Communications of the ACM
Researchers Break Vanish Security System
Researchers at the University of Texas at Austin, Princeton and the University of Michigan claim to have broken the Vanish security system, a research prototype that seeks to protect the privacy of online data and data communications by making it unreadable after a period of time.
"We . . . have broken the security guarantees of the Vanish system with a system we call Unvanish," according to the Unvanish Web site. The Unvanish team includes Scott Wolchok, a graduate student at the University of Michigan; Owen S. Hofmann, a PhD student in computer science at the University of Texas at Austin; Nadia Heninger, a graduate student in theoretical computer science at Princeton; Ed Felten, Director of the Center for Information Technology Policy and a Professor of Computer Science and Public Affairs at Princeton; Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan; Chris Rossbach, Post-doctoral researcher at the Computer Sciences Department at the University of Texas at Austin; Brent Waters, Assistant Professor, University of Texas at Austin; and Emmett Witchel, Assistant Professor of Computer Science at the University of Texas at Austin.
"The attack was actually rather straightforward," said assistant professor Waters in an email message to a reporter.
The Unvanish team released a new paper describing their work on Monday (September 28), entitled "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs."
In a blog post, Professor Felton called the paper "the next chapter in an interesting story about the making, breaking and possible fixing of security systems."
The Vanish and Unvanish teams are playing a cat-and-mouse game of developing ever more sophisticated enncryption systems and then finding and exposing their weaknesses. Their work is evolving quickly. The Vanish prototype, developed at the University of Washington, was updated with new defenses on September 20. Vanish integrates cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs) in an approach that involves self-destructing data. It is one of several encryption schemes that have attracted recent interest.
The Unvanish team targeted Vanish's new defenses in its latest attacks. "The proposed new defenses are interesting and merit further investigation, but, for the time being, Vanish's security should be viewed with skepticism," the Unvanish team said in its September 28 update. "Whether DHTs are the best choice for key-share storage remains an open question."
No entries found
Comment on this article
Signed and anonymous comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if you are signed into the site, and will be anonymous if you are not signed in. View our policy on commentsLog in to Submit a Signed Comment
Sign In »
Sign In
To submit a signed comment, sign in using your ACM Web Account username and password if you are an ACM member, Communications subscriber or Digital Library subscriber.Create a Web Account »
An email verification has been sent to youremail@email.com
ACM veriŞes that you are the owner of the email address you've provided by sending you a veriŞcation message. The email message will contain a link that you must click to validate this account.NEXT STEP: CHECK YOUR EMAIL
You must click the link within the message in order to complete the process of creating your account. You may click on the link embedded in the message, or copy the link and paste it into your browser.Continue as an anonymous user »