Douglas Stebila

ArchiveSafe: mass-leakage-resistant storage from proof-of-work

High-level overview of ArchiveSafe, showing a write followed by a read.

Abstract

Data breaches-mass leakage of stored information-are a major security concern. Encryption can provide confidentiality, but encryption depends on a key which, if compromised, allows the attacker to decrypt everything, effectively instantly. Security of encrypted data thus becomes a question of protecting the encryption keys. In this paper, we propose using keyless encryption to construct a mass leakage resistant archiving system, where decryption of a file is only possible after the requester, whether an authorized user or an adversary, completes a proof of work in the form of solving a cryptographic puzzle. This proposal is geared towards protection of infrequently-accessed archival data, where any one file may not require too much work to decrypt, decryption of a large number of files-mass leakage-becomes increasingly expensive for an attacker. We present a prototype implementation realized as a user-space file system driver for Linux. We report experimental results of system behaviour under different file sizes and puzzle difficulty levels. Our keyless encryption technique can be added as a layer on top of traditional encryption: together they provide strong security against adversaries without the key and resistance against mass decryption by an attacker.

Keywords: filesystem encryption, data archiving, proof-of-work, client puzzles, mass leakage, data breaches

Reference

Moe Sabry, Reza Samavi, Douglas Stebila. ArchiveSafe: mass-leakage-resistant storage from proof-of-work. In Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, editors, Proc. 15th DPM International Workshop on Data Privacy Management, LNCS. Springer, September 2020.

Download

BibTeX

@inproceedings{DPM:SabSamSte20,
 	Author = {Moe Sabry and Reza Samavi and Douglas Stebila},
 	Booktitle = {Proc. 15th DPM International Workshop on Data Privacy Management},
 	Editor = {Joaquin Garcia-Alfaro and Guillermo Navarro-Arribas},
 	Month = {September},
 	Note = {To appear},
 	Publisher = {Springer},
 	Series = {LNCS},
 	Title = {{A}rchive{S}afe: mass-leakage-resistant storage from proof-of-work},
 	Year = {2020}
 }

Funding

• Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146
• NSERC Discovery Accelerator Supplement grant RGPIN-2016-05146
• Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-06062