New digital security program doesn't protect as promised

Sep 29, 2009

(PhysOrg.com) -- University of Texas at Austin scientists have shown that they can break "Vanish," a program that promised to self-destruct computer data, such as emails and photographs, and thereby protect a person's privacy.

There is no way to permanently delete any material posted or sent through the Internet, and this leaves people's information vulnerable to breaches in privacy.

Vanish, created by University of Washington researchers, claimed to solve that problem by encoding digital data so that they can only be read for a limited time window, such as eight hours. After that time, the data still exists, but it can no longer be read because the "encryption key" used to access it is no longer available. The data looks like digital gibberish.

The Texas scientists, along with colleagues from Princeton University and the University of Michigan, created a program called "Unvanish" that makes Vanished data recoverable after it should have disappeared.

"Our goal with Unvanish is to discourage people from relying on the privacy of a system that is not actually private," says Emmett Witchel, assistant professor of computer science. "We wish to respect the of people that might be using the Vanish system."

The Vanish system encrypts data and takes advantage of the structure of peer-to-peer file sharing systems to manage encryption keys in a novel way. The keys are split up into many small pieces and stored at many different places on the network.

Unvanish works by collecting and storing anything that looks like a fragment of a Vanish key on the network. Later, when given a message that should have disappeared, the program consults its archive of these fragments and finds the pieces it needs to decrypt the message. Using Unvanish, it is possible to make Vanish messages reappear long after they should have disappeared, nearly 100 percent of the time.

"Messages that self-destruct at a predetermined time would be very useful, especially where privacy is important," says Brent Waters, assistant professor of computer science. "A true self-destruction feature continues to be challenging to provide."

The lead programmer on the Texas research was graduate student Owen Hofmann. Post-doctoral researcher Christopher Rossbach also contributed to the project.

University of Michigan graduate student Scott Wolchok and Assistant Professor J. Alex Halderman and Professor Edward Felten from Princeton University independently broke the Vanish system.

Provided by University of Texas at Austin (news : web)

Explore further: Communication-optimal algorithms for contracting distributed tensors

add to favorites email to friend print save as pdf

Related Stories

Security loophole found in Windows operating system

Nov 12, 2007

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.

Researchers devise new method for protecting private data

Apr 18, 2008

Companies and organizations that keep sensitive personal information on millions of Americans have become attractive targets for hackers in recent years, resulting in billions of dollars in losses for U.S. businesses and ...

Recommended for you

Designing exascale computers

Jul 23, 2014

"Imagine a heart surgeon operating to repair a blocked coronary artery. Someday soon, the surgeon might run a detailed computer simulation of blood flowing through the patient's arteries, showing how millions ...

User comments : 0