Securing Digital Archiving Systems Against Mass Breaches and Long-Term Security Degradation

Abstract

Every year the amount of digitally stored sensitive information increases significantly. Due to the digitization of such information, adversarial attacks on digital archiving systems have increased significantly as well. In this thesis, we address two areas of digital archiving systems security, mass data breaches and long-term security. Mass data breaches—mass leakage of stored information—are a major security concern. Encryption can provide confidentiality, but encryption depends on a key which, if compromised, allows the attacker to decrypt everything, effectively instantly. Security of encrypted data thus becomes a question of protecting and managing the encryption keys. For long-term security, cryptographic schemes based on single computational assumptions are not guaranteed to stay secure for such long periods so they cannot be used for this purpose. Current state-of-the-art systems providing long-term confidentiality and integrity rely on information-theoretic techniques, such as multi-server secret sharing and commitments. These systems achieve the desired results; however, establishing private channels for secret sharing is costly and requires a complex setup.

This thesis provides solutions for both mass data breaches and long-term security. First, we propose using keyless encryption to construct ArchiveSafe, a mass leakage resistant archiving system, where decryption of a file is only possible after the requester, whether an authorized user or an adversary, solves a cryptographic puzzle. This proposal is geared towards protection of infrequently accessed archival data, where any one file may not require too much work to decrypt but decryption of a large number of files—mass leakage—becomes increasingly expensive for an attacker.

Secondly, we present ArchiveSafe LT, a framework for digital archiving systems aiming to provide long-term confidentiality and integrity. The framework relies on using multiple computationally secure schemes to form robust combiners, with a design that plans for agility and evolution of cryptographic schemes. ArchiveSafe LT is efficient and suitable for practical adoption as it eliminates the need for private channels compared to its counterparts.

Finally, we present the Hybrid Merkle Tree. An authenticated data structure based on the Merkle tree. It supports evolving to a secure hashing function if its hashing function becomes insecure, making it suitable for integrity schemes used by secure long-term digital archiving systems. We show how it can be integrated in ArchiveSafe LT as an example.

Due to the recent increase in digitally stored sensitive information, digital archiving systems have become a crucial part in the information systems space, and we believe their importance will continue to grow in the near future. This research contributes towards the goal of improving the security of these systems in the short and long term.