Vanish: Enhancing the Privacy of the Web with Self-Destructing Data

SOURCE

Overview

Computing and communicating through the Web makes it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview; a lost or stolen laptop can expose personal photos or messages; or a legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating or just embarrassing details from the past.

Our research seeks to protect the privacy of past, archived data — such as copies of emails maintained by an email provider — against accidental, malicious, and legal attacks. Specifically, we wish to ensure that all copies of certain data become unreadable after a user-specified time, without any specific action on the part of a user, and even if an attacker obtains both a cached copy of that data and the user’s cryptographic keys and passwords.

Vanish is a research project aimed at meeting this challenge through a novel integration of cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs). We initially implemented a proof-of-concept Vanish prototype that uses the million-plus-node Vuze BitTorrent DHT. We have since found that the current Vuze DHT implementation is not adequately protected to support an application such as Vanish. We are now studying ways of improving the suitability of existing DHTs such as Vuze to Vanish and other security-oriented applications. We are also investigating architectural changes for these applications to make better use of existing global-scale DHTs.

/snip/

You can download the source code and FF plugin HERE

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: