2

I've been using Amazon Web Services to run my Java application. However, due to high costs I'm looking into getting a dedicated server from Hetzner, a company based in Germany, which costs about 10-20x less than AWS.

However, after reading this question and seeing the following statement by @Daniel Rudy:

The problem with physical security is this:

If the attacker has physical access to the machine, then there is no security. 

I'm concerned that anyone with physical access to my server could steal my data/application.

If I understand correctly, encryption will only help while the device is powered off but will do nothing to protect PC while running (since program will not run unless it is decrypted). I cannot encrypt the Java Jar since it will be running from Eclipse IDE (for debugging purposes) and needs to be visible in editor. Thus, anyone with physical access to the remote server (employees, technicians etc) could steal my data by sticking a USB device into the computer and downloading all my data / application (correct?). Moreover, there would be no way for me to detect that something like this ever happened.

In other words, unless I have complete trust in the people who run the company to secure physical access to my server there's absolutely nothing for me to do to protect my data. If the server is located in a foreign country (as Hetzner is) I would also need to trust the government of that country not to breach my data (as they can easily overpower any physcial barriers enacted by Hetzner). And if someone did steal my data I would never find out.

Are my assumption correct or is there something I could do on my end to protect myself?

S.O.S
  • 121
  • 3
  • Related: https://security.stackexchange.com/q/193021/165253 – forest May 17 '19 at 02:08
  • Also know that, even if you locked down USB and even PCIe in software, it would still be possible to plug in a JTAG probe and control the system like a puppet. The only way to prevent that is to have physical control over your server so you can destroy the JTAG header and traces leading to it. – forest May 17 '19 at 02:12
  • ...I think I'm a little surprised that you seem to be running Eclipse, on the remote server, to launch your jar. Remote debugging is a thing (so, you can run Eclipse or another program and connect to your remote server), but generally you're not going to want to do that to a production machine. Note that if you are deploying _just_ the jar, you could probably use a different resource tier (but I don't know what you're using now). – Clockwork-Muse May 18 '19 at 00:05

1 Answers1

2

I've been using Amazon Web Services to run my Java application. However, due to high costs I'm looking into getting a dedicated server from Hetzner...

I'm concerned that anyone with physical access to my server could steal my data/application...

In other words, unless I have complete trust in the people who run the company to secure physical access to my server there's absolutely nothing for me to do to protect my data. If the server is located in a foreign country (as Hetzner is) I would also need to trust the government of that country not to breach my data. And if someone did steal my data I would never find out.

I think it is incorrect to say there is absolutely nothing for you to do to protect your data. It would be more correct to say that it will be very difficult to protect your application and data from theft by Hetzner or the foreign government.

But, similarly, there would be nothing you could do (or rather, again, it would be very difficult) to protect yourself from Amazon Web Services stealing your application and data.

You will likely have to trust Hetzner in the same way you trusted Amazon Web Service.

I guess it is also incorrect to say you would never find out. For example, suppose Hetzner stole your application and then started publically selling it as their own product. You could then, for example, sue them (in international court, I guess) and probably be able to make a pretty good case.

What you could do on your end to protect yourself is make sure you have good validated documentation regarding your development timeline for the app and then if Hetzner or whoever steals your IP you could sue them...

Pre-emptively you could also put it in the contract that they will hold your app in confidence, etc, before you buy services from them.


Per the comments, there are other ways to try and secure your dedicated server. For example, there are datacenters that will rent you a lockable rack. You could install your own server in the rack and lock the rack shut with your own lock. Of course, you have to trust that the datacenter owner wouldn't cut through your lock, but at least if they did you would know about it next time you visited the datacenter.

hft
  • 4,940
  • 17
  • 32
  • 1
    You may want to point out that it'd be necessary to have your server in a colo, so that you provide the hardware itself. Otherwise even with remote attestation using a TPM to ensure it is safe at rest even from evil maid attacks and BIOS tampering, JTAG can be used to attack the system at runtime. – forest May 17 '19 at 02:10
  • thanks, I added a little more about own hardware and locking rack. Not sure it's possible to really go into all the possibilitys, this OP question is a bit broad I guess... – hft May 17 '19 at 02:13
  • Indeed. Physical measures would be quite broad. I saw a talk at DEF CON which went into that, explaining how to devise very clever chassis intrusion detection systems that actually work. – forest May 17 '19 at 02:15