vanish increasing data privacy with self destructing data
play

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana - PowerPoint PPT Presentation

Oct 07, 2022 •687 likes •1.11k views

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington Outline Part 1: Introducing Self-Destructing Data Part 2: Vanish Architecture and Implementation Part 3:

  1. Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington

  2. Outline Part 1: Introducing Self-Destructing Data Part 2: Vanish Architecture and Implementation Part 3: Evaluation and Applications �

  3. Motivating Problem: Data Lives Forever Sensitive Ann Carla email ISP This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. Sensiti ve Sensiti ve Sensiti ve Sensiti ve Sensti ve Sensti ve Sensti ve Sensti ve Sensiti ve Sensiti ve Sensiti ve Sensiti ve How can Ann delete her sensitive email? � She doesn’t know where all the copies are � Services may retain data for long after user tries to delete �

  4. Archived Copies Can Resurface Years Later Ann Carla ISP Sensiti ve Sensiti ve Sensti ve Sensti ve Sensiti ve Sensiti ve Subpoena, Some time later… hacking, … Retroactive attack This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. on archived data This is sensitive stuff. This is sensitive stuff. �

  5. The Retroactive Attack Retroactive Upload Copies User tries months or years attack begins data archived to delete Time �

  6. Why Not Use Encryption (e.g., PGP)? Ann Carla ISP Sensiti ve Sensiti ve Sensti ve Sensti ve Sensiti ve Sensiti ve Subpoena, hacking, … This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. �

  7. Why Not Use Encryption (e.g., PGP)? Ann Carla ISP Sensiti ve Sensiti ve Sensti ve Sensti ve Sensiti ve Sensiti ve Subpoena, hacking, … This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. �

  8. Why Not Use a Centralized Service? Ann Carla ISP Backdoor Centralized Service agreement “Trust us: we’ll help you delete your data on time.” �

  9. Why Not Use a Centralized Service? Ann Carla ISP Backdoor Centralized Service agreement “Trust us: we’ll help you delete your data on time.” �

  10. The Problem: Two Huge Challenges for Privacy 1. Data lives forever � On the web: emails, Facebook photos, Google Docs, blogs, … � In the home: disks are cheap, so no need to ever delete data � In your pocket: phones and USB sticks have GBs of storage 2. Retroactive disclosure of both data and user keys has become commonplace � Hackers � Misconfigurations � Legal actions � Border seizing � Theft � Carelessness ��

  11. The Problem: Two Huge Challenges for Privacy 1. Data lives forever � On the web: emails, Facebook photos, Google Docs, blogs, … � In the home: disks are cheap, so no need to ever delete data � In your pocket: phones and USB sticks have GBs of storage 2. Retroactive disclosure of both data and user keys has become commonplace � Hackers � Misconfigurations � Legal actions � Border seizing � Theft � Carelessness ��

  12. The Problem: Two Huge Challenges for Privacy 1. Data lives forever � On the web: emails, Facebook photos, Google Docs, blogs, … � In the home: disks are cheap, so no need to ever delete data � In your pocket: phones and USB sticks have GBs of storage 2. Retroactive disclosure of both data and user keys has become commonplace � Hackers � Misconfigurations � Legal actions � Border seizing � Theft � Carelessness ��

  13. The Problem: Two Huge Challenges for Privacy 1. Data lives forever � On the web: emails, Facebook photos, Google Docs, blogs, … � In the home: disks are cheap, so no need to ever delete data � In your pocket: phones and USB sticks have GBs of storage 2. Retroactive disclosure of both data and user keys has become commonplace � Hackers � Misconfigurations � Legal actions � Border seizing � Theft � Carelessness ��

  14. Question: Can we empower users with control of data lifetime? Answer: Self-destructing data User tries Retroactive Upload Copies months or years to delete attack begins data archived Time ��

  15. Question: Can we empower users with control of data lifetime? Answer: Self-destructing data Timeout User tries Retroactive Upload Copies (all copies months or years to delete attack begins data archived self destruct) Time ��

  16. Self-Destructing Data Model Sensitive Ann Carla email ISP This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. self-destructing data (timeout) 1. Until timeout, users can read original message ��

