A team of computer scientists from several universities has devised an attack that is capable of reconstructing the so-called vanishing data objects created by a system called Vanish, which was designed to create secure data objects that would expire after a set time and could never be recreated.
The Vanish system was created by researchers at the University of Washington and debuted in July. Its purpose is to enable users to make sure that every copy of a given piece of data is unusable after a given period of time. The system accomplishes this by encrypting a data object with a key which is then split it into a number of pieces and the pieces are stored in a large peer-to-peer network. In order to decrypt the object, a set number of the key pieces need to be reassembled.
The security of the Vanish system relies not just on the strength of the encryption employed, but also on the notion that it would be prohibitively expensive and time-consuming for an attacker to locate and reassemble the required number of key pieces before the object expires. But teams of researchers from the University of Texas and the University of Michigan, as well as experts from Princeton University, devised a relatively inexpensive and effective way to defeat the Vanish system by recording all of the saved values on the P2P network and then simply searching for the key pieces needed to decode a specific object.
In their paper released today, “Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs,” the researchers show that the costs of doing this are far lower than the creators of Vanish had estimated.
The size of the Vuze DHT makes Sybil attacks challenging, as there are typically around a million peers. We investigated two strategies for making our attacks more efficient, which we call “hopping” and “cozying.” Hopping significantly reduced the cost of the attacks—as well as the load they placed on the DHT—while enabling us to record enough of the DHT’s contents to enable near-complete VDO recovery. Additional optimizations in our implementations brought further savings in CPU, memory, storage, and bandwidth
consumption.
The Vanish authors explicitly considered Sybil attacks against the DHT and estimated the cost to be around $860K per year. In contrast, our most efficient attack would cost only $5900 per year to operate at a level that would recover 99% of VDOs.
The attack takes advantage of some of the properties of the distributed hash table (DHT) that the Vanish system uses to hide its keys. For example, the system does not have a limit on the number of nodes that can join the DHT from one computer. The researchers added a large number of nodes to the network, which increased their efficiency and ability to gather large amounts of data. The creators of Vanish have addressed this problem in a new release of the system.
But the authors of the new paper show that even that defense isn’t good enough. They list a number of design problems with Vanish and say that the Vuze DHT, which it relies on for storage, was not built to resist crawling by attackers, making it susceptible to further attacks.
In a blog post about the Vanish paper, one of its authors, noted Princeton computer scientist Ed Felten (above), said there are enough problems with Vanish to consider it unreliable for sensitive data.
“For now, Vanish should be considered too risky to rely on. The standard for security is not “no currently demonstrated attacks”, it is “strong evidence that the system resists all reasonable attacks”. By updating Vanish to resist our attacks, the Vanish authors showed that their system is not a dead letter,” Felten wrote. “But in my view they are still some distance from showing that Vanish is secure. Given the complexity of underlying technologies such as Vuze, I wouldn’t be surprised if more attacks turn out to be possible.”
*Photo from Joi’s Flickr photostream.
