The Ephemerizer: Making Data Disappear Radia Perlman

Sun Labs 16 Network Circle Menlo Park, CA 94025 The Ephemerizer: Making Data Disappear Radia Perlman SMLI TR-2005-140 February 2005 Abstract: This paper is about how to keep data for a finite time, and then make it unrecoverable after that. It is difficult to ensure that data is completely destroyed. To be available before expiration it is desirable to create backup copies. Then absolute deletion becomes difficult, because even after explicitly deleting it, copies might remain on backup media, or in swap space, or be forensically recoverable. The obvious solution is to store the data encrypted, and then delete the key after expiration. The key is somewhat easier to manage, because it is smaller, but there is still the issue of needing to make the key reliably available for some time, and then reli- ably destroyed. It is difficult enough for a user to manage one key, much less different keys for different data expiration times. The user could keep each key on a tamper-proof smart card with no copies, but then the data will be lost prematurely if the user loses the smart card. And smart cards are expensive. So the idea in this paper is to concentrate all the key management expense and expertise in one place, a server we call an ���ephemerizer���. The ephemerizer cre- ates keys, makes them available for encryption, aids in decryption, and destroys the keys at the appropriate time. The design in this paper ensure that even if a client���s machine gets com- promised, and everything in stable storage (including long term user keys) is stolen, any data that has expired before the compromise remains unrecoverable. The paper starts with a description of an existing commercial scheme, and presents improve- ments to that scheme to eliminate the necessity for per-message state. Then it presents a new approach, based on public keys, and presents an initial design, and then a more efficient ver- sion using a new concept closely related to blind signatures, that we call ���blind decryption���. email address: radia.perlman@sun.com

Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. The SML Technical Report Series is published by Sun Microsystems Laboratories, of Sun Microsystems, Inc. Printed in U.S.A. Unlimited copying without fee is permitted provided that the copies are not made nor distributed for direct commercial advantage, and credit to the source is given. Otherwise, no part of this work covered by copyright hereon may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an information retrieval system, without the prior written permission of the copyright owner. TRADEMARKS Sun, Sun Microsystems, the Sun logo, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trade- mark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. For information regarding the SML Technical Report Series, contact Jeanie Treichel, Editor-in-Chief jeanie.treichel@sun.com.All technical reports are available online on our website, http://research.sun.com/techrep/.