  17. Self-Destructing Data Model Sensitive Ann Carla email ISP This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. self-destructing data (timeout) 1. Until timeout, users can read original message 2. After timeout, all copies become permanently unreadable 2.1. even for attackers who obtain an archived copy & user keys 2.2. without requiring explicit delete action by user/services 2.3. without having to trust any centralized services ��

  18. Self-Destructing Data Model Sensitive Ann Carla email ISP This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. self-destructing data (timeout) Goals of Self-Destructing Data 1. Until timeout, users can read original message 2. After timeout, all copies become permanently unreadable 2.1. even for attackers who obtain an archived copy & user keys 2.2. without requiring explicit delete action by user/services 2.3. without having to trust any centralized services ��

  19. Outline Part 1: Introducing Self-Destructing Data Part 2: Vanish Architecture and Implementation Part 3: Evaluation and Applications ��

  20. Vanish: Self-Destructing Data System � Traditional solutions are not sufficient for self-destructing data goals: � PGP � Centralized data management services � Forward-secure encryption � … � Let’s try something completely new! Idea: Leverage P2P systems ��

  21. P2P 101: Intro to Peer-To-Peer Systems � A system composed of individually-owned computers that make a portion of their resources available directly to their peers without intermediary managed hosts or servers. [~wikipedia] Important P2P properties (for Vanish): � Huge scale – millions of nodes � Geographic distribution – hundreds of countries � Decentralization – individually-owned, no single point of trust � Constant evolution – nodes constantly join and leave ��

  22. Distributed Hashtables (DHTs) � Hashtable data structure implemented on a P2P network � Get and put (index, value) pairs DHT � Each node stores part of the index space Logical structure � DHTs are part of many file sharing systems: � Vuze, Mainline, KAD � Vuze has ~1.5M simultaneous nodes in ~190 countries � Vanish leverages DHTs to provide self-destructing data � One of few applications of DHTs outside of file sharing ��

  23. How Vanish Works: Data Encapsulation Ann Encapsulate (data, timeout) Vanish L k 1 k 1 Secret World-Wide k 2 k 2 Sharing DHT K k 3 k 3 . (M of N) . . k N k N C = E K (data) ��

  24. How Vanish Works: Data Encapsulation Ann Encapsulate (data, timeout) Vanish L k N k 3 k 1 k 1 Secret World-Wide k 2 k 2 Sharing DHT K k 2 k 3 k 3 . (M of N) . . k 1 k N k N C = E K (data) ��

  25. How Vanish Works: Data Encapsulation Ann Carla VDO = {C, L} Encapsulate Vanish Data Object (data, timeout) VDO = {C, L} Vanish L k N k 3 Secret World-Wide Sharing DHT k 2 (M of N) k 1 C = E K (data) ��

  26. How Vanish Works: Data Decapsulation Ann Carla VDO = {C, L} Encapsulate Vanish Data Object Decapsulate (data, timeout) VDO = {C, L} (VDO = {C, L}) Vanish Vanish L L k N k N k 3 k 3 k 1 Secret World-Wide k 2 Sharing DHT k 2 k 2 k 3 (M of N) . . . k 1 k 1 k N C = E K (data) ��

  27. How Vanish Works: Data Decapsulation Ann Carla VDO = {C, L} Encapsulate Vanish Data Object Decapsulate data (data, timeout) VDO = {C, L} (VDO = {C, L}) Vanish Vanish L L k N k N k 3 k 3 k 1 Secret Secret World-Wide k 2 Sharing Sharing DHT K k 2 k 2 k 3 (M of N) . (M of N) . . k 1 k 1 k N C = E K (data) data = D K (C) ��

  28. How Vanish Works: Data Decapsulation Ann Carla VDO = {C, L} Encapsulate Vanish Data Object Decapsulate data (data, timeout) VDO = {C, L} (VDO = {C, L}) Vanish Vanish L L k N k N k 3 k 3 k 1 Secret Secret World-Wide X Sharing Sharing DHT K k 3 (M of N) . (M of N) . . k 1 k 1 k N C = E K (data) data = D K (C) ��

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

CyLab Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie Faith Cranor November 12, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

658 views • 21 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel DECEMBER 8, 2019 Data Privacy vs. Data Security Data Privacy Data Security How data is collected & How data is stored & used

