Slashdot Mirror
'Vanish' Makes Sensitive Data Self-Destruct
Hugh Pickens writes "The NY Times reports on new software called 'Vanish,' developed by computer scientists at the University of Washington, which makes sensitive electronic messages 'self destruct' after a certain period of time. The researchers say they have struck upon a unique approach that relies on 'shattering' an encryption key that is held by neither party in an e-mail exchange, but is widely scattered across a peer-to-peer file sharing system. 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,' says Amit Levy, who helped create Vanish. It has been released as a free, open-source tool that works with Firefox. To use Vanish, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the 'Vanish' button. The tool encrypts the information with a key unknown even to the sender. That text can be read, for a limited time only, when the recipient highlights the text and presses the 'Vanish' button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever. Tadayoshi Kohno says Vanish makes it possible to control the 'lifetime' of any type of data stored in the cloud, including information on Facebook, Google documents or blogs."
This could be the next step in actually having secured, signed, digital copies.
I could see a variation of this made available for official documents that need to "phone home" for decription. If the document is somewhere its not supposed to be - scambled.
Of course there are many ways to circumvent this - but I'm tired of faxes being legally more viable than anything digital.
I see someone has tagged this article with "drm", but this isn't a usable technique for DRM. This is an interesting technique for creating a "disappearing" decryption key, but it only works if no one bothers to retrieve/reassemble the decryption key before it disappears. If the recipient retrieves the key while it still exists, he can save the key and decrypt the message at any time. Or he can retrieve the key, decrypt the message and save that. The most obvious application for this, I think, is forward security. As long as the recipient doesn't save a copy of the decrypted message or the decryption key, the message would become unreadable -- to anyone -- after a short period of time. I need to read the details to see if this would be useful in some real-world setting, or if it's of academic interest only.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
One advantage I see is that after the Alice sends Bob the message and Bob has it stored, then the copies of the message floating around on the Internet become completely non-decryptable after the time limit has expired. Even if a third party manages to decode or obtain Bob's private key, it won't do them any good in obtaining the text; the attacker would have to attack either Alice or Bob's endpoint, which is a lot harder than just passively sifting stuff sitting on a server with unknown security.
Vanish does the same thing that cryptographic tokens do. Both limit the window of attack on something. Where a smart card would limit guesses of a key's PIN to 3-5, Vanish limits the time of attack of a message to 8-12 hours.
If I'm guessing correctly, what's sent is essentially the cyphertext and a series of URLs that point to what makes up the key (e.g. go to page x, take every third character from the 27th line, etc). The idea being that the pages chosen should change often enough that anyone who intercepts the message, and LATER attempts to decypher it, will be unable to.
Basically, the only time this will offer protection is when the following conditions are all met:
a) The URLs chosen are not cached anywhere
b) The URLs chosen cycle regularly and randomly (the random part is important, and unlikely)
c) The message is NOT read by the attacker until after the key has disappeared. This will probably only occur if the keylinks & cyphertext are posted on a forum or similar, and which the attacker visits later. If the message is emailed/IMed/etc, then intercepting it at the time would make automatic decyphering trivial.
This all hinges on the assumption that the service does not hinge on a set of specially operated key generating servers (loss of which would prevent the service from operating). Such a service would provide properly randomised key fragments, but faces other issues. The fragments must be publicly accessible, change only after an 'acceptable' time period (implied to be a few hours), and remain constant for these few hours. This would make caching of the keys trivial. And would still not prevent decyphering upon interception within the time limit.
I suppose the key servers could require a key as part of the message itself to provide the correct key fragment, but this would only solve the caching attack, not interception.
Not to put to fine a point on it, companies are supposed to have an established document retention policy that specifies how long they will retain information like email messages. Most email it won't matter but if the contents in any way can be seen as a legal document - i.e. are business related - then destroying them this way might be seen as a deliberate attempt to cover up information by a court. IANAL, but I worked for some in this area, and its remarkably sensitive.
If someone at a company decides to use this tool, unbeknownst to the company and the other party is also using it, then the email becoming garbled and eventually deleted could become a problem should the company ever go to court. The court might require the company to produce a copy of all emails from the company during a given period (say the last 2 years perhaps), and if emails were destroyed in a manner that was not specified by the company retention policy it could cause the court to penalize the company when it fails to produce said emails.
When a company gets sued, its normal for them to place a hold order on the destruction of all documents, so they can't be seen as potentially covering things up. I hope that a tool like Vanish can be toggled to prevent unwarranted destruction, or someone is going to pay big time down the road.
It may seem like a trivial point, until you read of fines in the millions for companies who are unable to produce correspondence they should have preserved legally speaking. Moreover if the garbled email still exists, then the company might be required by the courts to unencrypt it - and if unable to do so, be penalized for that.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Of course there are many ways to circumvent this - but I'm tired of faxes being legally more viable than anything digital.
Just tired? Why not disturbed? No one should ever ever accept a signature or any document by fax, even within an organization - yet this is outrageously common.
Internally, many organizations have seen the light and now use email, since there is good enough security in place around user account and therefore mailbox access.