Slashdot Mirror
'Vanish' Makes Sensitive Data Self-Destruct
Hugh Pickens writes "The NY Times reports on new software called 'Vanish,' developed by computer scientists at the University of Washington, which makes sensitive electronic messages 'self destruct' after a certain period of time. The researchers say they have struck upon a unique approach that relies on 'shattering' an encryption key that is held by neither party in an e-mail exchange, but is widely scattered across a peer-to-peer file sharing system. 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,' says Amit Levy, who helped create Vanish. It has been released as a free, open-source tool that works with Firefox. To use Vanish, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the 'Vanish' button. The tool encrypts the information with a key unknown even to the sender. That text can be read, for a limited time only, when the recipient highlights the text and presses the 'Vanish' button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever. Tadayoshi Kohno says Vanish makes it possible to control the 'lifetime' of any type of data stored in the cloud, including information on Facebook, Google documents or blogs."
'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,'
And yet after a copypaste or screenshot it wont disappear anywhere.
If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.
Bruce Perens.
Dear Alice,
Do you want to go to the dance with me?
[ ] YES
[ ] NO
Love,
Bob
(Message will self-desctruct 1 minute after dance starts.)
read this in one of Dan Browns novels
Sounds simliar to time changing mutation strings ? I thought there wasnt a reliable way to do this ever . I mean something has to understand what the keys are at any point in time.
Is to assist this open source project!
Then make this message self destruct.
for all the flames I posted on Usenet
I think corporate VPs have been using this tool for years, with the delay trigger set to "0".
End anonymous moderation and posting on
Hell, it's practically the reason we invented Public Key Crypto (TLS, etc).
...everything disappears off there pretty quickly already.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I wonder how I could adapt this to conversations my wife has with me, since she reminds me of stuff I said 20 odd years ago?
Beer is proof that God loves us and wants us to be happy.
If the software allows the user to view the plain text, then it can be copied, so I don't see how this would really ensure it disappears. While I would love to be able to have social networks or cloud computing that could guarantee privacy by having technological measures to prevent the dissemination of private information, I think that problem is exactly the same one DRM tries to solve. And that is why it is doomed to fail. The only way it could really hope to succeed is in a world of ubiquitous "trusted computing" where the computer (and any other recording devices) ultimately will not carry out user commands to copy the data (or copy the output from the "analog hole". In the current world, such a scheme is doomed to fail, and the world where it would work sounds like a dystopian future to me.
All that being said, perhaps it can be used to prevent authentication of the information? Somehow the digital signature could no longer be read, so you could show a copy of a document but not demonstrate that it was really created by the author. It's not clear to me whether that's possible.
"You call it a new way of thinking; I call it regression to ignorance!" -- Operation Ivy
Comment removed based on user account deletion
I see someone has tagged this article with "drm", but this isn't a usable technique for DRM. This is an interesting technique for creating a "disappearing" decryption key, but it only works if no one bothers to retrieve/reassemble the decryption key before it disappears. If the recipient retrieves the key while it still exists, he can save the key and decrypt the message at any time. Or he can retrieve the key, decrypt the message and save that. The most obvious application for this, I think, is forward security. As long as the recipient doesn't save a copy of the decrypted message or the decryption key, the message would become unreadable -- to anyone -- after a short period of time. I need to read the details to see if this would be useful in some real-world setting, or if it's of academic interest only.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
After eight hours, the message will be impossible to unscramble and will remain gibberish forever.
Most of my messages are gibberish to begin with. No scrambling needed!
I can see this being useful for corporations that want e-mails to be destroyed before they can be used against them in court. Sure you could take a screen shot or copy/paste the text before the e-mail is permanently destroyed, but can you prove that your copy wasn't tampered with? Can you prove that was what the e-mail originally said? Plausible deniability!
If you buy the Vanish++ package, you get an additional package of superglue, to glue the printscreen button stuck.
See their license at this page:
1. Software may not be modified except for personal, educational or informational purposes.
This is not free software, nor is it open source.
I can just imagine the bugs, accidents and outright stupidity that will lead to millions of users asking "where did my data go?"
You're thinking about it wrong. It is basically a TTL (Time To Live) tool for data just in case it ends up in some place it wasn't meant to be. Hence the trusted two parties part.
