Cryptology ePrint Archive: Report 2014/364

Deleting Secret Data with Public Verifiability

Feng Hao and Dylan Clarke and Avelino Francisco Zorzo

Abstract: Existing software-based data erasure programs can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a one-bit-return protocol turns the data deletion system into a black box -- the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside. In this paper, we present a cryptographic solution that aims to make the data deletion process more transparent and verifiable. In contrast to the conventional black/white assumptions about TPM (i.e., either completely trust or distrust), we introduce a third assumption that sits in between: namely, ``trust-but-verify''. Our solution enables a user to verify the correct implementation of two important operations inside a TPM without accessing its source code: i.e., the correct encryption of data and the faithful deletion of the key. Finally, we present a proof-of-concept implementation of the SSE system on a resource-constrained Java card to demonstrate its practical feasibility. To our knowledge, this is the first systematic solution to the secure data deletion problem based on a ``trust-but-verify'' paradigm, together with a concrete prototype implementation.

Category / Keywords: cryptographic protocols / key management, smart cards, zero knowledge, secure data deletion

Date: received 25 May 2014, last revised 14 Apr 2015

Contact author: haofeng66 at gmail com

Available format(s): PDF | BibTeX Citation

Note: Updated to be consistent with the camera-ready paper to be published by IEEE TDSC.

Version: 20150414:151452 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]