Forgot your password?
typodupeerror
Encryption Privacy Technology

Making Data Unvanish 34

Posted by kdawson
from the sybil-attack dept.
sertsa writes "Earlier this year a group of researchers at the University of Washington came up with a scheme to use peer-to-peer networks to store and, ultimately, to forget the keys for encrypted messages, causing them to 'Vanish.' Now a group from researchers from UT Austin, Princeton, and the University of Michigan has come up with a way to break this approach, by making a single computer appear to be many nodes on the p2p network. 'In our experiments with Unvanish, we have shown that it is possible to make Vanish messages reappear long after they should have disappeared nearly 100 percent of the time...'"
This discussion has been archived. No new comments can be posted.

Making Data Unvanish

Comments Filter:
  • by sopssa (1498795) * <sopssa@email.com> on Tuesday September 22, 2009 @02:40PM (#29507235) Journal

    In my opinion Vanish didn't really serve any purpose.

    - As we all know (and what MPAA/RIIA hate), once you've got hold of the data you cannot "vanish" it. It's really easy to save a copy of it.
    - If you wanted encryption with public/private keys, theres PGP and other solutions to do it.

    So the only thing Vanish added was the impossible-to-archieve vanishing of data.

    Along with that it distributes your secret content all over the p2p network, where one machine can act as thousands of clients like to article says. I'd rather skip that and send the message directly and tell the other party to delete it, because vanishing doens't work if both parties dont do it.

    • Re: (Score:3, Funny)

      by Intron (870560)

      archieve (v) To successfully complete an archive.
                    (n) Veronica's boyfriend who works at Legato.

  • MKing? (Score:2, Funny)

    by eldavojohn (898314) *

    Now a group from researchers from UT Austin, Princeton, and U Michigan has come up with a way to break this approach, by mking a single computer appear to be many nodes

    I've performed similar procedures. The last time I mortal kombatted my computer, it became several pieces on my floor.

    • by jDeepbeep (913892)

      I've performed similar procedures. The last time I mortal kombatted my computer, it became several pieces on my floor.

      A computer once beat me at chess, but it was no match for me at kick boxing.
      --Emo Philips

  • Sparring (Score:5, Interesting)

    by spydabyte (1032538) on Tuesday September 22, 2009 @02:51PM (#29507355)
    They certainly are sparring, see the University of Washington response [washington.edu]:

    Update, 9/20/2009: Other researchers have recently discovered a vulnerability in our original Vanish research prototype. Their work shows that the Vuze DHT on which we built the original prototype did not provide sufficient security properties, and that there are therefore attacks that can capture Vanish keys. We released a revised prototype on September 20, 2009. This revised prototype, which distributes keys across both the Vuze DHT and OpenDHT, invalidates this attack. In addition, we are working to further strengthen Vanish from two angles: (1) by hardening the underlying DHT for Vanish-like purposes and (2) by modifying applications to make more intelligent use of DHTs. Please see our new technical report for additional information about the currently known attacks and our defenses. Due to the complexity of the systems we are relying upon, we would like to strengthen our advice that users should be cautious if they want to use Vanish. At this point, Vanish should only be used for experimental purposes. We do encourage researchers, however, to analyze it and improve upon it.

    • Re: (Score:3, Interesting)

      by sopssa (1498795) *

      We released a revised prototype on September 20, 2009. This revised prototype, which distributes keys across both the Vuze DHT and OpenDHT, invalidates this attack.

      But does this *really* invalidate this type of attack? It seems it just adds another p2p protocol on it, and it would still be as vulnerable as before. Only difference seems to be that the current tool just doesn't work at the moment. Approach would still be the same.

      • Re:Sparring (Score:4, Interesting)

        by vlm (69642) on Tuesday September 22, 2009 @03:38PM (#29507887)

        But does this *really* invalidate this type of attack? It seems it just adds another p2p protocol on it, and it would still be as vulnerable as before. Only difference seems to be that the current tool just doesn't work at the moment. Approach would still be the same.

        I think the UW folks are reading slashdot and editing their page as we speak. The page now includes the quote:

        This revised prototype, which distributes keys across both the Vuze DHT and OpenDHT, invalidates this attack. This is because OpenDHT has a closed-access model as opposed to an open-access model like Vuze, which is what drives the current attack. In addition, we are working to further strengthen Vanish from two angles:

        So, Vanish people, I know you're listening, please respond to my being unclear how a closed-access model prevents the attack as opposed to just makes it a wee bit harder for small weak opponents, not so much impact to bigger ones.

        • by KDR_11k (778916)

          This is because OpenDHT has a closed-access model as opposed to an open-access model like Vuze

          Sounds kinda ironic.

  • Possible! (Score:1, Insightful)

    by Anonymous Coward

    Vanish is possible with something like a web service which simply sends back the decrypted data.
    However, the decryption key would have to stored only in memory and strictly deleted when done.

    Vanish is completely worthless though because when I have the decrypted data I can do what I want with it.

    • Then you extract the DDR2 sticks from the server, their little hearts beating still, and read the damn key. Then you let them die on the table, the key now intact, somewhere else.

