Sunny saturday – perfect temperatures – this means hiking. Even directly around Zurich you can find beautiful places for hiking, relaxing and enjoying nature. This time, we did a 3 hour trip from Dietikon to Zurich Affoltern which is basically this trip here reversed.
Paper: Cloud Computing and Data Jurisdiction: A New Challenge for Digital Forensics
14/02/2012Cloud Computing and Data Jurisdiction: A New Challenge for Digital Forensics
Abstract:
Although it has become clear that digital forensics – the practical analysis of digital data following the acquisition of a bit-stream image of a suspect’s hard disk – suffered a setback with the wide adoption of mobile devices and the increasing use of flash memory and encryption systems, it is undoubtedly also the case that it experienced a fundamental change due to the incredible expansion of cloud computing systems. In this article, the aim is to study the jurisdictional problems that cloud computing systems cause and the possible solutions at an EU level that have been adopted by legislators and the courts of the European Union in relation to the gathering of digital evidence that may be concealed in the ‘clouds’. Particular attention must be paid to German and Italian case law experience as Courts in these countries have addressed the problem, providing different solutions to resolve the same problem.
Information:
Paper by G. Vaciago – published at CYBERLAWS 2012 - PDF Download
Brief Discussion:
Disclaimer first – this is primarily a legal paper and does hardly touch any technical aspects. However, I was directed to this paper by a lawyer and since it consists only of 6 pages, I had a quick read. 
The author tried to focus on the jurisdictional problems that cloud systems cause and discussed the possible solutions at an EU level that have been adopted by legislators and the courts of the European Union. He paid particular attention to the German and the Italian case law experience.
Since I’m not a lawyer, I can’t discuss the complete paper due to missing skills of mine within this field. However, the comparison of the different approaches vs. the “loss of location” issue could be quite interesting also for engineers. Loss of location is another way of saying: Cloud environments come along with the possibility to put digital data onto a set of servers which location is not totally clear to the customer. This means, the customer could be based in one jurisdiction but his/her data that is processed e.g. on a daily basis, is located in another jurisdiction.
Within this paper, four principles are explained:
- Territorial Principle by Virtue: The court in the place where the data is located obtains the jurisdiction.
- Nationality Principle by Virtue: The nationality of an adversary is used to establish criminal jurisdiction.
- Flag Principle: Crimes committed on ships, aircraft etc. are subject to the jurisdiction of the flag state.
- Power of Disposal Approach: More information can be found here.
UPDATE: I discussed the content of this paper with a lawyer and he asked what this paper has to do with cloud computing except for the discussion of the principles? The rest of the cases that are discussed have little or nothing to do with cloud computing at all. Interesting …
Paper: Investigating the Implications of Virtual Machine Introspection for Digital Forensics
06/02/2012Investigating the Implications of Virtual Machine Introspection for Digital Forensics
Abstract:
Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniques employed by the investigators themselves. If the system is quiescent when examined, most of the information in memory has been lost. If the system is active, the kernel and programs used by the forensic investigators are likely to influence the results and as such are themselves suspect. Using virtual machines and a technique called virtual machine introspection can help overcome these limits, but it introduces its own research challenges. Recent developments in virtual machine introspection have led to the
identification of four initial priority research areas in virtual machine introspection including virtual machine introspectiontool development, applications of virtual machine introspection to non-quiescent virtual machines, virtual machine introspection covert operations, and virtual machine introspection detection.
Information:
Paper by K. Nance, B. Hay and M. Bishop - paper in Proceedings of the 2009 International Conference on Availability, Reliability and Security - PDF Download
Brief Discussion:
The paper begins with an interesting statement: Researchers and forensic practitioners base their analysis typically on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. I can totally agree – logfiles, for instance, that are stored on the compromised system, cannot be viewed as a reliable source of information. The adversary could have modified or deleted them.
The authors argue that non-quiescent (e.g. live) analysis become more common but also suffers of effects such as the observer effect: Any action performed during the live analysis process modifies the state of the system that is investigated. Virtual machine introspection tries to mitigate this issue by “investigating from remote”.
Within the paper, the authors introduce four research issues within this field: the development of forensic tools, the monitoring of active virtual machines, active monitoring and the detection of virtual machine introspection techniques from within the VM.
