[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Sign-in] [Mail] [Setup] [Help]
Status: Not Logged In; Sign In
|
Resistance See other Resistance Articles Title: Vanish: Enhancing the Privacy of the Web with Self-Destructing Data Update, 9/20/2009: On Sept. 20, 2009 we released a new version of the Vanish research prototype. This prototype implements several new defenses that we wrote about in our two papers on Vanish. These defenses address a specific vulnerability reported by other researchers earlier this week. However, the implications of this update are much broader; the new prototype illustrates the independence of the Vanish architecture and concepts from the underlying storage infrastructure. The source code for the new prototype is available here. As with our original prototype, we stress that we are releasing the prototype for research purposes. The Vanish prototype should only be used for experimental purposes, and we encourage researchers to analyze and improve upon it. The study of new systems, attacks, and defenses is how the field of computer security progresses, and we are looking forward to future analyses of Vanish. Finally, we strengthen our original advice of being cautious if you wish to use Vanish for any purpose other than research. Computing and communicating through the Web makes it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview; a lost or stolen laptop can expose personal photos or messages; or a legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating or just embarrassing details from the past. Our research seeks to protect the privacy of past, archived data — such as copies of emails maintained by an email provider — against accidental, malicious, and legal attacks. Specifically, we wish to ensure that all copies of certain data become unreadable after a user-specified time, without any specific action on the part of a user, and even if an attacker obtains both a cached copy of that data and the user's cryptographic keys and passwords. Vanish is a research project aimed at meeting this challenge through a novel integration of cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs). We initially implemented a proof-of-concept Vanish prototype that uses the million-plus-node Vuze BitTorrent DHT. We have since found that the current Vuze DHT implementation is not adequately protected to support an application such as Vanish. We are now studying ways of improving the suitability of existing DHTs such as Vuze to Vanish and other security-oriented applications. We are also investigating architectural changes for these applications to make better use of existing global-scale DHTs. We believe that Vanish is a significant step forward to realizing the vision of self-destructing data. On September 20, 2009 we released a new version of the Vanish prototype. We believe that the future for self-destructing data is to spread keys across multiple storage systems (DHTs or not DHTs). To demonstrate this potential, the new prototype splits the keys across both Vuze DHT and OpenDHT. A short-term consequence is that the new prototype is immune to the specific attacks recently released by others. A longer-term consequence is that this new prototype illustrates the feasibility of building Vanish off of a diverse collection of remote storage systems (see our paper for a description of threat models). You can read more about this hybrid architecture here. However, we recommend that at this time, the Vanish prototype only be used for experimental purposes. We do encourage researchers, however, to analyze it and improve upon it. We strongly believe that realizing Vanish's vision would represent a significant step toward achieving privacy in today's unforgetful age. Vanish is a research project designed to advance science, and we firmly believe that it has done so. We released our research prototype -- which only implements some of our broader Vanish concepts -- so that other researchers can study and improve it. Recently, a group of researchers from U. Michigan, Princeton, and U Texas have discovered a vulnerability in our original Vanish research prototype. Their attacks are driven by two features in Vuze that turn out to work against our initial prototype. They are however not a fundamental flaw in the concepts behind Vanish. Without these Vuze features their current attack wouldn't work. Those features are: Disabling these features in the DHT would have significant positive impact on the security of a Vuze-based Vanish system, while preserving properties like availability and persistence. Vanish could also use a completely different DHT, and can be strengthened in many other ways. In fact, that is our vision -- that as our research progresses we will see Vanish systems building on top of multiple, heterogeneous storage systems with complementary properties. Our paper discusses these and other issues in significantly more detail. We at Vanish look much more broadly than immediate defenses against known attacks. Initially, Vanish was designed to achieve self-destructing data via reliance on a completely decentralized DHT. At the complete end of the spectrum, previous work has shown how self-destructing data can be achieved by relying on centralized trusted services (although no previous solution showed the applicability of self-destructing data to the web). These two approaches have very different weaknesses, strengths, and threat models. We believe that the future for self-destructing data is to combine the two approaches in a unified architecture. For this, we propose a hybrid model, where Vanish key pieces are scattered across both a centralized system and a distributed system (or more such systems). Such a solution would combine the benefits of both worlds and will provide increased levels of security over either individual approach. Our newly-released Vanish prototype (version 0.2 and onwards) is an illustration of this concept: it relies on both the open-access, decentralized Vuze DHT and on the closed-access, centrally-managed OpenDHT. You can read more about our hybrid architecture in our new paper. Naturally, we realize that the existing Vuze DHT exhibits characteristics that are counterproductive for Vanish. We are therefore actively working to strengthen Vuze for Vanish, as well. Moreover, the Vanish system is network-agnostic and could be easily ported onto more robust storage systems (DHTs or other types of systems). Our overall vision of a hybrid solution, plus our active modifications of Vuze, demonstrates that Vanish is much broader than the current prototype implementation. It's ongoing research and not an end product. Above all, we strongly believe that the Vanish concept is fundamentally sound, despite the recent vulnerabilities found in its previous prototype implementation. Finally, we wanted to put the recent attacks against the original Vanish prototype in context. Proposing systems, finding attacks, and implementing stronger systems is exactly how research works in the security community. Take Tor, for example. Tor radically advances the state of the art in Internet anonymity, but researchers (including ourselves) have found attacks against Tor. Just as the attacks against Tor don't invalidate it, the current attacks against the first Vanish research prototype don't invalidate Vanish either.
Post Comment Private Reply Ignore Thread Top • Page Up • Full Thread • Page Down • Bottom/Latest Begin Trace Mode for Comment # 2.
#1. To: All (#0)
http://vanish.cs.washington.edu/download.html Download the Vanish Source Code The research prototype is distributed in three separate packages, two of which correspond to the Vanish system and the third corresponds to the Vanish Firefox Plugin.
Do you know if adding the Firefox plugin would be apparent to me as I browse the web? Thanks.
#3. To: Lod (#2)
I don't know. I just found this on WRH. I had to dig a little to find the site though. Right now, you know as much about this as I do.
Top • Page Up • Full Thread • Page Down • Bottom/Latest |
||||||||||||||||||
|
[Home]
[Headlines]
[Latest Articles]
[Latest Comments]
[Post]
[Sign-in]
[Mail]
[Setup]
[Help]
|
||||||||||||||||||