Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the performance, feasibility, and use of forward-secure signatures
Proceedings of the 10th ACM conference on Computer and communications security
Threats to privacy in the forensic analysis of database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Validating Integrity for the Ephemerizer's Protocol with CL-Atse
Formal to Practical Security
Information Security Tech. Report
A policy based approach to managing shared data in dynamic collaborations
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
TrustStore: Making Amazon S3 Trustworthy with Services Composition
CCGRID '10 Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing
Timed-ephemerizer: make assured data appear and disappear
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Data node encrypted file system: efficient secure deletion for flash memory
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Timed revocation of user data: long expiration times from existing infrastructure
Proceedings of the 2012 ACM workshop on Privacy in the electronic society
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Secure data deletion from persistent media
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
This paper is about how to keep data for a finite time, and then make it unrecoverable after that. It is difficult to ensure that data is completely destroyed. To be available before expiration it is desirable to create backup copies. Then absolute deletion becomes difficult, because even after explicitly deleting it, copies might remain on backup media, or in swap space, or be forensically recoverable. The obvious solution is to store the data encrypted, and then delete the key after expiration. The key is somewhat easier to manage, because it is smaller, but there is still the issue of needing to make the key reliably available for some time, and then reliably destroyed. It is difficult enough for a user to manage one key, much less different keys for different data expiration times. The user could keep each key on a tamper-proof smart card with no copies, but then the data will be lost prematurely if the user loses the smart card. And smart cards are expensive. So the idea in this paper is to concentrate all the key management expense and expertise in one place, a server we call an "ephemerizer". The ephemerizer creates keys, makes them available for encryption, aids in decryption, and destroys the keys at the appropriate time. The design in this paper ensure that even if a client's machine gets compromised, and everything in stable storage (including long term user keys) is stolen, any data that has expired before the compromise remains unrecoverable. The paper starts with a description of an existing commercial scheme, and presents improvements to that scheme to eliminate the necessity for per-message state. Then it presents a new approach, based on public keys, and presents an initial design, and then a more efficient version using a new concept closely related to blind signatures, that we call "blind decryption".