Btw. – I guess some parts of the LaTeX template have been forgotten to be deleted – page 2, second column:
Wherever Times is specified, Times Roman or Times New Roman may be used. If neither is available on your word processor, please use the font closest in appearance to Times. Avoid using bitmapped fonts if possible. True-Type 1 or Open Type fonts are preferred. Please embed symbol fonts, as well, for math, etc.
Brief Hiking Trip: Gipswil – Bachtel – Hinwil
05/02/2012Again, the weather was amazing over this weekend motivating us to do yet another brief day trip: Gipswil to Bachtel (peak) down to Hinwil and back to Zurich. The countryside was amazing and the trails are pretty well prepared even in the winter. However, the temperature dropped to -13 degrees which could hardly be improved by the shining sun.
Baseline crypto information on Bitcasa – the shining star on the secure storage horizon?
27/01/2012Data deduplication techniques in cloud-based storage environments come along with several issues discussed already by Pinkas et al and Mulazzani et al - so this is an old problem. However, I never heard of a service fixing this issue properly and in a way it still leverages practicality – until recently when the advent of BITCASA went through the press.
Bitcasa claims to solve the issue of security and privacy of data but still makes use of data deduplication. The usage of server-side deduplication has been confirmed here and is obviously a “must-have” for smaller cloud storage providers like Dropbox and others. The crux for deduplicated systems is that a plaintext encrypted on the client with two different keys normally ends up in two different ciphertexts which can hardly be deduplicated since the content is different. Bitcasa claims to solve this issue by making use of convergent encryption which has been proposed already in a paper by Microsoft Research and later again by Storer et al.
According to the Microsoft paper, convergent encryption is “… a cryptosystem, … that produces identical ciphertext files from identical plaintext files, irrespective of their encryption keys.”.
You will probably ask yourself how this is done – well, the whole magic lies in the usage of the hash of the plaintext as the encryption key. This leads to the fact that two equal plaintexts produce the same hash and hence the same key. Afterwards you encrypt the hash (the key in fact) with the public key of the readers which can decrypt the the ciphertext and get the hash. All this information is described in a pretty clear manner in this paper in chapter 3. So, unfortunately even this pretty good information does not provide details of how they setup their security architecture but it’s fun to listen. Further brief information can also be found here and here. Finally, this article seems to provide also a pretty good discussion.
Using Cloud Services in Financial Environments
25/01/2012As you may have noticed, Google obviously “persuaded” a Spanish bank recently to move their internal communication to the “google cloud” . For sure, this is an interesting topic to discuss since using the Cloud comes along with various issues especially for financial services.
According to the article on BBC.co.uk …
BBVA … stressed that all customer data and other key banking systems would “stay in our own data centres” and be completely separate from the cloud solution.
Ok, fair enough, however I cannot imagine how BBVA is going to do this – how can they distinguish in such a strict manner between “internal communication” and “customer data”? They plan to use email, calendar, docs, chat, video conferencing without customer data? Financial business is primarily about customers and data related to these since the customers are the ones who bring the money in. What else does BBVA want to communicate about?
Of course, Google is pretty happy about that deal:
But the deal with BBVA, argues Mr Marotte, is important not only “because it is the largest ever agreement we have signed with an organisation, it is important because it is a very large financial company, it shows that now even banks are moving to the cloud”.
You know, I’m pretty much interested in the risk assessment made by BBVA before the deal was done. Furthermore, I guess that BBVA has some internal security standard that their projects and infrastructure needs to be compliant against. How did they manage to get this done?
Here you can find the official press release by the BBVA bank:
Because they will be able to access the information they need at any time from any internet connected device, anywhere in the world, BBVA’s workers will be able to be more flexible and mobile.
So they took care of people/employees loosing their devices? Is proper encryption for all of these devices in place? How does commissioning/decommissioning work? How do they prevent employees using malware infected systems in internet cafes around the planet?
Generally, I consider the issue of moving to the cloud similar to the one coming up in case large parts of internal business processes are getting outsourced – just add some more additional security, legal and compliance issues coming along.
Finally, here you can find the german news on heise saying that BBVA trusts in the Safe Harbor agreement which has been signed by Google.
