Vanish: Increasing Data Privacy with Self-Destructing Data

Today's technical and legal landscape presents formidable challenges to personal data privacy. First, our increasing reliance on Web services causes personal data to be cached, copied, and archived by third parties, often without our knowledge or control. Second, the disclosure of private data has become commonplace due to carelessness, theft, or legal actions. Our research seeks to protect the privacy of past, archived data -- such as copies of emails maintained by an email provider -- against accidental, malicious, and legal attacks. Specifically, we wish to ensure that all copies of certain data become unreadable after a userspecified time, without any specific action on the part of a user, and even if an attacker obtains both a cached copy of that data and the user's cryptographic keys and passwords. This paper presents Vanish, a system that meets this challenge through a novel integration of cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs). We implemented a proof-of-concept Vanish prototype to use both the million-plus-node Vuze Bit-Torrent DHT and the restricted-membership OpenDHT. We evaluate experimentally and analytically the functionality, security, and performance properties of Vanish, demonstrating that it is practical to use and meets the privacy-preserving goals described above. We also describe two applications that we prototyped on Vanish: a Firefox plugin for Gmail and other Web sites and a Vanishing File application.

[1]  Hari Balakrishnan,et al.  Cabernet: vehicular content delivery using WiFi , 2008, MobiCom '08.

[2]  Di Ma,et al.  Practical forward secure sequential aggregate signatures , 2008, ASIACCS '08.

[3]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[4]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[5]  Stefan Rass,et al.  How to protect privacy in floating car data systems , 2008, VANET '08.

[6]  Mary Baker,et al.  The LOCKSS peer-to-peer digital preservation system , 2005, TOCS.

[7]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[8]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[9]  Radia Perlman,et al.  The ephemerizer: making data disappear , 2005 .

[10]  Windsor W. Hsu,et al.  Fossilized index: the linchpin of trustworthy non-alterable electronic records , 2005, SIGMOD '05.

[11]  Michael T. Goodrich,et al.  Authenticated Data Structures for Graph and Geometric Searching , 2003, CT-RSA.

[12]  Abhi Shelat,et al.  Automated traffic enforcement which respects "driver privacy" , 2005, Proceedings. 2005 IEEE Intelligent Transportation Systems, 2005..

[13]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[14]  Krishna P. Gummadi,et al.  Measurement, modeling, and analysis of a peer-to-peer file-sharing workload , 2003, SOSP '03.

[15]  Radu Sion,et al.  Strong WORM , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[16]  Richard J. Lipton,et al.  A Revocable Backup System , 1996, USENIX Security Symposium.

[17]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[18]  Marianne Winslett,et al.  Trustworthy keyword search for regulatory-compliant records retention , 2006, VLDB.

[19]  N. Sandlin PAY AS YOU GO , 1989 .

[20]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[21]  Gene Tsudik,et al.  Extended Abstract: Forward-Secure Sequential Aggregate Authentication , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[23]  Christian S. Collberg,et al.  Tamper Detection in Audit Logs , 2004, VLDB.

[24]  Peter Deutsch,et al.  GZIP file format specification version 4.3 , 1996, RFC.

[25]  Fang Yu,et al.  How dynamic are IP addresses? , 2007, SIGCOMM '07.

[26]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, Inf. Comput..

[27]  Thomas E. Anderson,et al.  Profiling a million user dht , 2007, IMC '07.

[28]  Patrick Riley,et al.  The tolls of privacy: An underestimated roadblock for electronic toll collection usage , 2008, Comput. Law Secur. Rev..

[29]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[30]  Jeffrey S. Chase,et al.  Strong accountability for network storage , 2007, TOS.

[31]  Somesh Jha,et al.  Secure function evaluation with ordered binary decision diagrams , 2006, CCS '06.

[32]  Marco Gruteser,et al.  On the Anonymity of Periodic Location Samples , 2005, SPC.

[33]  Helger Lipmaa,et al.  On Optimal Hash Tree Traversal for Interval Time-Stamping , 2002, ISC.

[34]  Alley Stoughton,et al.  Detection of Mutual Inconsistency in Distributed Systems , 1983, IEEE Transactions on Software Engineering.

[35]  Mihir Bellare,et al.  Protecting against key-exposure: strongly key-insulated encryption with optimal threshold , 2005, Applicable Algebra in Engineering, Communication and Computing.

[36]  Adolf Hohl,et al.  Delegating Secure Logging in Pervasive Computing Systems , 2006, SPC.

[37]  Matthew K. Franklin,et al.  Intrusion-Resilient Public-Key Encryption , 2003, CT-RSA.

[38]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[39]  Gene Itkis,et al.  Cryptographic tamper evidence , 2003, CCS '03.

[40]  Marco Gruteser,et al.  USENIX Association , 1992 .

[41]  Michael Gertz,et al.  Authentic Data Publication Over the Internet , 2003, J. Comput. Secur..

[42]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[43]  Muhammad Torabi Dashti,et al.  A Hybrid PKI-IBC Based Ephemerizer System , 2007, SEC.

[44]  Paul H. Rubin,et al.  Economics of Crime , 2006, Found. Trends Microeconomics.

[45]  Tal Garfinkel,et al.  Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.

[46]  Ian Goldberg,et al.  Improved user authentication in off-the-record messaging , 2007, WPES '07.

[47]  Hui Xiong,et al.  Enhancing Security and Privacy in Traffic-Monitoring Systems , 2006, IEEE Pervasive Computing.

