ArchiveSafe: mass-leakage-resistant storage from proof-of-work
Data breaches-mass leakage of stored information-are a major security concern. Encryption can provide confidentiality, but encryption depends on a key which, if compromised, allows the attacker to decrypt everything, effectively instantly. Security of encrypted data thus becomes a question of protecting the encryption keys. In this paper, we propose using keyless encryption to construct a mass leakage resistant archiving system, where decryption of a file is only possible after the requester, whether an authorized user or an adversary, completes a proof of work in the form of solving a cryptographic puzzle. This proposal is geared towards protection of infrequently-accessed archival data, where any one file may not require too much work to decrypt, decryption of a large number of files-mass leakage-becomes increasingly expensive for an attacker. We present a prototype implementation realized as a user-space file system driver for Linux. We report experimental results of system behaviour under different file sizes and puzzle difficulty levels. Our keyless encryption technique can be added as a layer on top of traditional encryption: together they provide strong security against adversaries without the key and resistance against mass decryption by an attacker.
Keywords: filesystem encryption, data archiving, proof-of-work, client puzzles, mass leakage, data breaches
Moe Sabry, Reza Samavi, Douglas Stebila. ArchiveSafe: mass-leakage-resistant storage from proof-of-work. In Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, editors, Proc. 15th DPM International Workshop on Data Privacy Management, LNCS. Springer, September 2020.
FundingThis research was supported by:
- Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146
- NSERC Discovery Accelerator Supplement grant RGPIN-2016-05146
- Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-06062