Paper: Finding File Fragments in the Cloud
16/01/2012Finding File Fragments in the Cloud
Abstract:
Will not be published here – please search for official release on the Internet
Information:
Paper by Dirk J Ras and Martin S Olivier (University of Pretoria) – accepted paper at Eighth Annual IFIP WG 11.9
Brief Discussion:
The paper investigates, by conducting an experiment, the feasibility of performing a digital forensic analysis on a cloud computing system – Nebula in this case. In fact, the authors focused on IaaS and pretty much omitted SaaS and PaaS. Their experiment showed that it is possible to extract meaningful information for the cloud system and in certain cases even re-start the captures VM.
The experiment was performed by putting a known string into some reference files before the different shutdown processes were initiated: controlled shutdown, uncontrolled shutdown and capture via the network. Once a node was taken offline, the hard disk drives were removed from each of the nodes used in the setup.
I pretty much like the idea and although the complete actions and results seemed to be pretty much straightforward, it is good to have someone actually trying it in practice. The results are that in general data could be fully or patially recovered and in some scenarios VMs could even be re-instantiated.
Brief Hiking Trip: Zurich Uetliberg
15/01/2012Over the weekend we had amazing good weather here in Switzerland and of course this has to be used for getting out and see some awesome swiss nature. This time, we just made a brief one-day hiking trip starting at the Zurich Uetliberg continuing until Buechenegg. Some pictures can be seen below:
Paper: A Virtual Machine Introspection Based Architecture for Intrusion Detection
08/01/2012A Virtual Machine Introspection Based Architecture for Intrusion Detection
Abstract:
Today’s architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening in that host’s software, but is highly susceptible to attack. On the other hand, if the IDS resides in the network, it is more resistant to attack, but has a poor view of what is happening inside the host, making it more susceptible to evasion. In this paper we present an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance. We achieve this through the use of a virtual machine monitor. Using this approach allows us to isolate the IDS from the monitored host but still retain excellent visibility into the host’s state. The VMM also offers us the unique ability to completely mediate interactions between the host software and the underlying hardware. We present a detailed study of our architecture, including Livewire, a prototype implementation. We demonstrate Livewire by implementing a suite of simple intrusion detection policies and using them to detect real attacks.
Information:
Paper by Tal Garfinkel and Mendel Rosenblum (Stanford) – accepted paper at NDSS‘03 - PDF Download
Brief Discussion:
The authors propose the idea of virtual machine introspection for intrusion detection (IDS) purposes. In a virtual environment, the activity of the VM is analyzed by directly observing hardware state and inferring software state based on a priori knowledge of its structure. Although the idea is almost 10 years old, it is getting probably even more important nowadays with the advent of IaaS cloud environments.
Since the IDS running outside of a VM has normally only access to the hardware-level state (e.g. interrupts and memory accesses) and events, the authors solve this issue by using the knowledge of the OS structures inside the VM. Within this contect, the authors state that commercial anti-virus tools make use of “esoteric” methods – so true
According to the paper, the VMM has to obtain three essential capabilities: Isolation, inspection and interposition. The inspection principle is substantial to VM forensics. Furthermore, for the IDS capability, a policy engine has been defined that states the heart of the IDS. The complete idea has been implemented and experimental results have been provided – nice read!
On the Definition of “Cloudwashing” and Cloud Definitions in general
27/12/2011I totally appreciate the notion of “Cloudwashing” provided by James Staten of Forrester Research. Although this seems to be a non-security issue at the first view, it is in fact of greater importance for “cloud security” in general. We all have to learn that sticking to one definition for cloud computing is much more efficient than creating X different definitions for one huge buzzword.
So what’s the impact on cloud security?
In case we have X different definitions, nobody knows exactly what the other persons refers to. This means that potential security issues/solutions are applicable to a specific service model in one definition but not to the same service model in another definition. You see, this makes things worse. Why don’t we all stick to one definition, e.g. provided by the NIST? If everybody refers to the NIST definition, everybody knows what the other person refers to.
So what is Cloudwashing?
According to Forrester Research, Cloudwashing is to “delineate what is a new type of technology and what is simply last year’s technology in new clothing (what I call “cloud-washing”).”. Unfortunately, I observed a lot of Cloudwashing within the German IT industry. Obviously, some vendors put “cloud” and “security” into their old-school product in order to push their sales figures. In most of the cases, these “cloud security products” have nothing to do with what is considered to be the “cloud”. I don’t want to provide some specific brands here but you should ask yourself the following questions:
- Does my product obtain at least one of the 5 essential cloud characteristics defined by the NIST?
- Can I put my product/service into one of the 3 service models provided by the NIST?
- Can I use one of the 4 deployment models provided by the NIST definition?
Results:
3 YES – Your product/service fits into the NIST definition for cloud computing.
2 YES – Especially in case you answered the first two questions with YES, your product/service will be considered to be cloud-related.
1 YES – Highly depends on where your answer is related to. However, I recommend to leave the notion of “cloud” out of your marketing strategy.
0 YES – You probably relate your product/service to “Cloud Computing” due to marketing reasons. I hope your customers will be clever enough to realize your buzzword bingo and move on to another vendor.
Recently, in San Francisco the annual “Washies” award was given to the worst offenders of painting over traditional IT technology with the word “cloud”. Please check out the results here - we should definitively create something like this for the German cloud market and perhaps the security market. However, in contrast to the “Washies” award, it should be supervised by an independent organization and not by Cloud Company itself which makes this whole award a little bit awkward. Finally, this article provides also some interesting aspects of cloudwashing companies.
Hiking Trip: Kandelhöhenweg in Freiburg, Germany
28/11/2011Again, I spent the weekend meeting very old and good friends doing some weekend hiking trips – this time around the city of Freiburg in Germany. We walked a smaller part of the “Kandelhöhenweg” - just to give a brief impression of the awesome weather and landscape we enjoyed:
Hiking Trip: Saentis – Appenzeller Land
16/11/2011The last weekend was astonishing sunny and in case you wouldn’t have known that it’s Mid November, you would have thought it’s May or June. Our trip was quite challenging for IT guys : We did approx. 2000 meters up and down at the first day and chilled at the second. This map shows our approximate route starting at Schwägalp, climbing up the Saentis Peak, continuing via Lisengrat which already had a lot of snow and descending to Fälenalp. Awesome!
Some further impressions:
Paper: Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
01/11/2011Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
Abstract:
The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloud-based website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research.
Information:
Paper by Alan T. Sherman and Josiah Dykstra (University of Maryland) – accepted paper at ADFSL Conference on Digital Forensics, Security and Law 2011.
Brief Discussion:
These authors emphasize in the paper that forensic investigators must understand the fact that current tools and techniques are inadequate in cloud environments. Acquisition, examination and analysis of forensic evidence differs in practice from the traditional way of digital forensics. Unfortunately, little research has been done concerning the applicability of forensics to cloud computing environments – I can totally confirm the opinion of the authors.
In two case studies, the authors reason about the state of digital forensics for cloud-related crimes. Personally I like the differentiation between the two case studies: One uses the cloud as an accessory to a crime, the other one targets the crime against the cloud. However I don’t understand the statement:
“The examiner has no way to image the virtual machine remotely since the cloud provider does not expose that functionality, and in doing so would alter the state of the machine anyway.”
Why? By creating a snapshot of the current virtual machine running, the machine itself is not altered in any way. Of course, the ability for an external examiner to create a snapshot for a third party from remote is not implemented, but this could be performed by the CSP itself locally. As stated also in paper, the CSP can do this without the attendance of any law enforcement person and the evidence would still be valid.
Finally, one sentence has to be emphasized:
“Microsoft and Amazon declined to comment about their compliance abilities in this situation.”
Hiking Trip: Wildspitz – Aegeri Trip
16/10/2011This weekend, I made one of my first short trips here in Switzerland to the Wildspitze. Mainly, we followed this easy trail which takes you about 5 hours Sattel via Wildspitze to Unter-Aegeri. Here are some of my favorite pictures:
And here is a short video giving an impression of the amazing view:
Paper: The Case for Browser Provenance
14/10/2011The Case for Browser Provenance
Abstract:
In our increasingly networked world, web browsers are important applications. Originally an interface tool for
accessing distributed documents, browsers have become ubiquitous, incorporating a significant portion of user interaction. A modern browser now also reads email, plays media, edits documents, and runs applications. Consequently, browsers process large quantities of data, and must record metadata, such as history, to help users
manage their data. Most of the metadata that modern browsers record is actually provenance – metadata that
captures the causality and lineage of data obtained via the browser. We demonstrate that characterizing browser
metadata as provenance and then applying techniques from the provenance research community enables new
browser functionality. For example, provenance can improve both history and web search by indicating contextual and personal relationships between data items. Users can also answer complex questions about the origins of their data by querying provenance. Our initial results suggest these features are feasible to implement and could perform well in modern browsers.
