research-article

Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting

Authors:

Muhammad Shujaat Mirza,

Christina PöpperAuthors Info & Claims

CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Pages 342 - 353

https://doi.org/10.1145/3176258.3176327

Published: 13 March 2018 Publication History

Abstract

Digital forgetting deals with the unavailability of content uploaded to web and storage servers after the data has served its purpose. The content on the servers can be deleted manually, but this does not prevent data archival and access at different storage locations. This is problematic since then the data may be accessed for unintended or even malicious purposes long after the owners have decided to abandon the public availability of their data. Approaches which assign a lifetime value to data or use heuristics like interest in data to make it inaccessible after some time have been proposed, but digital forgetting is still in its infancy and there are a number of open problems with the proposed approaches.

In this paper, we outline a general use case of cryptographic puzzles in the context of digital forgetting which---to the best of our knowledge---has not been proposed or explored before. One problem with recent proposals for digital forgetting is that attackers could collect or even delete anyone's public data during their lifetime. In our approach, we deal with these problems by making it hard for the attacker to delete large quantities of data while making sure that the proposed solutions will not adversely deteriorate user experience in a disturbing manner. As a proof-of-concept, we propose a system with cryptographic (time-lock) puzzles that deals with malicious users while ensuring the permanent deletion of data when interest in it dies down. We have implemented a prototype and evaluate it thoroughly with promising results.

References

[1]

Adam Back. 2002. Hashcash -- A Denial of Service Counter-Measure. (2002). http://www.hashcash.org/papers/hashcash.pdf

[2]

Dan Boneh and Richard J. Lipton. {n. d.}. A Revocable Backup System. In Proceedings of the 6th USENIX Security Symposium, San Jose, CA, USA, July 22--25, 1996.

Digital Library

[3]

C. Castelluccia, E. De Cristofaro, A. Francillon, and M.-A. Kaafar. 2011. EphPub: Toward robust Ephemeral Publishing. In 19th IEEE International Conference on Network Protocols (ICNP). 165--175.

Digital Library

[4]

Domo. 2017. Data never sleeps 5.0. https://www.domo.com/learn/data-never-sleeps-5. (June. 2017). https://www.domo.com/learn/data-never-sleeps-5

[5]

Sujata Doshi, Fabian Monrose, and Aviel D. Rubin. 2006. Efficient Memory Bound Puzzles Using Pattern Databases Proceedings of the 4th International Conference on Applied Cryptography and Network Security (ACNS). 98--113.

Digital Library

[6]

Roxana Geambasu, Tadayoshi Kohno, Arvind Krishnamurthy, Amit Levy, Henry Levy, Paul Gardner, and Vinnie Moscaritolo. 2011. New Directions for Self-Destructing Data Systems. Technical Report UW-CSE-11-08-01. University of Washington.

[7]

Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy. 2009. Vanish: Increasing Data Privacy with Self-destructing Data Proceedings of the 18th Conference on USENIX Security Symposium. USENIX Association, Berkeley, CA, USA, 299--316.

Digital Library

[8]

Peter Gutmann. 1996. Secure deletion of data from magnetic and solid-state memory Proceedings of the 6th USENIX Security Symposium, Focusing on Applications of Cryptography. USENIX Association, Berkeley, CA, USA, 77--90.

Digital Library

[9]

Owen Harrison and John Waldron. 2009. Efficient Acceleration of Asymmetric Cryptography on Graphics Hardware Proceedings of the 2Nd International Conference on Cryptology in Africa: Progress in Cryptology (AFRICACRYPT '09). Springer-Verlag, Berlin, Heidelberg, 350--367.

Digital Library

[10]

Ari Juels and John G. Brainard. 1999. Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks Proceedings of the Network and Distributed System Security Symposium, NDSS.

[11]

Ghassan Karame and Srdjan Capkun. 2010. Low-Cost Client Puzzles Based on Modular Exponentiation Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS). 679--697.

Digital Library

[12]

Jaeheung Lee, Sangho Yi, Junyoung Heo, Hyungbae Park, Sung Y. Shin, and Yookun Cho. 2010. An Efficient Secure Deletion Scheme for Flash File Systems. Journal of Information Science and Engineering, Vol. 26, 1 (2010), 27--38. http://www.iis.sinica.edu.tw/page/jise/2010/201001_03.html

[13]

Frank Li, Prateek Mittal, Matthew Caesar, and Nikita Borisov. 2012. SybilControl: Practical Sybil Defense with Computational Puzzles Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing (STC'12). 67--78.

Digital Library

[14]

Pär Persson Mattsson. 2013. Why Haven't CPU Clock Speeds Increased in the Last Few Years? (Nov. 2013). https://www.comsol.com/blogs/havent-cpu-clock-speeds-increased-last-years/

[15]

Viktor Mayer-Schönberger. 2011. Delete: The Virtue of Forgetting in the Digital Age. Princeton University Press, Princeton, NJ, USA.

[16]

Mainack Mondal, Johnnatan Messias, Saptarshi Ghosh, Krishna P. Gummadi, and Aniket Kate. 2016. Forgetting in Social Media: Understanding and Controlling Longitudinal Exposure of Socially Shared Data. In Twelfth Symposium on Usable Privacy and Security, SOUPS 2016, Denver, CO, USA, June 22-24, 2016. 287--299.

