Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Encryption

'Vanish' Makes Sensitive Data Self-Destruct 171

Hugh Pickens writes "The NY Times reports on new software called 'Vanish,' developed by computer scientists at the University of Washington, which makes sensitive electronic messages 'self destruct' after a certain period of time. The researchers say they have struck upon a unique approach that relies on 'shattering' an encryption key that is held by neither party in an e-mail exchange, but is widely scattered across a peer-to-peer file sharing system. 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,' says Amit Levy, who helped create Vanish. It has been released as a free, open-source tool that works with Firefox. To use Vanish, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the 'Vanish' button. The tool encrypts the information with a key unknown even to the sender. That text can be read, for a limited time only, when the recipient highlights the text and presses the 'Vanish' button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever. Tadayoshi Kohno says Vanish makes it possible to control the 'lifetime' of any type of data stored in the cloud, including information on Facebook, Google documents or blogs."
This discussion has been archived. No new comments can be posted.

'Vanish' Makes Sensitive Data Self-Destruct

Comments Filter:
  • Copypaste (Score:5, Insightful)

    by sopssa ( 1498795 ) * <sopssa@email.com> on Tuesday July 21, 2009 @11:14AM (#28771069) Journal

    'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,'

    And yet after a copypaste or screenshot it wont disappear anywhere.

    • Re:Copypaste (Score:4, Interesting)

      by binaryspiral ( 784263 ) on Tuesday July 21, 2009 @11:22AM (#28771145)

      This could be the next step in actually having secured, signed, digital copies.

      I could see a variation of this made available for official documents that need to "phone home" for decription. If the document is somewhere its not supposed to be - scambled.

      Of course there are many ways to circumvent this - but I'm tired of faxes being legally more viable than anything digital.

      • Re: (Score:2, Funny)

        by sopssa ( 1498795 ) *

        This is actually a good idea. Now just add it to sms's, so I can "cancel" all the text messages I've sent to my ex the night before :)

        • by CannonballHead ( 842625 ) on Tuesday July 21, 2009 @11:48AM (#28771523)
          You should suggest it to gmail. After all, they already have a way to change the timestamp of the e-mail [google.com] you sent so it looks like you sent it earlier than you did, why not just delete e-mails you've sent no matter where they are!
          • by ls671 ( 1122017 ) *

            Just look at the dates in the server headers in the message source if you need to catch somebody trying to fool you. Client headers have been very easy to falsify since the beginning of email. (e.g. From:, Date:, Subject: , etc...)

          • Re: (Score:2, Funny)

            by sparkchaser ( 594964 )
            I just spent the last 5 minutes trying to activate that feature. Well played, CannonballHead, well played.
      • Not really. For it to be useful it would need to be stored and retrieved according to government communications storage standards for companies. All communications need to be able to be stored and retrieved in the case of an investigation or subpoena or other such issues not only regarding your company but your clients as well and all persons you communicate with as a point of business.
    • Re:Copypaste (Score:5, Informative)

      by Anonymous Coward on Tuesday July 21, 2009 @11:24AM (#28771175)

      That's not what this is intended to prevent. Of course the intended recipiant can read it. They could even write it down on a piece of paper.

      The same message however, may have been cached in many other places. This scheme is intended to prevent it's retrieval by other parties at a later date.

    • Re: (Score:3, Insightful)

      by QX-Mat ( 460729 )

      So this is really just a very obfuscated way of achieving what DRM providers have been trying to [favourably] do when they (willfully) allow their authentication services to die or go the companies hosting them plunge into insolvancy.

      And to think people thought we were crazy when we warned them that the above DRM 'technique' was a bad idea for consumers from the get go. Pitty "a do over" or repurchase isn't a very good business plan for message encryption -

      "Sorry about this, can you send me your email from

    • Re:Copypaste (Score:4, Insightful)

      by NotQuiteReal ( 608241 ) on Tuesday July 21, 2009 @11:40AM (#28771387) Journal
      heh - the Print Screen button is a terrorist tool!
      • You were appropriately modded insightful instead of funny. 10 years ago, this would have been different.

        That's exactly the danger of such "best before..." keys: It makes possible what Orwell could not have engineered any better: It allows you to rewrite history. We've always been at war with Eastasia.

        It's even worse than Orwell imagined it: It doesn't even create jobs.

    • I didn't realize that P2P systems are known for making a piece of information unavailable once it is scattered across that P2P system, especially encryption keys and such. No one gets stuff like that on P2P networks, why would they do that?

      • I didn't realize that P2P systems are known for making a piece of information unavailable once it is scattered across that P2P system, especially encryption keys and such. No one gets stuff like that on P2P networks, why would they do that?

        I think the authors were thinking of the the issue of where a torrent goes away once people stop seeding it once the original software is obsolete.

        I mean can you find a working torrent of Photoshop 5 these days?

        Same difference.

        • The difference here is that nobody wants that information anymore. There is no set expiry date on content in P2P networks. It usually expires once you can get something better, but rarely before that. I'm fairly sure you'll still find copies of Star Wars Kid and Numa Numa, for now, forever.

          I'm fairly sure, the more someone wants something to vanish from 'the cloud', the less likely it is to vanish.

    • The goal is convenience for the lazy privacy consious. The goal is to prevent a 3d person to read it (at a later time), not the actual users. Consider a nifty trojan that reads your screen in real time, this system wont beat that.
      Said that, copypast means nothing: "you mean you typed this text and now pretend is was send through this system?" gosh. Likewise screenshots mean nothing.

      • The goal is to prevent a 3d person to read it (at a later time), not the actual users.

        And this it does not provide, or at the very least not ensure. And that's the crucial point about security: Either do or don't. There is little room for 'maybe'.

        All you need is one leaked copy. One is enough. Data can be multiplied easily, quickly and cheaply. Ask the RIAA. The threat isn't that millions of people might crack your document. The threat is that one person might and distribute it to those millions.

    • by ceoyoyo ( 59147 )

      Their "property of nature" is their P2P software deleting files that are more than 8 hours old.

      It's nothing more than encrypting data and storing the key with an authority of some type, which promises to delete it at a certain time. Except in this case the authority is using their own P2P network to store the keys.

  • by Bruce Perens ( 3872 ) * <bruce@perens.com> on Tuesday July 21, 2009 @11:15AM (#28771073) Homepage Journal
    If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.
    • by Eevee ( 535658 ) on Tuesday July 21, 2009 @11:20AM (#28771123)
      No disrespect, but read the article. It explicitly states that this is not designed to keep the parties from saving the information.

      It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

      • Re: (Score:3, Interesting)

        by EdZ ( 755139 )
        If I'm guessing correctly, what's sent is essentially the cyphertext and a series of URLs that point to what makes up the key (e.g. go to page x, take every third character from the 27th line, etc). The idea being that the pages chosen should change often enough that anyone who intercepts the message, and LATER attempts to decypher it, will be unable to.
        Basically, the only time this will offer protection is when the following conditions are all met:
        a) The URLs chosen are not cached anywhere
        b) The URLs ch
        • Each key fragment should deleted the first time it is accessed. Instead of using pre-existing P2P networks build a special-purpose self-organizing network of all the machines with Vanish running on them which could implement the improvements you suggest.

      • Re: (Score:2, Funny)

        by dmdavis ( 949140 )

        No disrespect, but...

        woah... courtesy? You must be new here. You were supposed to say "Why don't you RTFA, you mouth-breathing buffoon." I realize that it's Bruce Perens you were responding to, but this is Slashdot. We have standards here!

      • "Vanish is meant to protect communication between two trusted parties, researchers say."

        That doesn't make any sense. Just use regular encryption for that.

        • > That doesn't make any sense. Just use regular encryption for that.

          "Vanish is meant to protect communication between two trusted parties who are too stupid to deal with the complexities of real encryption."

          In other words, the vast majority of business executives and government bureaucrats.

      • And that's in what way superior to PGP? If I had to, I'd start cranking out public keys at a rate of 3 per day and I'm there. I don't need to trust their P2P network, though.

    • If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.

      Well, I was thinking about this, and the real idea is to prevent people who never originally saw the message from reading it down the road. If i send you a message, and then it scrambles, no one hacking into your e-mail later will be able to read it (barring cracking the scrambling system itself, obviously). It's not to prevent YOU from copying the message, it's to prevent new people from reading it after the 8 hour window is up.
      -Taylor

      • ... the real idea is to prevent people who never originally saw the message from reading it down the road.

        So a US corporation using this on its internal email (or even receiving email encrypted with this tool) would be in violation of the record-keeping requirements of the the Sarbanes-Oxley Act (unless they decrypted and kept an in-the-clear copy of EVERY such letter that arrived), even if they automatically archive all email they handle.

        I bet a number of VPs of IT need a change of pants about now.

