Timed revocation of user data: long expiration times from existing infrastructure

  • Authors:

  • Sirke Reimann;Markus Dürmuth

  • Affiliations:

  • Ruhr-University Bochum, Bochum, Germany;Ruhr-University Bochum, Bochum, Germany

  • Venue:
  • Proceedings of the 2012 ACM workshop on Privacy in the electronic society
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

The way we deal with information has changed significantly over the last years. More and more private data is published on the Internet, and at the same time our capacity to store and process data has vastly increased. Systems to prevent a large-scale data collection by placing an "expiration date" on digital data have been proposed before, but either they only support very short expiration times of a few days (such as Vanish and EphPub), or they require additional infrastructure (such as FaceCloak and X-pire). We propose a system that (i) implements expiration times of several month and does this (ii) based on existing infrastructure only; to the best of our knowledge this is the first system to have both properties at the same time. We exploit the fact that many webpages continuously change over time: We extract several key-shares from random webpages and use a threshold secret sharing scheme to reconstruct the correct key if enough webpages have not yet changed. After several month, enough webpages have changed to completely hide the key. For almost a year, we have collected statistics about the changes of webpages on a large random sample of webpages and have shown that expiration times of several month can be implemented reliably.