Towards compliant data retention with probe storage on patterned media

We describe how the compliance requirements for data retention from recent laws such as the US Sarbanes Oxley Act may be supported by a tamper-evident secure storage system based on probe storage with a patterned magnetic medium. This medium supports normal read/write operations by out-of-plane magnetisation of individual dots. We report on an experiment to show that in principle the medium also supports a separate class of write-once operation that destroys the out-of-plane magnetisation property of the dots irreversibly by precise local heating. The write-once operation can be used to support flexible data retention by tamper-evident writing and physical data deletion

Jamming aided Generalized Data Attacks: Exposing Vulnerabilities in Secure Estimation

Jamming refers to the deletion, corruption or damage of meter measurements that prevents their further usage. This is distinct from adversarial data injection that changes meter readings while preserving their utility in state estimation. This paper presents a generalized attack regime that uses jamming of secure and insecure measurements to greatly expand the scope of common 'hidden' and 'detectable' data injection attacks in literature. For 'hidden' attacks, it is shown that with jamming, the optimal attack is given by the minimum feasible cut in a specific weighted graph. More importantly, for 'detectable' data attacks, this paper shows that the entire range of relative costs for adversarial jamming and data injection can be divided into three separate regions, with distinct graph-cut based constructions for the optimal attack. Approximate algorithms for attack design are developed and their performances are demonstrated by simulations on IEEE test cases. Further, it is proved that prevention of such attacks require security of all grid measurements. This work comprehensively quantifies the dual adversarial benefits of jamming: (a) reduced attack cost and (b) increased resilience to secure measurements, that strengthen the potency of data attacks.Comment: 11 pages, 8 figures, A version of this will appear in HICSS 201

Secure agent data integrity shield

In the rapidly expanding field of E-Commerce, mobile agent is the emerging technology that addresses the requirement of intelligent filtering/processing of information. This paper will address the area of mobile agent data integrity protection. We propose the use of Secure Agent Data Integrity Shield (SADIS) as a scheme that protects the integrity of data collected during agent roaming. With the use of a key seed negotiation protocol and integrity protection protocol, SADIS protects the secrecy as well as the integrity of agent data. Any illegal data modification, deletion, or insertion can be detected either by the subsequent host or the agent butler. Most important of all, the identity of each malicious host can be established. To evaluate the feasibility of our design, a prototype has been developed using Java. The result of benchmarking shows improvement both in terms of data and time efficiency

Ensuring data confidentiality via plausibly deniable encryption and secure deletion – a survey

Ensuring confidentiality of sensitive data is of paramount importance, since data leakage may not only endanger dataowners’ privacy, but also ruin reputation of businesses as well as violate various regulations like HIPPA andSarbanes-Oxley Act. To provide confidentiality guarantee, the data should be protected when they are preserved inthe personal computing devices (i.e.,confidentiality duringtheirlifetime); and also, they should be rendered irrecoverableafter they are removed from the devices (i.e.,confidentiality after their lifetime). Encryption and secure deletion are usedto ensure data confidentiality during and after their lifetime, respectively.This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of thedata in personal computing devices, including both encryption and secure deletion. Especially for encryption, wemainly focus on the novel plausibly deniable encryption (PDE), which can ensure data confidentiality against both acoercive (i.e., the attacker can coerce the data owner for the decryption key) and a non-coercive attacker

Obfuscation and Outsourced Computation with Certified Deletion

Can we outsource computation on encrypted data, while ensuring that the data is certifiably, information-theoretically deleted by the server after computation? Can we encode a computer program in a manner that preserves its functionality, while allowing an evaluator to {\em prove that they deleted the program}? This work answers the above questions, providing the first fully (maliciously) secure solution to the question of blind delegation with certified deletion, and the first solution to the question of obfuscation with certified deletion. Unlike prior work on deletion, these settings require security in the presence of repeated access to partial decryptions of encoded data, followed by certified deletion of the (rest of the) encoded data. To enable security, we introduce a powerful new paradigm for secure information-theoretic deletion of data based on quantum \emph{subspace coset states}. We obtain the following results. Blind Delegation with Certified Deletion - Assuming the quantum hardness of learning with errors, we obtain maliciously-secure blind delegation with certified deletion. This improves upon prior protocols by Poremba (ITCS 2023) and Bartusek and Khurana (arXiv 2022) that we show are insecure against a malicious server. - Assuming sub-exponentially quantum-secure indistinguishability obfuscation, we obtain a \emph{two-message} protocol for blind delegation with certified deletion. All previous protocols required multiple rounds of interaction between the client and server. Obfuscation with Certified Deletion - Assuming post-quantum indistinguishability obfuscation, we obtain a construction of differing-inputs obfuscation with certified deletion, for a polynomial number of differing inputs. As an immediate corollary, we obtain a strong variant of secure software leasing for every differing-inputs circuit family. - We obtain two flavors of functional encryption with certified deletion, one where ciphertexts can be certifiably deleted, and the other where secret keys can be certifiably deleted, assuming appropriate variants of indistinguishability obfuscation and other standard assumptions. - We show how to prepare an ``oracle with certified deletion\u27\u27 implementing any efficient classical functionality. Additional Results - Assuming post-quantum CCA-secure public-key encryption, we obtain a notion of CCA-secure public-key encryption with certified deletion. We view this primarily as a pedagogical tool towards understanding our technique. - Assuming post-quantum indistinguishability obfuscation, we show how to generically add a \emph{publicly-verifiable} certified deletion property to a variety of cryptosystems. Publicly-verifiable deletion schemes prior to our work either relied on unproven conjectures (Poremba, ITCS 2023) or structured oracles (Hiroka et al., Asiacrypt 2021). All our primitives satisfy {\em everlasting security after deletion}, except for functional encryption with deletion for secret keys, where a computational certified deletion guarantee is inherent