    • by v1 ( 525388 )

      I was thinking about this and the only way they could engineer it to work even remotely like they advertise is if someone wanting to read the material forwarded it along with their 1/2 of the key to the 3rd party. The 3rd party then combines their 1/2 of the key with the provided, decrypts the data, and sends it back to the requestor. As long as the requestor does not maintain a copy of the cleartext, (as several have quipped with
      "screenshots?") then this would work. Once the 3rd party no longer has thei

    • by Hammer ( 14284 )

      The real issue is not wehter the intended recipient can save a readable copy.The idea is I believe to prevent unintended recipients.
      Now how prevent that? As the message will have to have some form of information on how to obtain the crypto key.... How prevent the snooper to find the key if he also has the application????

      Somehow plain old PGP/GPG seems a whole lot better

  • by Dice ( 109560 ) on Tuesday July 21, 2009 @11:18AM (#28771099)

    Dear Alice,

    Do you want to go to the dance with me?

    [ ] YES
    [ ] NO

    Love,
    Bob

    (Message will self-desctruct 1 minute after dance starts.)

  • by hwyhobo ( 1420503 ) on Tuesday July 21, 2009 @11:23AM (#28771157)

    After eight hours, the message will be impossible to unscramble and will remain gibberish forever

    I think corporate VPs have been using this tool for years, with the delay trigger set to "0".

    • by Tokerat ( 150341 )
      I keep getting those, too, with the subject line "Great new software tech I read about we should be utilizing"
  • by arizwebfoot ( 1228544 ) * on Tuesday July 21, 2009 @11:27AM (#28771219)

    I wonder how I could adapt this to conversations my wife has with me, since she reminds me of stuff I said 20 odd years ago?

    • Re: (Score:3, Insightful)

      by drxenos ( 573895 )
      The only answer to that problem is lots and lots of jewelry.
      • or a new wife.

        depends whats more expensive, the jewelry or the divorce.

      • Re: (Score:3, Insightful)

        The only answer to that problem is lots and lots of jewelry.

        Let me know how that works for you. Seems to me like you are training your wife to bring up something again every time she wants a shiny new trinket...

    • by Hammer ( 14284 )

      Hehe... My ex has already applied the reverse.... anything I said more than 3 hours earlier was gone... "You never said that" :-D

  • If the software allows the user to view the plain text, then it can be copied, so I don't see how this would really ensure it disappears. While I would love to be able to have social networks or cloud computing that could guarantee privacy by having technological measures to prevent the dissemination of private information, I think that problem is exactly the same one DRM tries to solve. And that is why it is doomed to fail. The only way it could really hope to succeed is in a world of ubiquitous "trust

    • Re: (Score:3, Informative)

      by vertinox ( 846076 )

      I think that problem is exactly the same one DRM tries to solve.

      Actually the authors specifically does not prevent the recipient from copying as it was not their intention. It was to prevent man in the middle attacks of people who were not supposed to be copying in the first place.

      • Actually the authors specifically does not prevent the recipient from copying as it was not their intention. It was to prevent man in the middle attacks of people who were not supposed to be copying in the first place.

        You're right. I actually had to run out just a few minute after the reading the summary and didn't get a chance to RTFA until now. I can see how this could potentially be useful for encrypted communications between two trusted parties to ensure that neither party is later coerced into divu

  • Comment removed based on user account deletion
    • by ceoyoyo ( 59147 )

      It's a gimmick. You could easily store the key with a central authority instead of a P2P network, exactly the way DRM works now. In fact, I'd much rather the key for messages I send was stored WITH ME so I could be sure it was erased, rather than stored with Joe and Alice's P2P network (we promise we erase stuff! Honest!).

  • Not useful for DRM (Score:3, Interesting)

    by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday July 21, 2009 @11:31AM (#28771279) Journal
    I see someone has tagged this article with "drm", but this isn't a usable technique for DRM. This is an interesting technique for creating a "disappearing" decryption key, but it only works if no one bothers to retrieve/reassemble the decryption key before it disappears. If the recipient retrieves the key while it still exists, he can save the key and decrypt the message at any time. Or he can retrieve the key, decrypt the message and save that. The most obvious application for this, I think, is forward security. As long as the recipient doesn't save a copy of the decrypted message or the decryption key, the message would become unreadable -- to anyone -- after a short period of time. I need to read the details to see if this would be useful in some real-world setting, or if it's of academic interest only.
  • What? (Score:3, Funny)

    by wjousts ( 1529427 ) on Tuesday July 21, 2009 @11:32AM (#28771291)

    After eight hours, the message will be impossible to unscramble and will remain gibberish forever.

