Sign In

Communications of the ACM

ACM News

Researchers Break Vanish Security System


University of Texas at Austin Assistant Professor Brent Waters

Researchers at the University of Texas at Austin, Princeton and the University of Michigan claim to have broken the Vanish security system, a research prototype that seeks to protect the privacy of online data and data communications by making it unreadable after a period of time.

"We . . . have broken the security guarantees of the Vanish system with a system we call Unvanish," according to the Unvanish Web site. The Unvanish team includes Scott Wolchok, a graduate student at the University of Michigan; Owen S. Hofmann, a PhD student in computer science at the University of Texas at Austin; Nadia Heninger, a graduate student in theoretical computer science at Princeton; Ed Felten, Director of the Center for Information Technology Policy and a Professor of Computer Science and Public Affairs at Princeton; Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan; Chris Rossbach, Post-doctoral researcher at the Computer Sciences Department at the University of Texas at Austin; Brent Waters, Assistant Professor, University of Texas at Austin; and Emmett Witchel, Assistant Professor of Computer Science at the University of Texas at Austin.

"The attack was actually rather straightforward," said assistant professor Waters in an email message to a reporter.

The Unvanish team released a new paper describing their work on Monday (September 28), entitled "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs."

In a blog post, Professor Felton called the paper "the next chapter in an interesting story about the making, breaking and possible fixing of security systems."

The Vanish and Unvanish teams are playing a cat-and-mouse game of developing ever more sophisticated enncryption systems and then finding and exposing their weaknesses. Their work is evolving quickly. The Vanish prototype, developed at the University of Washington, was updated with new defenses on September 20. Vanish integrates cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs) in an approach  that involves self-destructing data. It is one of several encryption schemes that have attracted recent interest.

The Unvanish team targeted Vanish's new defenses in its latest attacks. "The proposed new defenses are interesting and merit further investigation, but, for the time being, Vanish's security should be viewed with skepticism," the Unvanish team said in its September 28 update. "Whether DHTs are the best choice for key-share storage remains an open question."

 


 

No entries found

Comment on this article

Signed comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if published. View our policy on comments

(Please sign in or create an ACM Web Account to access this feature.)

Create an Account

Log in to Submit a Signed Comment

Sign In »

Sign In

Signed comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if published. View our policy on comments
Forgot Password?

Create a Web Account

An email verification has been sent to youremail@email.com
ACM veriŞes that you are the owner of the email address you've provided by sending you a veriŞcation message. The email message will contain a link that you must click to validate this account.
NEXT STEP: CHECK YOUR EMAIL
You must click the link within the message in order to complete the process of creating your account. You may click on the link embedded in the message, or copy the link and paste it into your browser.