Information:
Paper by Daniel W. Margo and Margo Seltzer (Harvard School of Engineering and Applied Sciences) – accepted paper at USENIX TaPP`09 - PDF Download
Brief Discussion:
When I first saw the title of the paper, I felt immediately forced to read it. Data provenance or provenance information in general is a pretty powerful tool and can provide many answers to complex questions. If you check my blog for other provenance related papers, you will realize that provenance information provides information back to the very first beginning of an item if needed and properly implemented.
The authors of this specific paper discuss interesting scenarios in which the provenance information of a browser could be useful. Just for giving an example: Lineage (provenance) information about downloads, personalizing web search and time-contextual history search.
Finally, in section 3 a very interesting question is asked: Why do modern browser do not use any graph algorithms at all? Or is this the case? To be honest, I don´t know either …
Paper: Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space
18/09/2011Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space
Abstract:
During the past few years, a vast number of online file storage services have been introduced. While several of these services provide basic functionality such as uploading and retrieving files by a specific user, more advanced services offer features such as shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. Within this paper we give an overview of existing file storage services and examine Dropbox, an advanced file storage solution, in depth. We analyze the Dropbox client software as well as its transmission protocol, show weaknesses and outline possible attack vectors against users. Based on our results we show that Dropbox is used to store copyright-protected files from
a popular filesharing network. Furthermore Dropbox can be exploited to hide files in the cloud with unlimited storage capacity. We define this as online slack space. We conclude by discussing security improvements for modern online storage services in general, and Dropbox in particular. To prevent our attacks cloud storage operators should employ data possession proofs on clients, a technique which has been recently discussed only in the context of assessing trust in cloud storage operators.
Information:
Paper by Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl - accepted paper at USENIX Security’11 - PDF Download
Brief Discussion:
The authors provide some information about weaknesses in cloud storage services such as Dropbox and outline possible attack vectors against users. This was primarily done by analyzing the transmission protocol and the client. Besides the fact that the idea of abusing the deduplication feature of cloud services is not new, the paper is well structured and interesting to read. It takes old ideas and accumulates them with fresh results in a pretty interesting way.
However, at first I missed a little bit the main difference to the paper by Pinkas et al. In March 2011, I had the pleasure to talk to Benny Pinkas in Zurich at IBM by myself after his talk about the deduplication design flaws in cloud storage services. The attack is quite simple – unfortunately, mitigations are not. Further information can be found in the paper by Pinkas.
Furthermore, for the section “Stolen Host ID Attack” I miss proper references. This issues has obviously been discovered by Derek Newton half a year ago, or am I wrong? A referencing link would be nice in this case.
Obviously, SBA Research followed the responsible disclosure process according to comment #134 on the blog of Derek. Thx to Tobi for this information.
Paper: Detecting Hidden Storage Side Channel Vulnerabilities in Networked Applications
20/08/2011Detecting Hidden Storage Side Channel Vulnerabilities in Networked Applications
Abstract:
Side channels are communication channels that were not intended for communication and that accidentally leak information. A storage side channel leaks information through the content of the channel and not its timing behavior. Storage side channels are a large problem in networked applications since the output
at the level of the protocol encoding (e.g., HTTP and HTML) often depends on data and control flow. We call such channels hidden because the output differences blend with the noise of the channel. Within a formal system model, we give a necessary and sufficient condition for such storage side channels to exist. Based on this condition, we develop a method to detect this kind of side channels. The method is based on systematic comparisons of network responses of web applications. We show that this method is useful in practice by exhibiting hidden storage side channels in three well-known web applications: Typo3, Postfix Admin, and
Zenith Image Gallery
Information:
Paper by Felix Freiling Sebastian Schinzel- accepted paper at IFIP sec2011 - PDF Download
Brief Discussion:
The authors describe a method based on systematic comparisons of network responses of web applications. This means: You through a lot of rubbish requests at a web application and figure out how the responses differ from the responses caused by requests with valid accounts/data etc. I pretty much like the idea . And obviously, the results are impressive: The authors provide 3 real world applications which are vulnerable.