    Most of my messages are gibberish to begin with. No scrambling needed!

  • Corporate crimes (Score:5, Insightful)

    by wjousts ( 1529427 ) on Tuesday July 21, 2009 @11:39AM (#28771365)
    I can see this being useful for corporations that want e-mails to be destroyed before they can be used against them in court. Sure you could take a screen shot or copy/paste the text before the e-mail is permanently destroyed, but can you prove that your copy wasn't tampered with? Can you prove that was what the e-mail originally said? Plausible deniability!
    • by westlake ( 615356 ) on Tuesday July 21, 2009 @12:50PM (#28772399)

      Plausible deniability!

      The judge and jury get to decide what is plausible.

      It won't look good if the erasure violates standard practice or professional guidelines, legal obligations or existing corporate policy.

      In criminal law, a guilty verdict demands proof beyond a reasonable doubt.

      That does not mean that every piece of evidence has to carry the same weight - only that the evidence when viewed as a whole is damning.

      If the state's witness performs credibly on the stand, that will carry over to whatever documents he is asked to describe and identify.

      "Plausible denial" is a world of hurt.

  • Vanish++ (Score:3, Funny)

    by Mysund ( 60792 ) on Tuesday July 21, 2009 @11:40AM (#28771385)

    If you buy the Vanish++ package, you get an additional package of superglue, to glue the printscreen button stuck.

  • At last... (Score:5, Funny)

    by quarkoid ( 26884 ) on Tuesday July 21, 2009 @11:51AM (#28771577) Homepage

    Finally, an article in my area of expertise. Now this is likely to earn me +5 insightful, interesting and everything else.

    So, why is Vanish useful to us?

    Well... [BEGIN VANISH]u5vw7b658we77kw4657865v87zb68e7y678ctr63or63o7t6ox9587x4ygfiouhx
    eo84yre kl76v5los79y6to89xep89x7e4v6eotyl9e84lbvr8xy76ebl9txevl9r8
    ygnl8odvr,i8xeyvti8seybvto eby5tli8xevynlr8n776vsot7vnl9xe84nyu .lwaje
    aowpibtulieut,iwvy,o39u dryswrl9uzfna484ytlo8cwjnlv ig78wfp9cnusgl8w
    3n4aly8u .og8unl98nst.oby487rw;zbv5l936tlisd rnzsche.ldnj ekqb;wv4ioa
    ur.,zwjsehg f,vhlfiawvutileuklrla wucbtrqil37ctlasehjctn;laiwuerciluqw3ybt
    ow875ntliu awu[9c57st8nzwci4ycrnhseu6go38ny cfukbtw347v6f5o93vsb
    y to9y347icr yisuryctw 37bt6l9s38 ucr,ugbvt6o8w 3nyu.oulv87vg[END VANISH]

    I think we can all agree with that.

    Nick.

  • This can be done pretty easily with a smart card: it only gives out the key for a limited amount of time. I suppose you have to trust the manufacturer of the smart card, but you also have to trust the manufacturer of the PC you're reading the message on, and its OS and ...

    • by ceoyoyo ( 59147 )

      In this case you have to trust whoever writes the P2P software that it actually erases key packets and doesn't just forward them all to the author for, uh, future reference.

  • Sounds like we would simply need the device listed in paragraph 3, sentence 5 here [wikipedia.org]
      in order to decrypt it :-)

  • 50% Tech, 50% Hope (Score:4, Informative)

    by Anonymous Coward on Tuesday July 21, 2009 @12:19PM (#28771965)

    The core idea behind Vanish, if you dig 6 links deep to the actual technical information, is that nodes on a P2P network come and go. Therefore, if you break up the decryption key, and scatter it on the network, eventually some of those nodes will go away, and the key won't be recoverable. Apparently, the authors have some clever (unmentioned) trick to control the timing on this to a limited extent.

    So, obviously, this doesn't work. It relies on the worst kind of trust -- trust of a P2P network. If the network is compromised, the data is permanently decryptable. Better yet, it relies on a P2P network to continue behaving the same -- if all nodes suddenly had 99% uptime, this would entirely stop working. Finally, even if this works, it doesn't make decryption keys "go away" -- it just makes it incredibly difficult for someone who doesn't have the key to obtain it. Anyone who already has the key will have it forever.

