[liberationtech] Auto expiring document/files & 'rights to be forgotten'

Tadayoshi Kohno yoshi at cs.washington.edu
Thu Jan 26 13:21:33 PST 2012 

Thanks Steve!  Yes, sounds like Vanish (also originally with Roxana Geambasu, Amit Levy, and Hank Levy).  The attack was very effective against our original research prototype, largely because our prototype relied on the Vuze DHT as the underlying substrate but the Vuze DHT had properties that made it weak for our purposes (as the other work shows).  If people are still interested in this space, I would suggest looking at this new paper instead: <http://www.cs.columbia.edu/~roxana/research/projects/vanish/vanish-extensions-techreport11.pdf>.  I've included the abstract below:

	This paper seeks to advance the state of the art in practical 
	self-destructing data systems that secure sensitive data from 
	disclosure in our highly mobile, social-networked, cloud-computing 
	world. Our work facilitates the automatic, timed, and simultaneous 
	destruction of all copies of a self-destructing data object (such as 
	a message or file) without any explicit action by the user and 
	without relying on any single trusted third party.
	
	We make three contributions to the study of self-destructing data. 
	First, we present Cascade, an extensible framework for integrating 
	multiple key-storage mechanisms into a single self-destructing data 
	system. Cascade enhances resistance to attack by combining the 
	security advantages of a diverse set of key-storage approaches. 
	Second, we introduce Tide, a new key-storage system for 
	self-destructing data that leverages the ubiquity and easy 
	deployment of Apache Web servers throughout the Internet. Third, 
	based on our earlier work on Vanish and in light of recent attacks 
	against the Vuze DHT, we demonstrate how to significantly harden 
	Vuze and other DHTs against Sybil data-harvesting attacks, making 
	DHTs applicable as key-storage systems under Cascade.
	
	To validate our approach, we designed, implemented, deployed, and 
	measured these systems. We prototyped the extensible Cascade system 
	with support for Tide, Vuze, and OpenDHT. We prototyped the Tide 
	key-storage system on Apache, deployed it on over 400 PlanetLab 
	nodes in the Internet, and demonstrated that the structure is highly 
	immune to attack. Finally, we designed and deployed a set of 
	defenses to Sybil data-harvesting attacks in the live Vuze P2P 
	system and measured them at full scale in the million-node DHT; our 
	results demonstrate that these defenses provide a 
	three-order-of-magnitude improvement over the original Vuze DHT, 
	rendering data-harvesting attacks extremely impractical.

Thanks!
Yoshi

On Jan 26, 2012, at 11:39 AM, Steve Weis wrote:

> You might be thinking of Vanish by Yoshi Kohno et al.:
> http://vanish.cs.washington.edu/
> http://www.cs.washington.edu/homes/levy/vanish.pdf
> 
> Ed Felten, Alex Halderman, Brent Waters, et al. have a Sybil attack against
> it here:
> https://jhalderm.com/pub/papers/unvanish-ndss10-web.pdf
> 
> Regardless of the attack, Vanish does not prevent local copies of the data.
> As people have already pointed out, if you let someone view static content
> on their own hardware, they can copy it. You can make it inconvenient and
> perhaps lossy, but can't prevent it completely.
> 
> On Thu, Jan 26, 2012 at 11:18 AM, Tom Ritter <tom at ritter.vg> wrote:
> 
>> There was a technology (that didn't work for realistic threat models)
>> that took a document and split among a number of servers.  Over time,
>> these pieces would decay and be removed until you were no longer able
>> to reassemble the document.  That sounds similar to what you're after.
>> 
>> It doesn't work for all the reasons already mentioned, but it was a
>> concrete open source implementation of an attempt.  If only I could
>> remember its name...
>> 
>> -tom
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>> 
>> Should you need to change your subscription options, please go to:
>> 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>> 
>> You will need the user name and password you receive from the list
>> moderator in monthly reminders.
>> 
>> Should you need immediate assistance, please contact the list moderator.
>> 
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

More information about the liberationtech mailing list