[48]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[49]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[50]  Tadayoshi Kohno,et al.  Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs , 2008, USENIX Security Symposium.

[51]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[52]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[53]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[54]  William Pugh,et al.  Skip Lists: A Probabilistic Alternative to Balanced Trees , 1989, WADS.

[55]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[56]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[57]  Robert F. Erbacher,et al.  Exemplifying Attack Identification and Analysis in a Novel Forensically Viable Syslog Model , 2008, 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering.

[58]  Richard T. Snodgrass,et al.  Forensic analysis of database tampering , 2008, TODS.

[59]  Bruce Schneier,et al.  Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications , 2008, HotSec.

[60]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[61]  Dan S. Wallach,et al.  Casting Votes in the Auditorium , 2007, EVT.

[62]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[63]  Brighten Godfrey,et al.  OpenDHT: a public DHT service and its uses , 2005, SIGCOMM '05.

[64]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[65]  Michael K. Reiter,et al.  Time-Scoped Searching of Encrypted Audit Logs , 2004, ICICS.

[66]  Alexandre M. Bayen,et al.  Virtual trip lines for distributed privacy-preserving traffic monitoring , 2008, MobiSys '08.

[67]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[68]  Jörg Schwenk,et al.  Provably Secure Framework for Information Aggregation in Sensor Networks , 2007, ICCSA.

[69]  Radia J. Perlman,et al.  File system design with assured delete , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[70]  John Kubiatowicz,et al.  Naming and integrity: self-verifying data in peer-to-peer systems , 2003 .

[71]  Andrew J. Blumberg,et al.  Congestion pricing that respects "driver privacy" , 2006 .

[72]  Moti Yung,et al.  Exposure-resilience for free: the hierarchical ID-based encryption case , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[73]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[74]  Kent E. Seamons,et al.  Logcrypt: Forward Security and Public Verification for Secure Audit Logs , 2005, IACR Cryptol. ePrint Arch..

[75]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[76]  Joseph M. Hellerstein,et al.  Induced Churn as Shelter from Routing-Table Poisoning , 2006, NDSS.

[77]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[78]  Bruce Schneier,et al.  Automatic Event-Stream Notarization Using Digital Signatures , 1996, Security Protocols Workshop.

[79]  Eike Kiltz,et al.  Append-Only Signatures , 2005, ICALP.

[80]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[81]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[82]  Stuart Haber,et al.  How to Time-Stamp a Digital Document , 1990, CRYPTO.

[83]  Giuseppe Ateniese,et al.  Verifiable audit trails for a versioning file system , 2005, StorageSS '05.

[84]  Alban Gabillon,et al.  CHRONOS: an authenticated dictionary based on skip lists for timestamping systems , 2005, SWS '05.

[85]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[86]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[87]  Niels Provos,et al.  Encrypting Virtual Memory , 2000, USENIX Security Symposium.

[88]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[89]  Dawn Song,et al.  SIA: Secure information aggregation in sensor networks , 2007, J. Comput. Secur..

[90]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[91]  Ahto Buldas,et al.  Optimally Efficient Accountable Time-Stamping , 2000, Public Key Cryptography.

[92]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[93]  Viktor Mayer-Schoenberger,et al.  Useful Void: The Art of Forgetting in the Age of Ubiquitous Computing , 2007 .

[94]  Michael Gertz,et al.  Flexible authentication of XML documents , 2001, CCS '01.

[95]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[96]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[97]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[98]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[99]  Jan Camenisch,et al.  Balancing accountability and privacy using E-cash , 2006 .

[100]  Stefan Saroiu,et al.  A Measurement Study of Peer-to-Peer File Sharing Systems , 2001 .

[101]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[102]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[103]  John Kubiatowicz,et al.  Handling churn in a DHT , 2004 .

[104]  Lingxuan Hu,et al.  Secure aggregation for wireless networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[105]  Michael O. Rabin Provably unbreakable hyper-encryption in the limited access model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[106]  John Kelsey,et al.  Signed Syslog Messages , 2010, RFC.

[107]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[108]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[109]  Matthew K. Franklin,et al.  A Generic Construction for Intrusion-Resilient Public-Key Encryption , 2004, CT-RSA.

[110]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[111]  Amit Sahai,et al.  On Perfect and Adaptive Security in Exposure-Resilient Cryptography , 2001, EUROCRYPT.

[112]  Dawn Xiaodong Song,et al.  Secure hierarchical in-network aggregation in sensor networks , 2006, CCS '06.

[113]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[114]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[115]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[116]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[117]  Saharon Shelah,et al.  Black Boxes , 2008, 0812.0656.

[118]  Jan Willemson,et al.  Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[119]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[120]  Mary Baker,et al.  Enabling the Archival Storage of Signed Documents , 2002, FAST.

[121]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[122]  R. Freeman,et al.  The economics of crime , 1999 .

[123]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[124]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[125]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[126]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[127]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[128]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[129]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[130]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[131]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[132]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[133]  Chris Lonvick,et al.  The BSD Syslog Protocol , 2001, RFC.

[134]  Ramakrishna Kotla,et al.  Zyzzyva , 2007, SOSP.

[135]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[136]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[137]  Gene Tsudik,et al.  Forward-Secure Sequential Aggregate Authentication , 2007, IACR Cryptol. ePrint Arch..

[138]  Brent Waters,et al.  Cryptographic Methods for Storing Ballots on a Voting Machine , 2007, NDSS.

[139]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[140]  Ben Y. Zhao,et al.  Securing Structured Overlays against Identity Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.