secure deletion n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Deletion PowerPoint Presentation
Download Presentation
Secure Deletion

Loading in 2 Seconds...

play fullscreen
1 / 36

Secure Deletion - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

Secure Deletion. What is Secure Deletion. The permanent removal of data from disk When data is gone, it’s gone for good “Emptying the trash” is not good enough Simply frees blocks for later allocation Data exist intact and readable

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure Deletion' - nolan-shepard


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what is secure deletion
What is Secure Deletion
  • The permanent removal of data from disk
    • When data is gone, it’s gone for good
  • “Emptying the trash” is not good enough
    • Simply frees blocks for later allocation
    • Data exist intact and readable
  • Even after reallocation, data may be recovered using more expensive forensic techniques
    • Magnetic Force Microscopy
need for secure deletion
Need For Secure Deletion
  • Important feature for security conscious users
  • Informational records are becoming entirely electronic
  • Legislation - over 4000 new laws
    • Records that go out of audit scope should do so forever (Sarbanes-Oxley)
    • Patients may wish to redact portions of their medical record (HIPAA Privacy Rule)
    • When a disk is subpoenaed, old, irrelevant or sensitive data should be inaccessible
question
Question?
  • How would you securely remove data from your system?
existing techniques
Existing Techniques
  • Destroy the device
  • Secure Overwrite
  • Key Disposal
  • Secure Deletion for Versioning File System
secure overwrite
Secure Overwrite
  • Idea introduced by Peter Gutmann
  • 36 synchronous passes over contiguous data
  • Each pass is a particular pattern of 1s and 0s designed to degauss the magnetic media
    • Takes into account standard ECCs and other bit reordering techniques
  • Problem: very slow, large files may each take minutes to delete
other variants
Other Variants
  • Zeroing the data with one pass (not enough)
  • 3 passes of random data (may be enough)
  • DOD specifies only 7 passes
  • NIST released its secure deletion recommendation, identifying four grades:
    • Disposal (throw non-confidential disks away)
    • Clearing (Protection against simple keyboard attacks)
    • Purging (Protection against laboratory attacks)
    • Destroying
key disposal
Key Disposal
  • Idea introduced by Dan Boneh
  • Encrypt data with a key
  • When you want to delete data, simply “throw away” the key
    • Destroy device keys reside on
    • Secure overwrite keys
  • Problems: A key per file may be too course grained. A key per block is a huge amount of keys to manage
user tools
User Tools
  • Use Gutmann or other overwriting technique
    • Wipe
    • Boot and Nuke
    • Etc…
  • Somewhat effective, however
    • Can’t destroy metadata (names, size, etc.)
    • Get fooled by truncate
    • Can’t be interposed by operations
      • mv fileA fileB
  • Secure deletion needs to be done at lower level
    • File system, device driver, device
secure deletion in versioning systems
Secure Deletion in Versioning Systems
  • Legislation also requires versioning in file system
  • Current secure deletion techniques cannot by directly applied
  • Remember
    • Data are often shared between version
    • Data cannot be kept contiguous
problems with secure deletion
Problems with Secure Deletion
  • Key Disposal: Block sharing hinders key management
    • Could never discard a version-key
    • Fine-grained deletion requires a key per block, and results in an explosion of keys
  • Secure Overwriting: Naively overwriting a shared block will erase it from subsequent versions
  • Secure overwriting has performance concerns
    • Identifying shared block dependencies before committing to a deletion
    • Overwriting is very slow
    • Data to be removed should be contiguous
our big idea
Our Big Idea
  • A keyed transform takes a key, a data block, and a nonce
  • Creates an encrypted block and a small stub
  • When the key is private, data is secure and authenticated
  • Securely overwriting a stub, securely deletes the corresponding data block, even if the adversary is later given the key
secure deletion example
Secure Deletion Example

File Metadata

11

s0

s1

s2

Disk

C0

C1

C2

secure deletion example1

17

s0

s1

s1’

s2

C1’

Secure Deletion Example

Receive a write to block #2 at time 17

File Metadata

11

s0

s1

s2

Disk

C0

C1

C2

secure deletion example2
Secure Deletion Example

Delete file at time 11

File Metadata

11

s0

s1

s2

17

s0

s1’

s2

Disk

C0

C1

C2

C1’

secure deletion example3
Secure Deletion Example

Delete file at time 11

Block C1 is deleted permanently

File Metadata

11

s0

s1

s2

17

s0

s1’

s2

Disk

C0

C1

C2

C1’

