We’ve all heard the horror stories about drives being copied, computers hacked and samples being stolen, or worse—unfinished songs being leaked online. We take security very seriously at Mix:Analog! Let's take a look at how it is currently implemented and discuss ideas about improving it further in the future.
We start with a simple but strict rule. We do not give employees access to the source files or bounces. Even when required to solve technical issues, there are limitations in place that govern how the files are accessed.
The digitally controlled analog hardware and the digital audio system (including audio interface) is kept under lock and key in a separate server room. The network used by mix:analog is an isolated high speed 56Gbit/s Infiniband by Mellanox. It is kept separate from the 1Gbit/s Ethernet network for work and uses its own internet access.
The digital audio system only supports one application using it at the same time (mix:analog) so if anyone tried to tap into the digital audio stream on the sound card interface, they would have to shut down mix:analog first.
This unfortunately means we need to shut down mix:analog when performing routine maintenance like THD, SNR measurements and level calibrations. But it does give us fair warning if anyone wanted to access the sound card.
Uploading Files and Upload Encryption
Currently, mix:analog requires that you upload the raw WAV files over the internet to our cloud storage. This is for several reasons:
- A lot of internet users have an asymmetrical internet connection. Their upload speed is much lower than download speed, so real-time use would be impossible for some users
- When you are shooting out processors or fishing for a sound, source files don't change often, so it doesn't make sense to be uploading the same data again
- You have all the information to continue working even if you are not at your workstation. You can tweak it and get a new download made quickly.
Our servers demand that the hand-off of the file happens using encrypted communications. We do not support insecure uploads and never will. The minimum supported is AES 128-bit encryption with 256-bit SHA hashes. A supercomputer would need several decades and a lot of electricity to crack the code. Even assuming the data could intercepted while in-flight, your file is safe.
Storage Security and Access to Files
After a file finishes uploading, the system software stores them to a central server behind a firewall by Ubiquiti. The files server does not store the files under filenames and users, instead we use a concept called "anonymised content addressable storage".
This means that the files are anonymised (filenames and dates removed) and only their digital fingerprints (hashes) identify them to the rest of the system. This means that if the administrator would like to find a file that belongs to a specific user, they would have a real hard time finding it by hand (there are almost 50.000 files to sift through and terabytes of data to download).
To get to the content of the files, a digital certificate is required to log in. Only two persons are issued these certificates: the CEO and the CTO. There is a back up in a digital envelope stored with one of the founders, to be opened in case of extreme emergency like death. In case that certificates are compromised (a laptop is lost or stolen for example), they must be replaced immediately with new ones, rendering the compromised certificates useless.
If someone else would ask for access to the files, even our own employee, they would have to ask for permission, explain the intent and be supervised by one of the certificate holders directly. This request would be logged as evidence in case any tampering or manipulation happened along the way.
Access to raw data like this has only been used in the event of file storage errors (of which there have been none since October 2018). In this case, the employees had to fix bugs in the file storage system.
Downloading of Files
As with uploads, downloads are only allowed over a fully encrypted link. The same level of protection is offered as on the uploads. Even if someone guessed the digital fingerprint of a file, they could not download it without being logged in as that exact user.
In terms of rights, Mix:analog works exactly as any other cloud drive or archive solution: we just store the files and never claim any rights to them. Even though bounces do go through our equipment that we built, we expressly don't claim any rights and never will.
The rights status of the files does not change from before uploading - if they were yours, they stay that way and we definitely don't want to change that in any way. When a file is bounced, it is considered to be the same work - even if only a subsection was bounced or it changed in the sound completely.
Future Work - "Security 2.0"
The current system is not bad, but it's not perfect either. As we are always striving to improve our service, there are several ideas we have on going forward.
First, the log in certificates issued to the persons responsible need to be reissued at least monthly. In the unlikely event that the CEO or CTO terminate their involvement with mix:analog, all the certificates must be purged and replaced immediately.
We will add counters on the number of accesses and amount of data transferred off of the disks in the cloud. If there is any anomaly (a spike of files or data transferred) we can investigate immediately.
We are also considering Individual File Encryption, a process where each file is encrypted independently. The encryption certificate is unique to the user who uploaded it plus the time of upload. That way, even if access to the files is compromised, each file would need to be manually decrypted with a corresponding certificate and these would be stored separately.