I didn't realize that P2P systems are known for making a piece of information unavailable once it is scattered across that P2P system, especially encryption keys and such. No one gets stuff like that on P2P networks, why would they do that?
stuff |
Finally, an article in my area of expertise. Now this is likely to earn me +5 insightful, interesting and everything else.
So, why is Vanish useful to us?
Well... [BEGIN VANISH]u5vw7b658we77kw4657865v87zb68e7y678ctr63or63o7t6ox9587x4ygfiouhx .lwaje .og8unl98nst.oby487rw;zbv5l936tlisd rnzsche.ldnj ekqb;wv4ioa
eo84yre kl76v5los79y6to89xep89x7e4v6eotyl9e84lbvr8xy76ebl9txevl9r8
ygnl8odvr,i8xeyvti8seybvto eby5tli8xevynlr8n776vsot7vnl9xe84nyu
aowpibtulieut,iwvy,o39u dryswrl9uzfna484ytlo8cwjnlv ig78wfp9cnusgl8w
3n4aly8u
ur.,zwjsehg f,vhlfiawvutileuklrla wucbtrqil37ctlasehjctn;laiwuerciluqw3ybt
ow875ntliu awu[9c57st8nzwci4ycrnhseu6go38ny cfukbtw347v6f5o93vsb
y to9y347icr yisuryctw 37bt6l9s38 ucr,ugbvt6o8w 3nyu.oulv87vg[END VANISH]
I think we can all agree with that.
Nick.
This can be done pretty easily with a smart card: it only gives out the key for a limited amount of time. I suppose you have to trust the manufacturer of the smart card, but you also have to trust the manufacturer of the PC you're reading the message on, and its OS and ...
Sounds like we would simply need the device listed in paragraph 3, sentence 5 here :-)
in order to decrypt it
The quote 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears' should actually be attributed to Prof. Henry Levy, not Amit Levy. The confusion was probably caused by the press release only refers to the last name.
So I get a copy and it gets cached or copy and pasted somewhere else. Busted. It is of limited use only for people that agree the data should be destroyed.
I am confused so hopefully someone can shed some light. They say there is no need to swap public keys with the person you are writing the message to. Does this mean anyone with the tool in Firefox can decode your message? Is there some way to specify who the reading parties are? That I am a little confused about and couldn't find any info about it in the articles. Hopefully someone can clear it up.
Not sure what this research will achieve. Message is available at both ends. So it can be copied and stored in plain text. Only way to destroy the message is to both sides agree on it and destroy it. When that happens both sides can agree to destroy the keys as well.
for the one further down where the guy wanted his data gone if the laptop was stolen. slashdot
I thought we (or at least very developed countries) already had laws on the books to combat corruption, fraud, embezzlement, collusion, anti-competitiveness, tax evasion/avoidance, and so on. Why would the existence or viability of "Vanish" vaporize culpability or liability or such. The absence of information corroborating corruption won't be the only way to bust crooked or derelict CEOs and company. Absence of time stamps, gaps in file queues, loose lips, and other things will (or can) aid in their undoing if an investigation commences.
Besides, anyone wanting to make sure their CEOs are held to account just needs to be in IT, or have a DIRECT LAW ORDER from the federal government "YOU ARE ****EXPLICITLY**** DISALLOWED PRIVILEGE TO USE "VANISH" FOR ANY BUSINESS, COMMERCIAL, ECONOMIC, PAYROLL, PAY-FOR-WORK, MEMORANDUMS OF UNDERSTANDING, LETTERS OF INTENT, OR THEIR LOGICAL EXTENSIONS OR PREDECESSOR ACTS. END OF STORY FOR YOU."
And, then let the legal chicanery and expensive case filings begin.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Some ISPs have already made using P2P against terms of service. With this program I can governments just flat out banning all P2P as "terrorist tools".
The core idea behind Vanish, if you dig 6 links deep to the actual technical information, is that nodes on a P2P network come and go. Therefore, if you break up the decryption key, and scatter it on the network, eventually some of those nodes will go away, and the key won't be recoverable. Apparently, the authors have some clever (unmentioned) trick to control the timing on this to a limited extent.
So, obviously, this doesn't work. It relies on the worst kind of trust -- trust of a P2P network. If the network is compromised, the data is permanently decryptable. Better yet, it relies on a P2P network to continue behaving the same -- if all nodes suddenly had 99% uptime, this would entirely stop working. Finally, even if this works, it doesn't make decryption keys "go away" -- it just makes it incredibly difficult for someone who doesn't have the key to obtain it. Anyone who already has the key will have it forever.
