syslog
25Oct/112

proof of deletion

in between reading SOSP liveblogging notes, I'm still trying to think up how one might implement a "proof of deletion" service for cloud storage - here's the latest

a user stores data in the cloud - the data is encrypted so cloud provder cannot simply read it, but is amenable to privacy preserving queries on some keys.

the user wants to delete a record, contacts a third party (the grim reaper?), and gives then the keys of records. the third party tells the cloud service to delete the data. and then, using an anonymous service (via TOR etc) queries the record - they should get a 404 response.

of course, the cloud provider can squirrel data away but not in any useful way, as the TTP can do the query at any time

why ot just let the user run the query? well they might want to go away, and rely on the TTP who might also be persistent and might have bigger TOR guns....

Comments (2) Trackbacks (0)
  1. What are you trying to protect against?  If the end user has the only copy of the key (and the key is sufficiently long) surely it doesn’t matter if the data stays in the cloud indefinitely?  Only the cloud provider would care whether the data is actually deleted when the user asks, as they presumably want the space back.

  2. Indeed, simply securely deleting the key would seem to satisfy the underlying problem. 


Leave a comment

No trackbacks yet.