I passed it over SSH and I assume the LUKS folks know what they’re doing about disguising the key in memory, but I don’t know for certain. I never looked.
My expectation was that I was doing something outside the norms of how these tools were designed to function, so expect unexpected results.
This isn’t to say you cannot trust any provider, it really depends how much you want to trust them.
not a technical but you can’t just do full disk encryption and put the password manually at every single boot?
It seems very unlikely that a reputable hosting company would snoop even in that case
If we’re talking about 3 letter agencies, for the dedicated servers they’ll directly seize the disks…
Thanks for the comments. I agree on the general consensus, that once an encryption key enters the VPS, the encryption is compromised.
However, I’m thinking more in practical terms, eg. the service provider doing just casual scanning across all disks of VPS instances. Some examples could be: cloud authentication keys, torrc files, specific installed software, SSH private keys, TLS certificates.
LUKS
VPN
Encrypt sensitive files