First, as is typical, the Slashdot article is three steps removed from the actual paper, which is worth reading.
It's kind of cute. What makes it work is that the indexing part of the Vuze platform, which is distributed over a few million user machines, has an 8-hour timeout. After eight hours, otherwise unused entries are purged from cache, like DNS cache expiration. So it's possible to use Vuze for unreliable short-term storage of key-value pairs.
(Normally, the Vuze hash is used as a index to BitTorrent blocks, and if there's a block on a server, the server puts it into the hash and refreshes it periodically, so the block stays indexed. But it's possible to put arbitrary key-value pairs into the distributed hash that have no relationship to BitTorrent blocks. If you put info in the hash and don't refresh it, it goes away after eight hours.)
So the sender generates a key, encrypts the message, spreads the key across some number of key-value pairs on random Vuze clients, sends a message telling what key-value pairs in Vuze contain the crypto key, and deletes the local copy of the key. The receiver gets the message, looks up the key-value pairs specified in the Vuze hash, reconstructs the key, decrypts the message, displays it, and deletes the local copy of the key. The receiving client has to do this every time the message is viewed.
This violates the Vuze terms of service, incidentally.
This reminds me of a system I saw someone developing several years ago at Critical Security. A message would be encrypted with a key based on Google results for a particular query (the query would be known to both parties). The results changed frequently enough that after a short period, the key was lost forever.
Not to put to fine a point on it, companies are supposed to have an established document retention policy that specifies how long they will retain information like email messages. Most email it won't matter but if the contents in any way can be seen as a legal document - i.e. are business related - then destroying them this way might be seen as a deliberate attempt to cover up information by a court. IANAL, but I worked for some in this area, and its remarkably sensitive.
If someone at a company decides to use this tool, unbeknownst to the company and the other party is also using it, then the email becoming garbled and eventually deleted could become a problem should the company ever go to court. The court might require the company to produce a copy of all emails from the company during a given period (say the last 2 years perhaps), and if emails were destroyed in a manner that was not specified by the company retention policy it could cause the court to penalize the company when it fails to produce said emails.
When a company gets sued, its normal for them to place a hold order on the destruction of all documents, so they can't be seen as potentially covering things up. I hope that a tool like Vanish can be toggled to prevent unwarranted destruction, or someone is going to pay big time down the road.
It may seem like a trivial point, until you read of fines in the millions for companies who are unable to produce correspondence they should have preserved legally speaking. Moreover if the garbled email still exists, then the company might be required by the courts to unencrypt it - and if unable to do so, be penalized for that.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Should you decide to accept this assignment...
Free Martian Whores!
Back during the boom, there was a company called Disappearing Inc. that provided a similar kind of service. (I don't know if they still exist, but they did get bought by somebody with a less cool name...) They came and talked to a Cypherpunks meeting, and their explanation was "We need to be really clear about what problems we're trying to solve and what problems we're not trying to solve. We're trying to let people who want to cooperate with each other protect the information they want; trying to protect information for people who don't want to cooperate would be snake oil." Their target market was corporate data retention.
Their system did key management as a service, with document readers that fetched a key and decrypted the document for you to read. They'd delete keys after whatever date you specified (typically a month or two, or in response to a delete message.) They were US-based, and if they received a subpoena/warrant for information that their lawyers thought was ok they'd provide it, but if they'd already destroyed a key, they didn't have it backed up anywhere.
I don't think it is possible to completely make your data vanish. Some of the best computer forensics experts can still get data back even when it has been "government wiped" with random 1s and 0s written to every hard drive sector. This claim is dubious at best.
Disappearing Inc had a similar service back during the boom. They'd manage document keys for you, and you'd read the document using a reader that fetched a document key from their servers and opened a copy for you but didn't give you the actual key. When the key expired (based on whatever date you set with them, or a delete message), they'd delete the key, so nobody could decrypt the document later.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
this story begs for a 'usetextpls' tag...
My MAXTOR drives have been doing this for years.
Eight hours? The IMF usually needs 10 seconds/
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
..by Kindle.
I hope they thought about what to do with the content after the key is gone. Sounds like it stays out there, permanently scrambled, local storage and perhaps distributed.