By the way: Sebastian Schinzel was guest at my former chair at the RUB for the HackerPraktikum. Hence, you can watch the video of his talk here which is also about side channel attacks.
Cyber Forensics in the Cloud – Magazine Article
20/08/2011Cyber Forensics in the Cloud
In volume 14 of the IAnewsletter, an article about forensics in the cloud was published. Although this magazine is more focussing on industry related readers and most of the topics in the article are already known, the article by Scott Zimmermann and Dominick Glavach was quite interesting to read.
Especially the aspect of time synchronization is important, imho. All involved entities during and before an investigation have to have time synchronization. Otherwise, evidence matching will be difficult, especially in front of a court.
Another interesting topic was “tools for performing”: If you ask me, it is not possible to create ONE specific tool for cloud forensics due to the current lack of standards. In most of the cases, you have to combine several other tools in order to get your results. In the future, in case there will be ONE standard for all cloud implementations , one tool could solve a lot of forensic issues – but this will hardly be realistic.
The authors talk in the article about signature based analysis for forensic collections – I do not think that this method will be applicable in real world scenarios. The past has shown that the AV industry pretty much fails if it comes to reach the 100% detection rate. 90% reliable evidence within digital forensic investigations is not enough.
Information:
Magazine paper by Dominick Glavach and Scott Zimmermann – PDF Download
Paper: Cloud Architectures
18/07/2011Cloud Architectures
Abstract:
It’s obviously missing
Information:
Paper by Jinesh Varia – published in 9th IEEE Annual Conference, IEEE Stanford and IEEE Silicon Valley Chapter, July 2008 – PDF Download
Brief Discussion:
First of all, I consider without any doubt this paper as one of the best papers ever read regarding the basics of cloud architectures. It describes in a clear, understandable language an example application that relys on the AWS infrastructure and does pattern-matching across millions of web documents – so this is a typical cloud scenario in which infrastructures such as AWS make sense. Jinesh uses within his example application the Hadoop framework, an open source distributed processing framework.
I pretty much like the simple structure of the paper – you get anything you need and it makes fun to read it! Especially for people who wonna know for what exactly AWS can be used for and who don’t know the difference between S3, SQS, SimpleDB, EC2 etc. this paper is highly recommended.
Some details about our recent 200km Ultra-Hike in the beautiful Altmühltal
17/07/2011Well, I was really astonished that so many people are interested in the details of our recent 200km ultra-hike. Hence, I will provide some details about this trip here:
Trail:
We have chosen to follow the “Altmühltal-Panoramaweg” which leads 200km from Gunzenhausen zu Krelheim. You can find some information about the trail here and here. In fact, all promises about the beauty of this trail are true – the nature is really incredible down there!
For navigation I can highly recommend this small cheap map – all information you need are included and the map has a handy size. Normally the trail is divided into 10 different parts which can be done within 10 days – first we decided to do the trail in 4 days but did it in the end in 3 days which can be quite exhausting for untrained guys like me. Anyway, be aware that some parts also contain about 30km/day if you decide to walk it in 10 days.
Distances:
We did the following distances/day:
- 1. Day: 45 km
- 2. Day: 50 km
- 3. Day: 105 km
I have to add that our luggage was about 5-6 kg for each of us while my colleague carried a little bit more due to the size of his backpack. You shouldn’t try to do these distances with heavy luggage! Water can be easily bought at various kiosks, restaurants etc.
The biggest issue with such distances in a row is the fact that you suffer from the efforts you made the days before. This means, after the first day you have to try hard to recover in one night! Hence, don’t drink any alcohol … and stick to water and iso-drinks.
The 40s and 50s km distances can be done easily compared to the last one which is in fact a long walk. We did the first part in 18 hours, slept for 5 hours before doing the rest in 7 hours. 105 km in 30 hours is possible … as it seems.
All in all, the trip was a great experience and I can highly recommend to walk such distances once in a lifetime. You will definitively regret it during the trip but in the end the feeling of “I did it!” is awesome.
