Guessing-resistant, fast, and cryptographically verifiable deletion is desirable in multiple computing platforms and scenarios: laptops and mobile devices are often lost, and subjected to coercion (e.g., at border controls) and physical attacks (e.g., extraction of memory-resident secrets); server platforms must comply with privacy laws, e.g., to effectively erase user data, and reuse storage space; and employee PCs and mobile devices in an enterprise must be wiped in a timely fashion (corporate data), specifically, to handle mass layoffs (e.g., protecting data from angry insiders). While governments/businesses have policies to safely remove data from devices, proper deletion is currently not proven at a technical level by any solution.
Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information (data) on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
With the increased reliance on computer systems in most aspect of our society the field has been one of growing importance for nearly 30 years since the first “computer worm.” Today computer security is critical in almost any industry exploiting computer systems including, but not limited to, financial systems, utilities, industrial equipment, aviation, consumer devices, corporations, Government, healthcare, and automotive. With the wide variety of so-called “smart” devices including smartphones, televisions, wearable devices, and tiny devices as part of the Internet of Things security attacks can now be launched from essentially anywhere at multiple devices simultaneously using one or more networks including, for example, the Internet, private data networks, wireless networks, and near-field communications.
Increasingly, consumers and individuals within enterprises/Government/corporations have significant electronic data footprints on multiple devices with varying levels of protection and sensitivity. For example, today a user may have all their financial access credentials on their smartphone. Over time attackers have evolved multiple attack techniques including, but not limited to, backdoors, denial-of-service, direct-access, eavesdropping, spoofing, tampering, privilege escalation, phishing, clickjacking, social engineering and trojans. In some instances, the attackers triggered new defences or in others new defences triggered new attack methodologies such that over time security techniques such as firewalls, intrusion detection systems, account access controls, cryptography, multi-factor authentication, trusted platforms, biometric validation, etc. have evolved.
However, despite the significant resources expended over the past 30 years to design, implement, and improve these computer security techniques there are still security issues that have been difficult to overcome or prevent. The first issue is coercion where a user's access control credentials are obtained by an attacker through violence and/or threats of violence to the user or an individual associated with the user such as a partner, child, family member, co-worker etc. or any other coercive means by any person or entity. Whist exploited within television and cinema for major crimes this can be as prosaic as a child threatening another to access and exploit their social media through to threatening a parent to empty his financial accounts right the way to threatening or blackmailing Government officials, corporate employees, etc. There is no existing system for a user to know that the credential details they provide as a result of the coercion results not in the coercer gaining access but securely erasing access to the information completely. There is also no existing system to convince or provide proof of data deletion to an adversary, in the hope that the adversary may realize that there is no further point in coercing the user (e.g., by holding her in detention or by torturing in any means).
The second issue is the vulnerability of computer systems during their “wake up” from a “sleep” mode. Sleep modes are commonly used on computer systems to shut down aspects of the computer system after a period of inactivity to save power, reduce wear and tear, etc. However, generally a user will either not apply a security credential/access control to the recovery process, i.e. the waking up, from this sleep mode or employ one which is relatively low complexity/simple as it may be a frequent occurrence during their work etc. or their laptop, tablet, cell phone, or other computer system in sleep mode in their backpack as they go to work, school, coffee-shop etc. However, generally the system is fully logged in with the user's security credentials so that access to their data etc. simply requires physical access, through theft, coercion etc. or allows the attacker to exploit attacks essentially from “within” system rather than trying to breach firewalls, sidestep intrusion detection systems etc. Even if a computer is equipped with full-disk encryption and other data and network security mechanisms (e.g., password protection, anti-malware, IDS), a lot of unprotected secrets, including passwords and encryption keys, may reside in the computer's main memory (RAM) during sleep. There is no existing system to provide users with an enhanced security process/protocol for their system(s) during sleep mode and the subsequent wake up.
Another issue is, sometimes there is a need to delete encryption keys from multiple computer systems at once. For example, in situations when an organization is laying off a number of employees who hold many computer system from the institution with sensitive information, or a spy network in a hostile country has been exposed threatening the hostile country to capture all the computer systems used by the spy network, or any other situations where multiple computer systems have some encrypted information that must be deleted. There is no system to provide encryption key deletion in multiple computer system over network.
User devices (powered off or in sleep) may fall into the wrong hands in multiple ways, e.g., through coercion, theft, or loss. An adversary may launch password guessing and physical attacks (including main memory extraction) against such a device. It may of utmost importance to a user to be able to delete sensitive data from the dispossessed device. Currently, there is no system to achieve such deletion without using a third-party service that requires network access to the target device (i.e., the attacker must connect the device to the Internet); such third-party remote erase services also lack technical verification of the deletion process.