If this becomes popular, then even though some people will delete messages, others will just let them gather, on servers, on their own machines, on forums and web pages...
I imagine after a few years, half the digital storage in the world could be useless data. :)
It is a clever hack, but not tidy.
It appears the EULA requires you to wear this gizmo on your head where, after the requisite time period has passed, it zaps your brain with Amnesiatron (TM) particles to make sure you forget the message, thereby fullfilling the design goal of making the message vanish forever.
Oh and the computer will be equipped with C4 that will be triggered at the same time, just in case you happen to take a screenshot.
You don't want to know what will happen to the ISP...
"Self-Destruct' Makes Sensitive Data Vanish
It's a gimmick. You could easily store the key with a central authority instead of a P2P network, exactly the way DRM works now. In fact, I'd much rather the key for messages I send was stored WITH ME so I could be sure it was erased, rather than stored with Joe and Alice's P2P network (we promise we erase stuff! Honest!).
Comment removed based on user account deletion
i was too lazy to read the summary but how about a good ol'
find /path/to/sensitive_shit -type f -mtime "+$LIFETIME" -print0 | xargs -0 rm -vi ???
Comment removed based on user account deletion
You know, I never understood why short e-mail message have to be "transmitted" to the recipient in SMTP. As such, my e-mail is available for e-discovery requests aimed at the recipient as it's on the recipients computer.
In cases I didn't want that, I stuck an image on my web server and did a link to the https://passwordserver.com/dir1234/abc.jpg with headers set to no-cache. This being a CGI program.
The result is pretty similar TFA, but much easier obtained. P2P isn't going to be opened up on our network for this feature. In my example, the e-mail is also short lived. It's encrypted with no effort on the user, other than "load remote images" if they have that disabled. It's password protected, though not as nicely as this new Crypto key handling method. Once the server sends the JPG one time, it will only send it again to that same IP address with the cookie initially set on the first display as per the CGI script. The server then queues the JPG email up to delete after x many minutes via a database entry and scheduled job.
Now I can delete the message of the e-mail at will. If they don't read it after so many days, I can nuke it. They can print or copy/paste it, but it's not in their Exchange server nor is it on mine.
My attempt was quick and dirty. Places like MessageLabs and POSTINI already offer this service in a much nicer and easier format. We already see health care and banking use these services.
Dammit, I'm trying to decode your email, but it's been stuck at 99.5% for the last 4 hours!
Sewage Treatment Facilities - "Our duty is clear."
Say, you wouldn't happen to be a dentist, would you?
I might be a buxom blond with wine-stained teeth...
... the real idea is to prevent people who never originally saw the message from reading it down the road.
So a US corporation using this on its internal email (or even receiving email encrypted with this tool) would be in violation of the record-keeping requirements of the the Sarbanes-Oxley Act (unless they decrypted and kept an in-the-clear copy of EVERY such letter that arrived), even if they automatically archive all email they handle.
I bet a number of VPs of IT need a change of pants about now.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
...where you can leave an anonymous encrypted message that someone else can pickup w/ the message id and password. The message self destructs and is securely wiped after it is read and if it is not picked up in 90 days it is also securely wiped. Check it out http://www.encr1pt3d.com
And that's exactly the problem here. What keeps me from running that tool in a debugger and grabbing the key once it's reassembled? Worse, what keeps me from reversing the tool to learn its key gathering mechanism and collect the key pieces, assemble them and have the key?
Or hey, how about a really neat idea: How about simply grabbing the decrypted file from memory?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
http://xkcd.com/177/
Most human behaviour can be explained in terms of identity.
I discovered this bulletproof form of encryption in the early nineties. Doesn't require any software and all both parties need to do is know how to touch type without looking at the keyboard. Basically you shift your hands one key to the right (rest your index fingers on g and k) and type as you normally would but without looking at the keys. Not even rainbow tables can break this. See, watch:
the quick brown fox jumps over the lazy dogs. ;sxu fphd/
ujr wiovl ntpem gpc ki,[d pbrt yjr
All the other guy needs to do is shift his hands one key to the left (index fingers on d and h), he starts retyping the encrypted code and bam, rock solid and convenient encryption with no packet overhead. May not work on binary code [yet]. And I don't know if it's legal or too strong for the government (IANAL ... or should I say, osms;).
Calling out bogus battery capacity claims.
Vertrau Pink. Vergiss Flecken.