1997), has been designed to complement the traditional encryption to handle such a coercive attack. A novel encryption technique, plausibly deniable encryption (PDE) ( Canetti et al. Once the secret is disclosed, the transformed format created by encryption will be reversed, and the sensitive data will be leaked. To protect confidentiality of the data stored in a computing device, conventional encryption may not work when both the computing device and the device’s owner are captured by an attacker, since the attacker can coerce the owner to disclose the secret (i.e., a coercive adversary). This requires special techniques to completely destroy data, eliminating any traces which may lead to a full/partial data recovery. Secure deletion is to ensure that once the sensitive data are deleted, the probability of recovering them is negligibly small. All types of existing encryption mechanisms like symmetric encryption and asymmetric encryption can achieve the aforementioned security property. Encryption can protect confidentiality of the data stored at rest by transforming them into another format using some secrets (e.g., keys), such that the adversary is not able to correlate the transformed format to the original format without obtaining the secrets. For example, by recovering a naked picture deleted by a victim, the adversary can still use it to embarrass the victim or ask the victim for ransom money.Ĭorrespondingly, the research efforts for protecting data confidentiality can be divided into two categories: encryption and secure deletion. This is because, by recovering sensitive data which have been deleted, the attacker can achieve a similar gain compared to successfully attacking the confidentiality of the data being preserved in the devices. The data confidentiality should be ensured not only during their lifetime (i.e., the data are preserved in the devices), but also after their lifetime (i.e., the data have been removed from the devices). For example, Equifax data breach in July 2017 caused a leak of 145,500,000 consumer records a few local governments like cities of Chicago and San Francisco, as well as the Commonwealth of Massachusetts, have filed enforcement actions against Equifax ( Ballard Spahr LLP: State and local governments move swiftly to sue equifax 2017) Third, it will directly violate regulations like HIPAA ( Congress 1996), Gramm-Leach-Bliley Act ( Congress 1999), and Sarbanes-Oxley Act ( Sarbanes and Oxley 2002). Second, it will ruin reputation of businesses. For example, the data leakage of iCloud in 2014 disclosed almost 500 private pictures of various celebrities ( Cbsnews: Apple’s celebrity icloud leak probably has mundane causes 2014). Protecting confidentiality of those sensitive data is of paramount importance because: First, data leakage will endanger data owners’ privacy. Modern computing devices (e.g., desktops, laptops, smart phones, tablets, wearable devices) are increasingly used to process sensitive or even mission critical data. Especially for encryption, we mainly focus on the novel plausibly deniable encryption (PDE), which can ensure data confidentiality against both a coercive (i.e., the attacker can coerce the data owner for the decryption key) and a non-coercive attacker. This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of the data in personal computing devices, including both encryption and secure deletion. Encryption and secure deletion are used to ensure data confidentiality during and after their lifetime, respectively. To provide confidentiality guarantee, the data should be protected when they are preserved in the personal computing devices (i.e., confidentiality during their lifetime) and also, they should be rendered irrecoverable after they are removed from the devices (i.e., confidentiality after their lifetime). Ensuring confidentiality of sensitive data is of paramount importance, since data leakage may not only endanger data owners’ privacy, but also ruin reputation of businesses as well as violate various regulations like HIPPA and Sarbanes-Oxley Act.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |