TY - GEN
T1 - Forgetting with puzzles
T2 - 8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018
AU - Amjad, Ghous
AU - Mirza, Muhammad Shujaat
AU - Pöpper, Christina
N1 - Publisher Copyright:
© 2018 Copyright held by the owner/author(s).
PY - 2018/3/13
Y1 - 2018/3/13
N2 - Digital forgetting deals with the unavailability of content uploaded to web and storage servers after the data has served its purpose. The content on the servers can be deleted manually, but this does not prevent data archival and access at different storage locations. This is problematic since then the data may be accessed for unintended or even malicious purposes long after the owners have decided to abandon the public availability of their data. Approaches which assign a lifetime value to data or use heuristics like interest in data to make it inaccessible after some time have been proposed, but digital forgetting is still in its infancy and there are a number of open problems with the proposed approaches. In this paper, we outline a general use case of cryptographic puzzles in the context of digital forgetting which—to the best of our knowledge—has not been proposed or explored before. One problem with recent proposals for digital forgetting is that attackers could collect or even delete anyone’s public data during their lifetime. In our approach, we deal with these problems by making it hard for the attacker to delete large quantities of data while making sure that the proposed solutions will not adversely deteriorate user experience in a disturbing manner. As a proof-of-concept, we propose a system with cryptographic (time-lock) puzzles that deals with malicious users while ensuring the permanent deletion of data when interest in it dies down. We have implemented a prototype and evaluate it thoroughly with promising results.
AB - Digital forgetting deals with the unavailability of content uploaded to web and storage servers after the data has served its purpose. The content on the servers can be deleted manually, but this does not prevent data archival and access at different storage locations. This is problematic since then the data may be accessed for unintended or even malicious purposes long after the owners have decided to abandon the public availability of their data. Approaches which assign a lifetime value to data or use heuristics like interest in data to make it inaccessible after some time have been proposed, but digital forgetting is still in its infancy and there are a number of open problems with the proposed approaches. In this paper, we outline a general use case of cryptographic puzzles in the context of digital forgetting which—to the best of our knowledge—has not been proposed or explored before. One problem with recent proposals for digital forgetting is that attackers could collect or even delete anyone’s public data during their lifetime. In our approach, we deal with these problems by making it hard for the attacker to delete large quantities of data while making sure that the proposed solutions will not adversely deteriorate user experience in a disturbing manner. As a proof-of-concept, we propose a system with cryptographic (time-lock) puzzles that deals with malicious users while ensuring the permanent deletion of data when interest in it dies down. We have implemented a prototype and evaluate it thoroughly with promising results.
KW - Cryptographic Puzzles
KW - Digital Forgetting
KW - Time-lock Puzzles
UR - http://www.scopus.com/inward/record.url?scp=85052027058&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052027058&partnerID=8YFLogxK
U2 - 10.1145/3176258.3176327
DO - 10.1145/3176258.3176327
M3 - Conference contribution
AN - SCOPUS:85052027058
T3 - CODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
SP - 342
EP - 353
BT - CODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
Y2 - 19 March 2018 through 21 March 2018
ER -