Google, the technology company overseen by the US$561 billion parent corporation Alphabet, recently released a document entitled “Google Infrastructure Security Design Overview” to provide an overview of how security measures are implemented into Google’s global scale infrastructure.
Within this infrastructure, Google operates some of its highly demanded and widely used applications such as Google Search, Gmail, Drive and Photos that are utilized by billions of people on a monthly basis.
Using Cryptographic Signatures
According to the document, Google server machines rely on cryptographic signatures which are validated upon boot or update. The implementation of cryptographic signatures as well as Google’s custom-built hardware security chip allow Google administrators to identify and authenticate legitimate Google devices.
Essentially, Google embeds custom-designed trusted platform modules (TPMs) in their hardware infrastructure, which allows the firm to protect the infrastructure with cryptographic keys and encryption system. Because TPMs operate as microcontrollers with integrated cryptographic keys, Google infrastructure prevents data or hardware manipulation and tampering.
“We use cryptographic signatures over low-level components like the BIOS, bootloader, kernel, and base operating system image. These signatures can be validated during each boot or update. The components are all Google-controlled, built, and hardened,” read the document.
Google also offers multiple layers of protection for data storage with the utilization of hardware encryption on hard drives and SSDs, making it virtually impossible for malware or data breaches to target Google-encrypted data. In addition, Google also ensures that an encrypted storage device is cleaned using a “multi-step process,” when it leaves its custody.
“Performing encryption at the application layer allows the infrastructure to isolate itself from potential threats at the lower levels of storage such as malicious disk firmware. That said, the infrastructure also implements additional layers of protection. We enable hardware encryption support in our hard drives and SSDs and meticulously track each drive through its lifecycle,” said Google.
Encryption Makes it Impossible for Security Agencies to use Backdoor Tech
The combination of hardware encryption and the utilization of TPMs to cryptographically secure data effectively disallows surveillance of users and theft of valuable information. In other words, with Google’s encryption and cryptographic systems in place, security agencies like NSA will not be able to use backdoor tools or other sophisticated technologies to obtain data from the Google infrastructure.
In a section entitled “Encryption of Inter-Service Communication,” Google further emphasized that communication within Google’s infrastructure will remain secure even if the network is “tapped” or a network device is compromised. Thus, even if agencies attempt to use surveillance methods to obtain calls or messages, their efforts will be disregarded.
“In essence, this gives application layer isolation and removes any dependency on the security of the network path. Encrypted inter-service communication can remain secure even if the network is tapped or a network device is compromised,” the document read.
As technology conglomerates like Google move towards cryptography and encryption-based systems, users will develop awareness on privacy protection, pressuring other tech firms or data-based companies to implement necessary security measures.
Joseph Young, The Merkle
Image Via: DT