465 views • 23 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy & your data Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal Assistant Privacy & your data Data protection What are we talking about? What is personal data? Rights of the data

486 views • 19 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
1 Data Mining and Privacy The primary task in data mining: Develop models about aggregated

1 Data Mining and Privacy The primary task in data mining: Develop models about aggregated

Privacy Breaches in Privacy-Preserving Data Mining Johannes Gehrke Department of Computer Science Cornell University Joint work with Sasha Evfimievski (Cornell), Ramakrishnan Srikant (IBM), and Rakesh Agrawal (IBM) Motivation: Information

310 views • 18 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference control Anonymization problem Anonymization notions and approaches (and how they fail to work!) k-anonymity l-diversity t-closeness

741 views • 51 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data

Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data

Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data Privacy and Anonymity Outline Review and critique of randomization approaches (additive noise) Multiplicative data perturbations Rotation

526 views • 39 slides
Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special Counsel, Data Privacy GTC Law Group Distinguished Fellow, Ponemon Institute The Universe of Current Privacy Concerns n The Privacy world is today

698 views • 40 slides
BRANCH PREDICTORS Mahdi Nazm Bojnordi Assistant Professor School of Computing University of

BRANCH PREDICTORS Mahdi Nazm Bojnordi Assistant Professor School of Computing University of

BRANCH PREDICTORS Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 6810: Computer Architecture Overview Announcements Homework 2 release: Sept. 26 th This lecture Dynamic branch prediction

782 views • 49 slides
Handling Churn in a DHT Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz University

Handling Churn in a DHT Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz University

Handling Churn in a DHT Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz University of California, Berkeley and Intel Research, Berkeley { srhea,geels,kubitron } @cs.berkeley.edu, troscoe@intel-research.net Report No. UCB/CSD-03-1299

172 views • 16 slides
Distributed Hash Tables CS425 /ECE428 DISTRIBUTED SYSTEMS SPRING 2020 Material derived

Distributed Hash Tables CS425 /ECE428 DISTRIBUTED SYSTEMS SPRING 2020 Material derived

Distributed Hash Tables CS425 /ECE428 DISTRIBUTED SYSTEMS SPRING 2020 Material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra, K. Nahrstedt, N. Vaidya Distributed System Organization Centralized Ring Clique

535 views • 28 slides
Handling Churn in a DHT Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz UC

Handling Churn in a DHT Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz UC

Handling Churn in a DHT Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz UC Berkeley and Intel Research Berkeley Whats a DHT? Distributed Hash Table Peer-to-peer algorithm to offering put/get interface Associative

373 views • 35 slides
Achieving One-Hop DHT Lookup and Strong Stabilization by Passing Tokens Ben Leong and Ji Li MIT

Achieving One-Hop DHT Lookup and Strong Stabilization by Passing Tokens Ben Leong and Ji Li MIT

Achieving One-Hop DHT Lookup and Strong Stabilization by Passing Tokens Ben Leong and Ji Li MIT Computer Science and Artificial Intelligence Laboratory { benleong, jli } @mit.edu Achieving One-Hop DHT Lookup and Strong Stabilization by Passing

901 views • 38 slides
A flexible and robust lookup algorithm for P2P systems Mauro Andreolini, Riccardo Lancellotti

A flexible and robust lookup algorithm for P2P systems Mauro Andreolini, Riccardo Lancellotti

A flexible and robust lookup algorithm for P2P systems Mauro Andreolini, Riccardo Lancellotti University of Modena and Reggio Emilia DPDNS '09 - Rome - 29 May 2009 1 Motivations Wide popularity of P2P paradigm File sharing

441 views • 17 slides
Improving locality of an object store in a Fog Computing environment Bastien Confais , Beno t

Improving locality of an object store in a Fog Computing environment Bastien Confais , Beno t

Improving locality of an object store in a Fog Computing environment Bastien Confais , Beno t Parrein , Adrien Lebre LS2N, Nantes, France Grid5000-FIT school 4th April 2018 1/29 Outline 1 Fog computing architecture 2 Improving locality

570 views • 36 slides
Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University of California, Santa Cruz Owen Arden Remote Attestation A process for the enclave to gain the trust of a remote service, so that the remote

212 views • 18 slides

More recommend