Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia.

Published byAlaina Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia."— Presentation transcript:

1 Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia USENIX Security Symposium (Usenix), 2009 (best student paper award)

2 What is Vanish ? Vanish is a project developed at the University of Washington which give the users the ability to determine the lifespan of their personal data stored in the web such as private message on Facebook, documents on Google Docs, or private photo on Flickr by making the Web object self-destruct or vanish automatically.

3 Motivating Problem: Data Lives Forever Sensitive email sender HotmailGmail The sensitive email is store in several servers before arriving to its final destination and if the sender deletes the email from his / hers inbox the email will still be store on several other locations for a long period of time. Creates multiple points where an attack can be performed. And compromise the person involved in the conversation

4 Effects Sensitive email sender HotmailGmail subpoena Lawyer, Attacker Receiver

5 Candidate Approaches User explicitly and manually delete there data or install a cron job to do that. Use a standard public key or symmetric encryption scheme. Stenography, Deniable encryption or Deniable file system Ephemeral key exchange for interactive communication systems (eg: OTR) Ephemerizer (trusted 3rd parties)

6 Assumptions Vanishing Data Object (VDO) 1.Time-limited value – store only for a limited period of time. 2.Known timeout – can be specified by the user. 3.Internet connectivity – required to interact with the VDO. 4.Dispensability under attack – user can destroy even if prematurely.

7 Goals Even if an attacker can retroactively obtain a pristine copy of that data and any relevant persistent cryptographic keys and passphrases from before that timeout, perhaps from stored or archived copies; Without the use of any explicit delete action by the user or the parties storing that data; (Automatically) Without needing to modify any of the stored or archived copies of that data; Without the use of secure hardware; and Without relying on the introduction of any new external services that would need to be deployed (whether trusted or not).

8 Threat Model Goal: 1.Trusted data owners 2.Retroactive attacks on privacy Out of scope threats 1.User making a clear text copy of the VDO and storing it. 2.ISPs that might spy on user DHT interaction.

9 World-Wide DHT How Vanish Works: Data Encapsulation Vanish Encapsulate (data, timeout) Vanish Data Object VDO = {C, L} Secret Sharing (M of N) k1k1 k2k2 kNkN... k3k3 Random indexes k1k1 k2k2 k3k3 kNkN C = E K (data) L K k1k1 k3k3 kNkN k2k2 9 VDO = {C, L}

10 Data Encapsulation

11 How Vanish Works: Data Decapsulation 11 Vanish Encapsulate (data, timeout) Random indexes C = E K (data) World-Wide DHT Vanish Decapsulate (VDO = {C, L}) data Secret Sharing (M of N)... Random indexes k1k1 k3k3 kNkN data = D K (C) kNkN k3k3 k1k1 LL K Secret Sharing (M of N) VDO = {C, L} k2k2 k2k2 Vanish Data Object VDO = {C, L}. k1k1 k2k2 k3k3 kNkN. k1k1 k2k2 k3k3 kNkN

12 How Vanish Works: Data Timeout The DHT loses key pieces over time – Natural churn: nodes crash or leave the DHT – Built-in timeout: DHT nodes purge data periodically Key loss makes all data copies permanently unreadable 12 World-Wide DHT Vanish Secret Sharing (M of N)... Random indexes k1k1 k3k3 kNkN data = D K (C) L K X kNkN k3k3 k1k1 12 X X

13 Vuze Background (a.k.a Azureus) Uses Kademlia protocol Nodes or assigned a random 160-bit Id based on IP and port. Looks for 20 nodes with ID closets to the index. Republish every 30 minutes to the other 19 nodes to combat churn.

14 Availability and Expiration in Vuze

15 Vanish Applications FireVanish Vanishing Files – Self-destructive trash bin or Microsoft Word’s auto save

16 Performance Based on T2500 DUO 2GB of Ram, Java 1.6 basic broadband network.

17 Security Analyses DHT can store information about the communication and an anonymization software like Tor is recommended. User not Vanishing the proper data. Vanish my raise legal implication in the new eDiscovery rules.

18 Retroactive Attacks Vanish Secret Sharing (M of N) k1k1 k2k2 kNkN... k3k3 K Direct put Replication Defense The attacker must join ~8% of the DHT size, for 25% capture. Decentralization Constant Evolution

19 Decapsulation Prior to Expiration Email provider decapsulate email on real time and storing them. Defense – Use PGP(Pretty Good Privacy) or GPG(GNU Privacy Guard) – this will make it harder for the email provider to decapsulate and the VDO will expire.

20 Sniff User’s Internet Connection Attacker might try to intercept and preserve the data users push into or retrieve from DHT. Defense – Vuze provides security for this type of attack. – Use Tor to tunnel the interaction with a DHT through remote machine.

21 Integrate into DHT (Sybil / Eclipse Attacks) Attacker integrate within the DHT in order to create copies of all data that is ask to store. This is estimate to cost around $860k/year in Amazon EC2 computation and networking cost.

22 Conclusions This paper introduced a new approach for protecting data privacy from attackers who retroactively obtain, through legal or other means, a user’s stored data and private decryption keys.

23 Improvements Using RSA before sending data to the node(SafeVanish Paper) Email provider stores decrypted data every certain time.

Download ppt "Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia."

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward.

Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.
S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Similar presentations

Ads by Google