  • Like DRM (Score:5, Insightful)

    by bzzfzz (1542813) on Tuesday September 22, 2009 @02:54PM (#29507395)
    Any kind of security system that provides a limited lifetime or constrained redistribution rights for messages is, fundamentally, DRM. Therefore, it's subject to the same kinds of attacks that cause DRM to fail. Ultimately, unless you can build a trusted platform module with remote attestation that is tamper proof, there are gaps. This particular attack is, at a more abstract level, really about producing counterfeit trusted nodes. Without a TPM at each node and some way to authenticate independence through a trust hierarchy, there's no way for this to work.
  • From original article:

    It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

    The stated goal doesn't mesh well with what Vanish actually does. If the communication is happening between two trusted parties, each party can trust the other to delete the information within a given time-frame.

    It sounds more like distributing trust among multiple nodes, so that any of the nodes can destroy the information at will. I believe this has idea has been done before, and this sounds like a variation on a theme. Or perhaps this is not exploiting any new property of math, but

    • by Narpak (961733)

      Vanish is meant to protect communication between two trusted parties, researchers say.

      I guess it all comes down to what more important. If you want convenience then you're always limiting your level of security. So far there are very few ways to send encrypted messages over the internet that can not be intercepted and decrypted by someone who are truly dedicated (and funded) to do that.

      If two parties want to communicate and value security above convenience then I would recommend One-Time Pads. [wikipedia.org]

    • It DOES do what its goal is. The idea is that you are sending something over the cloud, or a P2P networking system. Any number of hackers, Crackers, sniffers or whatever could tap in and get your data. So we designed Encryption, take that Hackers! Problem is, hackers are finding ways to break through encryption mainly by, finding the key which is usually transfered somewhere attached to the encrypted message, or even sent through a seperate protocol.

      What Vanish does it take the Encrypted message, and send i

      • by vlm (69642)

        Pretty good, except for thinking "the key" must be the little bit of key data stored by the vanish system.

        What you could do, is concatenate your "real" secret key, maybe just some low entropy english text like "I love cowboy neal" with the Vanish key. Then feed that thru a nice oneway hash. Then use the hashed value as the encryption key.

        Probably your crypto algorithm can tolerate a key that is predictable dictionary english text. Maybe not. If not, now you have an interesting way to distribute a unique

    • by supersat (639745)

      The stated goal doesn't mesh well with what Vanish actually does. If the communication is happening between two trusted parties, each party can trust the other to delete the information within a given time-frame.

      The problem isn't with the trusted parties, but with the intermediaries. For example, if you send someone an encrypted email through GMail, even if the recipient deletes the data, Google might keep a backup. The recipient could then be compelled to produce the key.

      Disclaimer: I'm in the same res

  • by julesh (229690) on Tuesday September 22, 2009 @03:26PM (#29507741)

    A DRM scheme that doesn't work? That's totally amazing.

  • Orange book... (Score:3, Informative)

    by NCamero (35481) on Tuesday September 22, 2009 @03:30PM (#29507795) Homepage Journal

    Orange book:

    A-
    You are are a single communication construct. No one outside the circle of trust has any idea what is communicated.

    B-
    You are in a network (circle) of trust. moving data to each other is logged, and allowed/censored.

    C-
    A typical LAN with verifiable security.

    D-
    The internet, a net work of networks. Data can 'vanish', as a function of time/money spent on keeping the data stored.

    Read the data security handbook summarized:
    http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria [wikipedia.org]

  • Freenet (Score:2, Interesting)

    by westlake (615356)

    Now a group...has come up with a way to break this approach, by making a single computer

    I have often wondered if Freenet would be vulnerable to such an attack.

    Freenet needs the super-user with generous amounts of storage and bandwidth.

    Which its well-funded adversaries can provide in spades. Thousands of nodes. Tens of thousands of nodes. Hundreds...

    It seems that sooner or later they would be capturing enough of the traffic to begin putting the pieces together - or sending them into the void.

    • by sowth (748135) *

      Which is likely why they started suggesting people use it as a darknet--connect only to people / nodes you know.

      • by westlake (615356)

        Which is likely why they started suggesting people use it as a darknet--connect only to people / nodes you know.

        But how well do you know them - and how far can you trust them? It strikes me that with each node the "web of trust" becomes more fragile.

        If I know from other sources that A, B and C are as thick as thieves and that C, E and F are much the same - then perhaps the darknet is not so very dark at all.

    • Hmm, discussion of that can't possibly be in the Freenet FAQ [freenetproject.org].
  • Sybil! (Score:1, Insightful)

    by Anonymous Coward

    Unmodified Kademlia is vulnerable to Sybil attacks. *yawn* We kind of already knew that. There are various mitigations you can put in place. For example, if you've got the same IP address appearing twice in the routing tables, you have a major problem.

    That doesn't mean that I think the general idea of Vanish is a sound one - it's rather silly, and a trusted client problem like all DRM techniques to which it is a close analog, so it's doomed from the start to some extent. All you have to do to defeat it is l

  • Most P2P anonymity/privacy only works if a majority of the nodes is honest. The obvious way to attack is therefore to sumulate a lot of noted on one phycical node. Any sane system therefore contains detection for this attack. Incidentially, this knowledge is at least half a decade old. Seems to me some people did not do their literature search.

  • "There is no security model that protects against a scenario where the intended recipient is the attacker" or something?

    Plausible deniability has at least been achieved with OTR, but for DRM this concept remains as valid as ever.

    Unless computer chips come sealed in tamper-proof self-destructive foam, and opening a computer case or building circuit boards without authorization is declared a felony. I suppose that could work... for a while.

Mr. Cole's Axiom: The sum of the intelligence on the planet is a constant; the population is growing.

Working...