Warning: Data Will Self-Destruct
This week’s Cyber Risk Report (CRR) discussed the newly available Vanish software that allows users to exchange messages whose contents are available for a limited period of time, and rendered unreadable afterward. Researchers from the University of Washington developed Vanish to protect against the recovery of the message data at a later time. The software leverages distributed hash tables (DHT), part of the infrastructure of torrent networks, to store keys to an encrypted message known as a Vanish data object (VDO). The keys are then publicly available for a period of time, allowing anyone in possession of the VDO to read it by retrieving the key from the DHT. Once the time expires, the keys are removed from the DHT and no longer available to decrypt the data.As a result, users can be reasonably sure that messages will no longer be able to be decrypted after a certain period of time. No matter where the data ends up, stored within the cloud, e-mail server backups, or ISP logs, the data is unrecoverable — aside from attacks against the encryption itself, such as brute force attacks. Even under threat of physical or legal compulsion, a user could not recover the key and decrypt the VDO after the specified time period passes, making the scheme best in a certain set of circumstances.The University of Washington researchers admit that this scheme is best used for messages meant to be read once, processed, and then forgotten about forever. Because messages eventually become unrecoverable, they aren’t meant to be used for archival purposes. The unrecoverability of messages may impact data retention policies for businesses or ISPs who must comply with laws in their country. As a result, organizations may decide to intercept, decrypt, and store in plain text any VDOs that pass through their systems, weakening the Vanish protections.The best use may be in e-mail messages between only a few parties when contents must stay secret for days or weeks. The University of Washington has developed a plugin for the Firefox browser that allows users to encrypt the contents of any messages within the browser. By encrypting e-mail messages between a few recipients, users can ensure that messages are accessible while they are relevant and then rendered unrecoverable without further action from the user.Vanish suffers from limitations, however, in the period of time before key expiration. If employers, ISPs, or governments simply decrypt and store all VDOs passing through their systems, those decrypted copies could be referenced later. Additionally, the more exposed the messages are, the greater the chance that the messages or keys will be copied or saved in plain text while they are recoverable. While the researchers suggest that Vanish is a good candidate for email services, social networks, or public forums, the system is designed in such a way that the fewer parties with access to the VDO, the better.Vanish functions best in a scenario involving few private parties who have no limitations in regard to legal requirements of data retention or auditing. For users who wish to compliment existing encryption schemes and want to prevent retrieval of data throughout a number of systems, Vanish works as advertised.