features of our design
Features of Our Design
  • The stubs are not secret and reveal nothing about the data or the key
  • Stubs for a version are stored together.
  • Overwriting 4K of stubs erases 1MB of (non-contiguous) data.
our contributions
Our Contributions
  • Two algorithms for the secure deletion of data in a versioning file system
    • One based on the all-or-nothing transform
    • One based on randomized keys
  • Big Result: Our deletion technique is 200X faster than traditional deletion
the aon secure deletion
The AON Secure Deletion
  • Based on the all-or-nothing (AON) transform designed by Rivest
  • A partial output of the ciphertext reveals nothing about the plaintext
  • No single ciphertext message can be decrypted in isolation
  • Requires no additional keys
aon secure deletion
AON Secure Deletion
  • Overwriting any small subset of the ciphertext block deletes the entire block
  • The encryption creates a message expansion that is bound to the same AON properties
  • The expansion becomes the stub and can be securely overwritten to erase the entire data block
random key secure deletion
Random Key Secure Deletion
  • Encryption must employ randomization to avoid such a text guessing attack
  • Each data block is encrypted with a randomly generated key
  • Each random key is encrypted with the user’s key, and serves as the stub
  • Like AON, uses authenticated encryption and does not need extra keys
  • Random key secure deletion draws upon the Boneh key disposal and lock-boxes in Plutus [Kallahalla03]
random key secure deletion1
Random Key Secure Deletion
  • Suffers from a larger message expansion
    • A 384 bit stub vs. 128 bit stub
    • Only the encrypted key needs to be securely overwritten
  • Cannot delete any subset of the bits. Must delete stub.
implementation
Implementation
  • We’ve implemented secure deletion in the ext3cow versioning file system
  • Available at: www.ext3cow.com
aon encryption
AON Encryption

Input: Data Block d1,…dm, Block ID id, Counter x, Encryption key K, MAC key M

Output: Ciphertext Block x1,…xm, Stub x0

random key encryption
Random Key Encryption

Input: Data Block d1,…dn, Block ID id, Counter x, Encryption key K, MAC key M

Output: Ciphertext Block c1,…cn, Stub x0, Authentication t, c1,…cm

secure deletion variation example
Secure Deletion Variation Example

File Metadata

11

s0

s1

s2

17

s0

s1

s2

Disk

C0

C1

C2

secure deletion variation example1
Secure Deletion Variation Example

File Metadata

11

s0

s1

s2

17

s0

s1

s2

Disk

C0

C1

C2

future directions a verifiable audit trail
Future Directions:A Verifiable Audit Trail
  • Data on disk is easily malleable
    • Data may be forged, deleted, or otherwise altered
  • Legislation requires companies to make a strong statement about data validity
  • Methods of authenticating data exist, but are unsuitable in the versioning environment
    • Unable to efficiently create a verifiable chain of changes
  • How do we combine proving something exists to a 3rd party with deleting something forever
the ext3cow file system
The Ext3cow File System
  • Open-source file system, based on ext3, that implements file system snapshot and versioning
    • Captures immutable, point-in-time views of the entire file system
  • Intuitive time-shifting interface for accessing the past
  • Encapsulated entirely in the file system
  • Low storage overhead and negligible performance degradation
electronic record legislation
HIPAA (1996)

Technical security mechanisms

Physical safeguards

E-SIGN (2000)

Digital contracts are as legitimate as paper contracts

FISMA (2002)

Framework for ensuring security controls for storage

Security of system must be commensurate with security of data

Sarbanes-Oxley (2002)

CEO, CFO responsible for accurate financial reports

Management assessment of internal controls

Real time disclosure

Criminal penalties for altering documents

Gramm-Leach-Bliley (2002)

Consumer records kept confidential

Protect against threats and unauthorized access

Federal Records Act

DoD Directive 5015.2

Electronic Record Legislation
ext3cow related work
Ext3cow Related Work
  • Enumerated Versions
    • Cedar, VMS, TOPS
      • No meaningful way to access old versions
  • File System Snapshot
    • FFS, LFS, Spiralog
      • Snapshot used for recovery
      • No access to past versions
    • WAFL
      • Discrete access to versions
  • Time-oriented interface
    • Elephant
      • No stable inodes
      • VFS implementation
ext3cow design
Ext3cow Design
  • Encapsulated totally within the on-disk file system layer
    • No kernel interfaces are changed
    • Easy to install (modularity)
    • Finer grained control over kernel data structures
      • Metadata organization
      • Data placement
      • Memory management
    • Provides stable inode numbers
time shifting interface
Time-shifting Interface
  • Versions are accessed through a time-shifting interface
  • Time-shifting provides a continuous view of time
  • Past looks like a logically complete backup
  • Past is accessed via the ‘@’ token
    • cat filename@TIME
    • cd directory@TIME