New digital security program doesn't protect as promised

Sep 29, 2009

(PhysOrg.com) -- University of Texas at Austin scientists have shown that they can break "Vanish," a program that promised to self-destruct computer data, such as emails and photographs, and thereby protect a person's privacy.

There is no way to permanently delete any material posted or sent through the Internet, and this leaves people's information vulnerable to breaches in privacy.

Vanish, created by University of Washington researchers, claimed to solve that problem by encoding digital data so that they can only be read for a limited time window, such as eight hours. After that time, the data still exists, but it can no longer be read because the "encryption key" used to access it is no longer available. The data looks like digital gibberish.

The Texas scientists, along with colleagues from Princeton University and the University of Michigan, created a program called "Unvanish" that makes Vanished data recoverable after it should have disappeared.

"Our goal with Unvanish is to discourage people from relying on the privacy of a system that is not actually private," says Emmett Witchel, assistant professor of computer science. "We wish to respect the of people that might be using the Vanish system."

The Vanish system encrypts data and takes advantage of the structure of peer-to-peer file sharing systems to manage encryption keys in a novel way. The keys are split up into many small pieces and stored at many different places on the network.

Unvanish works by collecting and storing anything that looks like a fragment of a Vanish key on the network. Later, when given a message that should have disappeared, the program consults its archive of these fragments and finds the pieces it needs to decrypt the message. Using Unvanish, it is possible to make Vanish messages reappear long after they should have disappeared, nearly 100 percent of the time.

"Messages that self-destruct at a predetermined time would be very useful, especially where privacy is important," says Brent Waters, assistant professor of computer science. "A true self-destruction feature continues to be challenging to provide."

The lead programmer on the Texas research was graduate student Owen Hofmann. Post-doctoral researcher Christopher Rossbach also contributed to the project.

University of Michigan graduate student Scott Wolchok and Assistant Professor J. Alex Halderman and Professor Edward Felten from Princeton University independently broke the Vanish system.

Provided by University of Texas at Austin (news : web)

Explore further: MIT groups develop smartphone system THAW that allows for direct interaction between devices

add to favorites email to friend print save as pdf

Related Stories

Security loophole found in Windows operating system

Nov 12, 2007

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.

Researchers devise new method for protecting private data

Apr 18, 2008

Companies and organizations that keep sensitive personal information on millions of Americans have become attractive targets for hackers in recent years, resulting in billions of dollars in losses for U.S. businesses and ...

Recommended for you

Who drives Alibaba's Taobao traffic—buyers or sellers?

Sep 18, 2014

As Chinese e-commerce firm Alibaba prepares for what could be the biggest IPO in history, University of Michigan professor Puneet Manchanda dug into its Taobao website data to help solve a lingering chicken-and-egg question.

Computerized emotion detector

Sep 16, 2014

Face recognition software measures various parameters in a mug shot, such as the distance between the person's eyes, the height from lip to top of their nose and various other metrics and then compares it with photos of people ...

Cutting the cloud computing carbon cost

Sep 12, 2014

Cloud computing involves displacing data storage and processing from the user's computer on to remote servers. It can provide users with more storage space and computing power that they can then access from anywhere in the ...

Teaching computers the nuances of human conversation

Sep 12, 2014

Computer scientists have successfully developed programs to recognize spoken language, as in automated phone systems that respond to voice prompts and voice-activated assistants like Apple's Siri.

User comments : 0