The proposed research will develop sophisticated techniques for managing the lifetime of data in secure versioning systems, a practical application of the AON transform that leverages its semantics, rather than just its security properties. The problem of revocation will also be addressed in order to refine the security and granularity of key regression techniques.
Recent legislation has created new requirements for retaining and securing electronic information. More than 4,000 state, local, and federal acts govern archives. The specifics of each act vary by domain, but, when taken as a whole, they can be distilled down to a set of technical requirements. An archive must provide privacy, confidentiality, and non-repudiation for information. Archives must use strong encryption with authentication for data on disk, as well as a means for secure transmission. Legislation mandates an auditable trail of changes made to electronic records that can be accessed on-line, which requires versioning data over time and providing access to past versions. Governmental and corporate organizations must ensure that compliance does not degrade security, privacy, or the enforcement of retention policies. The combination of regulatory and organizational requirements bring up two technical problems for secure versioning systems. First, there is no efficient way to securely delete information, i.e. so that no computationally practical way to recover deleted data exists. Second, systems must provide an efficient means to change the accessibility of information throughout time. This includes downgrading information, e.g. declassifying information as part of the Freedom of Information Act, or, revoking privileges, e.g. disallowing future access to information after an employee leaves the company or transferring the rights to medical records from one health care provider to another.
Without technical solutions to these problems, organizations and individuals will be subject to information leakage and will fail to comply with regulations. Data that are not securely deleted are recoverable and subject to subpoena or cryptographic attacks. After a legislated retention period, information often represents a legal and competitive liability. Also, some regulations require that personal medical and financial records be deleted based on time or circumstance. Again, this deletion must be permanent, and thus, secure. Existing solutions for secure deletion and for scoping access to information over the lifetime of data are inadequate. They either fail to meet requirements or they are intolerably inefficient. In this project, mew technologies will be created that efficiently implement secure deletion and revocation in versioning systems. A novel application of All-or-Nothing (AON) encryption will be applied that both provides authenticated, strong encryption of data on disk and pioneers efficient secure deletion.
Impact
The project will lead to curriculum development at Johns Hopkins, including a short course on the Policy and Technology in Data Storage. The PIs will offer three tutorials based on the short course; one geared toward governmental agencies, one toward health care providers, and one toward corporations. Tutorials will be organized and promoted through StorageNetworking.org, an initiative for the education of storage professionals and will be freely available to the community.
The proposed research will address problems introduced by recent legislation, which effect financial and medical organizations and all levels of government. Because the solutions are general to all storage systems that share content among versions, they apply to file systems, distributed archives, and databases. Open-source software produced by the project will permit anyone to construct a compliant storage system, with security and deletion guarantees, at little expense.
