1 / 24

Vanish: Increasing Data Privacy with Self-Destructing Data

Vanish: Increasing Data Privacy with Self-Destructing Data. Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy, USENIX Security Symposium (Usenix), 2009. Presentation by Sruthi Chiluka. Overview. Introduction Example scenario Goals Other candidate Approaches

marshall-monroe
Download Presentation

Vanish: Increasing Data Privacy with Self-Destructing Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy, USENIX Security Symposium (Usenix), 2009. Presentation by Sruthi Chiluka

  2. Overview • Introduction • Example scenario • Goals • Other candidate Approaches • Vanish Implementation • DHT Implementation • Types of DHT • Vanish application • Conclusion

  3. INTRODUCTION • What is Vanish? - Vanish is a self destructing system which is broadly applicable in today's Web-centered world. • Where user's sensitive data can persist in the cloud even after the user account termination with the help of self destructing framework users can regain control over their confidential data such as (e-mails, facebook messages or any web contents created or posted).

  4. Contd.. • Vanish protects the privacy of past, archived data- such as copies of emails maintained by email provider against all kinds of legal, malicious and accidental attacks. • All the copies of data including the pristine copy becomes obliterate after a specific amount of duration, without any user's involvement to perform any action or any third party association to perform the deletion.

  5. Example Scenario How can Alice be sure that sensitive data sent over electronic mail system is secure? Services may retain data for long after user tries to delete

  6. Files/Emails can re-emerge years later ISP • It is possible to retrievearchived data months/years later. • Emails are frequently cached or archived by the email provider on their local back up systems, ISP’s etc. • Therefore there is a chance of risk exposure in future to unintended parties.

  7. Goals • Destruction after Time out. • Accessible until Time out. • Leverage existing Infrastructures. • No secure hardware • No Privacy risks

  8. Other Vulnerable Approaches Most obvious approach is to do manual deleting by installing CRON job. Protection using PGP does not work against adversaries. Forward secrecy encryption can be violated by caching, backup archives or court orders.

  9. Contd.. Emphemeizer solution - Untrustworthy Centralized Third party Services

  10. Self Destructing Data Mold ISP File/document is destroyed after specific time out period making all copies of data unreadable including the pristine copy.

  11. Vanish Data Object(VDO) • It encapsulates user’s data and prevents its content from storing at intermediate hops and becoming source of retroactive attacks. • It will become unreadable even if connectivity is removed from storage site. • While user encapsulates data in VDO he/she would be knowing the approximate time period to be set to the VDO.

  12. Vanish Implementation • Vanish is used to leverage existing, decentralized, large scale Distribution Hash Tables. • Encrypt the data with a key and store the key in a high-churn globally-distributed DHT system • Once it reaches the timeout value, the key would be erased from the DHT and forever lost. The data will not be readable without the key

  13. What is Distributed Hash Table(DHT)? • Distributed hash table works on peer to peer network(P2P is a decentralized and distributed network) that provides look up service similar to hash table. • Each node in the network is associated with an index or node ID • Using Hashing a node can find out index corresponding to the specific content • Numerous DHT’s exist in the Internet like Vuze, Mainline and KAD.

  14. DHT Implementation Key Hash Function buckets John 00 01 02 03 . . . 13 14 15 Smith 521-9876

  15. Vanish usage of DHT • Vanish takes data content D and encapsulates it into a VDO V. • It encrypts D with a random key K and produces cipher text C • It then splits the key into N shares suppose K1,k2....kn. • After computing the shares it picks up random access key L as seed of random generator to generated the Indices I1,I2...In • Final VDO comprises of (L,C,N threshold)

  16. Vuze Mechanism over OPEN DHT Vuze DHT • Open to be joined by any users • Millions plus nodes, geographical distributed through the • High churn, user leaving and entering within the network • Fixed 8 hours timeout Open DHT • Restricted membership • Variable time out up to 1 week

  17. How Data Time out Works • The DHT nodes churn or internally cleanse themselves, thereby rendering the protected data unavailable over time. • It would be difficult to determine retroactively which nodes where responsible for storing a given piece of data in past. • Keyloses make all data copies permanently unreadable.

  18. Defense against Retro active attacks. Time out time Upload data Copies Archived Retro active attack begins

  19. Vanish Applications • Firefox plug-in (Included in release of Vanish) • Thunderbird plug-in (Developed by the community two weeks after release ) • Self-destructing files • Self-destructing trash-bin

  20. Contd..

  21. VDO decapsulated Prior to Expiration? • An attacker might try to obtain the copy of VDO and revoke its privacy prior to its expiration. • Further decapsulate VDO’s using further traditional encryption schemes like PGP,GPG which are supported by fire vanish application. • By the time user is forced to furnish PGP private keys VDO is expired.

  22. Performance Evaluation Measurements use an Intel T2500 DUO with 2GBRAM,Java 1.6 and broadband network. Single Vuze DHT took 4 minutes to store 50 shares by employing several vuze operations time could be lowered to 32 seconds for 50 shares The graph shows getting DHT shares are relatively fast when compared to storing VDO’s

  23. CONCLUSION Disadvantages of Vanish • Fixed time out challenges in Vuze based DHT. • For much larger data sizes encryption/decryption becomes complicated. • No defense provided against certain attacks like denial of service which would prevent reading data for life time.

  24. THANK YOU…

More Related