[17]

Joel Reardon, David A. Basin, and Srdjan Capkun. 2013. SoK: Secure Data Deletion. In IEEE Symposium on Security and Privacy (SP), Berkeley, CA, USA. 301--315.

Digital Library

[18]

Joel Reardon, Srdjan Capkun, and David A. Basin. 2012. Data Node Encrypted File System: Efficient Secure Deletion for Flash Memory Proceedings of the 21th USENIX Security Symposium. 333--348.

Digital Library

[19]

Sirke Reimann and Markus Dürmuth. 2012. Timed revocation of user data: long expiration times from existing infrastructure WPES. 65--74.

Digital Library

[20]

Ronald. L. Rivest, Adi Shamir, and David A. Wagner. 1996. Time-lock Puzzles and Timed-release Crypto. Technical Report. Cambridge, MA, USA.

Digital Library

[21]

Esther Shein. 2013. Ephemeral Data. Commun. ACM Vol. 56, 9 (Sept. . 2013), 20--22.

Digital Library

Cited By

Darwish MZarras AHong JLanperne MPark JCerny TShahriar H(2023)Digital Forgetting Using Key DecayProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577641(34-41)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3577641
Raikwar MGligoroski D(2021)Non-Interactive VDF Client Puzzle for DoS MitigationProceedings of the 2021 European Interdisciplinary Cybersecurity Conference10.1145/3487405.3487406(32-38)Online publication date: 10-Nov-2021
https://dl.acm.org/doi/10.1145/3487405.3487406
Schnitzler TMirza SDürmuth MPöpper C(2020)SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online DataProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00132021:1(229-249)Online publication date: 9-Nov-2020
https://doi.org/10.2478/popets-2021-0013
Show More Cited By

Index Terms

Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Privacy-preserving protocols

Recommendations

Efficient modular exponentiation-based puzzles for denial-of-service protection
ICISC'11: Proceedings of the 14th international conference on Information Security and Cryptology

Client puzzles are moderately-hard cryptographic problems -- neither easy nor impossible to solve -- that can be used as a countermeasure against denial of service attacks on network protocols. Puzzles based on modular exponentiation are attractive as ...
Time-Lock Puzzles from Randomized Encodings
ITCS '16: Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science

Time-lock puzzles are a mechanism for sending messages "to the future". A sender can quickly generate a puzzle with a solution s that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any ...
Toward non-parallelizable client puzzles
CANS'07: Proceedings of the 6th international conference on Cryptology and network security

Client puzzles have been proposed as a useful mechanism for mitigating denial of service attacks on network protocols. Several different puzzles have been proposed in recent years. This paper reviews the desirable properties of client puzzles, pointing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

March 2018

401 pages

ISBN:9781450356329

DOI:10.1145/3176258

General Chairs:
Ziming Zhao
Arizona State University, USA
,
Gail-Joon Ahn
Arizona State University, USA & Samsung Research, Korea
,
Program Chairs:
Ram Krishnan
University of Texas at San Antonio, USA
,
Gabriel Ghinita
University of Massachusetts Boston, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

BMBF

Conference

CODASPY '18

Sponsor:

SIGSAC

CODASPY '18: Eighth ACM Conference on Data and Application Security and Privacy

March 19 - 21, 2018

AZ, Tempe, USA

Acceptance Rates

CODASPY '18 Paper Acceptance Rate 23 of 110 submissions, 21%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
200
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Darwish MZarras AHong JLanperne MPark JCerny TShahriar H(2023)Digital Forgetting Using Key DecayProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577641(34-41)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3577641
Raikwar MGligoroski D(2021)Non-Interactive VDF Client Puzzle for DoS MitigationProceedings of the 2021 European Interdisciplinary Cybersecurity Conference10.1145/3487405.3487406(32-38)Online publication date: 10-Nov-2021
https://dl.acm.org/doi/10.1145/3487405.3487406
Schnitzler TMirza SDürmuth MPöpper C(2020)SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online DataProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00132021:1(229-249)Online publication date: 9-Nov-2020
https://doi.org/10.2478/popets-2021-0013
Ali ICaprolu MPietro R(2020)Foundations, Properties, and Security Applications of PuzzlesACM Computing Surveys10.1145/339637453:4(1-38)Online publication date: 20-Aug-2020
https://dl.acm.org/doi/10.1145/3396374
Moradi MLi Q(2020)Rogue people: on adversarial crowdsourcing in the context of cyber securityJournal of Information, Communication and Ethics in Society10.1108/JICES-08-2019-010019:1(87-103)Online publication date: 23-Jul-2020
https://doi.org/10.1108/JICES-08-2019-0100
Schnitzler TDürmuth MPöpper C(2019)Towards Contractual Agreements for Revocation of Online DataICT Systems Security and Privacy Protection10.1007/978-3-030-22312-0_26(374-387)Online publication date: 5-Jun-2019
https://doi.org/10.1007/978-3-030-22312-0_26

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents