Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hierarchical Key Applications for Assured Destruction of Deleted Material.

Published byAlfred Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Hierarchical Key Applications for Assured Destruction of Deleted Material."— Presentation transcript:

1 Hierarchical Key Applications for Assured Destruction of Deleted Material

2 The Big Issue Alice has a remotely backed-up filesystem Files are encrypted on the remote server One day, Alice decides she wants to delete /var/secrets /var /var/www /var/secrets 2

3 The Big Issue However, Alice may not be able to guarantee deletion from the remote server The backup service may queue deletions for later… /var /var/www /var/.secrets 3

4 The Big Issue …and/or incremental backups of the deleted directory may still exist It may be important that no copy of the data exists at all. 2011/var 2011/var/www 2011/var/secrets 2010/var 2010/var/www 2010/var/secrets 4

5 A Similar Issue ‘Vanish’ [Geambasu – Security 2009] proposed Self-Destructing Data Bits of keys are distributed over public or semi- public DHTs via Shamir’s Secret Sharing Eventually enough parts of the key are lost due to churn and node self-cleansing that the data is not recoverable 5

6 A Similar Issue Vanish destroys data with some probability, increasing over time Sometimes “high probability” is not good enough 6

7 Goals Confidentiality Assurance of Irrecoverability High, consistent granularity Simplicity of deletion of sub-grain blocks of data Low overhead 7

8 Attribute Based Encryption Sahai and Waters’ 2004 paper “Fuzzy Identity- Based Encryption” introduced Attribute-Based Encryption In an ABE system, each ciphertext is accompanied by a list of attributes Keys can be constructed such that they will only decipher data with certain accompanying attributes 8

9 Attribute Based Encryption {Billing Dept., Security Clearance, Company Health Plan} {Security Clearance, Billing Dept., Human Resources} 9

10 Attribute Based Encryption {Billing Dept., Security Clearance, Company Health Plan} {Security Clearance, Billing Dept., Human Resources} 10

11 Project Proposal {/var, */foo, *.txt} {/var, */www, */foo *.txt} 11 {/var, */www */secrets, *.mkv, *.nzb} {/bin, */zap, */rows, *.dower,}

12 Project Proposal {/var, */secrets, *.nzb} {/var, */www, */foo *.txt} 12 {/var, */www */secrets, *.mkv, *.nzb} {/bin, */zap, */rows, *.dower,}

13 Our Solution {/var, */secrets, *.nzb} {/var, */www, */foo *.txt} 13 {/var, */www */secrets, *.mkv, *.nzb} {/bin, */zap, */rows, *.dower,}

14 Issues to Explore Granularity ▫The higher the granularity (i.e. the more precise deletions that are made possible) the larger the keyset must be Hierarchical structure ▫There's probably some clever trickery where we can shape the keys to be hierarchical - i.e., as is the filesystem ▫We believe the aforementioned adaptation of ABE can accomplish this efficiently 14

15 Proposal Summary Project Objectives: ▫Hierarchy-based, adjustable granularity adaptation of attribute-based encryption ▫Ability to efficiently delete sub-block-size chunks of data Requirements: ▫4 months ▫$33,000 15

Download ppt "Hierarchical Key Applications for Assured Destruction of Deleted Material."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Attribute-based Encryption

Attribute-based Encryption
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.

A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Full-Datapath Secure Deletion Sarah Diesburg 1. Overview Problem  Current secure deletion methods do not work State of the art  Optimistic system-wide.

Full-Datapath Secure Deletion Sarah Diesburg 1. Overview Problem  Current secure deletion methods do not work State of the art  Optimistic system-wide.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Backup as a Service and Disaster Recovery as a Service Providing backup and disaster recovery for virtual servers.

Backup as a Service and Disaster Recovery as a Service Providing backup and disaster recovery for virtual servers.
Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.
S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
Improving Lookup Performance over a Widely-Deployed DHT Daniel Stutzbach Reza Rejaie The ION P2P Project University of.

Improving Lookup Performance over a Widely-Deployed DHT Daniel Stutzbach Reza Rejaie The ION P2P Project University of.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Similar presentations

Ads by Google