Communications of the ACM
New Digital Security Program Doesn't Protect as Promised
The Vanish security system has been broken by a team of researchers from the University of Texas at Austin, Princeton University, and the University of Michigan. Developed by scientists at the University of Washington, Vanish is designed to protect a computer user's data by restricting the availability of the encryption key used to access it after a certain amount of time, such as eight hours. Vanish splits up the keys into many small pieces and stores them at many different places on the network, which makes the data look like digital gibberish.
However, the team of researchers has developed a program, Unvanish, which is capable of collecting and storing anything that looks like a fragment of a Vanish key on the network, checking its archive of fragments and finding the pieces needed to decrypt a message. The researchers say Unvanish can make messages reappear long after they should have disappeared, close to 100 percent of the time.
"A true self-destruction feature continues to be challenging to provide," says Texas professor Brent Waters.
Texas professor Emmett Witchel says that "our goal with Unvanish is to discourage people from relying on the privacy of a system that is not actually private."
From University of Texas at Austin
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA 
No entries found