Implementing Belief-Consistent Multilevel Secure Relational Data Model: Issues and Solutions

This paper summarizes our efforts in implementing a working multi-level secure database prototype. We have chosen Belief-Consistent Multilevel Secure Relational Data Model (BCMLS) as a basis for our prototype because of its comprehensive semantics for interpreting all stored information. While semantically superior to other models, this model has not been implemented as a working system before. Our prototype, which was created on an Informix database server with a PHP web client, enables insertion, deletion and update of multi-level data while addressing the underlying model complexities through a number of original solutions

A New Data Deletion Scheme for a Blockchain-based De-duplication System in the Cloud

Almost all Cloud Service Providers (CSP) takes a principled approach to the storage and deletion of Customer Data. Most of them have engineered their cloud platform to achieve a high degree of speed, availability, durability, and consistency. Their systems are designed to be optimized for these performance attributes and must be carefully balanced with the necessity to achieve accurate and timely data deletion.many researchers have turn their focus toward data storage and how it will be a challenging task for CSPs in term of storage capacity, data management and security, a considerable number of papers has been published containing new models and technique that will allow data De-duplication in a shared environment but few of them have discussed data deletion.In this paper we will be discussing a new approach that will allow a smart deletion of data stored in the file system as well as its reference in the Blockchain since, by its nature, Blockchains does not allow deletion without violating the Blockchain’s consistency, a preexisting de-duplication system will be our base platform on which we will be working to achieve an accurate and secure data deletion using Blockchain technology while preserving its consistency

Deletion of content in large cloud storage systems

This thesis discusses the practical implications and challenges of providing secure deletion of data in cloud storage systems. Secure deletion is a desirable functionality to some users, but a requirement to others. The term secure deletion describes the practice of deleting data in such a way, that it can not be reconstructed later, even by forensic means. This work discuss the practice of secure deletion as well as existing methods that are used today. When moving from traditional on-site data storage to cloud services, these existing methods are not applicable anymore. For this reason, it presents the concept of cryptographic deletion and points out the challenge behind implementing it in a practical way. A discussion of related work in the areas of data encryption and cryptographic deletion shows that a research gap exists in applying cryptographic deletion in an efficient, practical way to cloud storage systems. The main contribution of this thesis, the Key-Cascade method, solves this issue by providing an efficient data structure for managing large numbers of encryption keys. Secure deletion is practiced today by individuals and organizations, who need to protect the confidentiality of data, after it has been deleted. It is mostly achieved by means of physical destruction or overwriting in local hard disks or large storage systems. However, these traditional methods ofoverwriting data or destroying media are not suited to large, distributed, and shared cloud storage systems. The known concept of cryptographic deletion describes storing encrypted data in an untrusted storage system, while keeping the key in a trusted location. Given that the encryption is effective, secure deletion of the data can now be achieved by securely deleting the key. Whether encryption is an acceptable protection mechanism, must be decided either by legislature or the customers themselves. This depends on whether cryptographic deletion is done to satisfy legal requirements or customer requirements. The main challenge in implementing cryptographic deletion lies in the granularity of the delete operation. Storage encryption providers today either require deleting the master key, which deletes all stored data, or require expensive copy and re-encryption operations. In the literature, a few constructions can be found that provide an optimized key management. The contributions of this thesis, found in the Key-Cascade method, expand on those findings and describe data structures and operations for implementing efficient cryptographic deletion in a cloud object store. This thesis discusses the conceptual aspects of the Key-Cascade method as well as its mathematical properties. In order to enable production use of a Key-Cascade implementation, it presents multiple extensions to the concept. These extensions improve the performance and usability and also enable frictionless integration into existing applications. With SDOS, the Secure Delete Object Store, a working implementation of the concepts and extensions is given. Its design as an API proxy is unique among the existing cryptographic deletion systems and allows integration into existing applications, without the need to modify them. The results of performance evaluations, conducted with SDOS, show that cryptographic deletion is feasible in practice. With MCM, the Micro Content Management system, this thesis also presents a larger demonstrator system for SDOS. MCM provides insight into how SDOS can be integrated into and deployed as part of a cloud data management application