  • by Animats ( 122034 ) on Tuesday July 21, 2009 @12:21PM (#28771993) Homepage

    First, as is typical, the Slashdot article is three steps removed from the actual paper [washington.edu], which is worth reading.

    It's kind of cute. What makes it work is that the indexing part of the Vuze platform, which is distributed over a few million user machines, has an 8-hour timeout. After eight hours, otherwise unused entries are purged from cache, like DNS cache expiration. So it's possible to use Vuze for unreliable short-term storage of key-value pairs.

    (Normally, the Vuze hash is used as a index to BitTorrent blocks, and if there's a block on a server, the server puts it into the hash and refreshes it periodically, so the block stays indexed. But it's possible to put arbitrary key-value pairs into the distributed hash that have no relationship to BitTorrent blocks. If you put info in the hash and don't refresh it, it goes away after eight hours.)

    So the sender generates a key, encrypts the message, spreads the key across some number of key-value pairs on random Vuze clients, sends a message telling what key-value pairs in Vuze contain the crypto key, and deletes the local copy of the key. The receiver gets the message, looks up the key-value pairs specified in the Vuze hash, reconstructs the key, decrypts the message, displays it, and deletes the local copy of the key. The receiving client has to do this every time the message is viewed.

    This violates the Vuze terms of service [vuze.com], incidentally.

    • So, in order to attack it, all you do is run a Vuze index server and store all of the key/value pairs that look like keys instead of a block hash. Ready made dictionary attack.

  • Legal Problem (Score:4, Interesting)

    by Phrogman ( 80473 ) on Tuesday July 21, 2009 @12:35PM (#28772173)

    Not to put to fine a point on it, companies are supposed to have an established document retention policy that specifies how long they will retain information like email messages. Most email it won't matter but if the contents in any way can be seen as a legal document - i.e. are business related - then destroying them this way might be seen as a deliberate attempt to cover up information by a court. IANAL, but I worked for some in this area, and its remarkably sensitive.

    If someone at a company decides to use this tool, unbeknownst to the company and the other party is also using it, then the email becoming garbled and eventually deleted could become a problem should the company ever go to court. The court might require the company to produce a copy of all emails from the company during a given period (say the last 2 years perhaps), and if emails were destroyed in a manner that was not specified by the company retention policy it could cause the court to penalize the company when it fails to produce said emails.

    When a company gets sued, its normal for them to place a hold order on the destruction of all documents, so they can't be seen as potentially covering things up. I hope that a tool like Vanish can be toggled to prevent unwarranted destruction, or someone is going to pay big time down the road.

    It may seem like a trivial point, until you read of fines in the millions for companies who are unable to produce correspondence they should have preserved legally speaking. Moreover if the garbled email still exists, then the company might be required by the courts to unencrypt it - and if unable to do so, be penalized for that.

    • by Bodrius ( 191265 )

      If someone at a company decides to use this tool, unbeknownst to the company and the other party is also using it, then the email becoming garbled and eventually deleted could become a problem should the company ever go to court.

      Would that be different than if someone decided to use normal cryptography, and encrypt their emails to another party unbeknownst to the same company?

      In both cases, the company would not be able to provide the cryptographic key to decipher the messages.

      I'm getting the impression mos

  • I don't think it is possible to completely make your data vanish. Some of the best computer forensics experts can still get data back even when it has been "government wiped" with random 1s and 0s written to every hard drive sector. This claim is dubious at best.
  • Eight hours? The IMF usually needs 10 seconds/

  • ..by Kindle.

  • I hope they thought about what to do with the content after the key is gone. Sounds like it stays out there, permanently scrambled, local storage and perhaps distributed.

    If this becomes popular, then even though some people will delete messages, others will just let them gather, on servers, on their own machines, on forums and web pages...

    I imagine after a few years, half the digital storage in the world could be useless data. :)

    It is a clever hack, but not tidy.

  • You know, I never understood why short e-mail message have to be "transmitted" to the recipient in SMTP. As such, my e-mail is available for e-discovery requests aimed at the recipient as it's on the recipients computer.

    In cases I didn't want that, I stuck an image on my web server and did a link to the https://passwordserver.com/dir1234/abc.jpg [passwordserver.com] with headers set to no-cache. This being a CGI program.

    The result is pretty similar TFA, but much easier obtained. P2P isn't going to be opened up on our netw

There are new messages.

Working...