Securing Digital Archiving Systems Against Mass Breaches and Long-Term Security Degradation
| dc.contributor.advisor | Samavi, Reza | |
| dc.contributor.advisor | Sekerinski, Emil | |
| dc.contributor.advisor | Stebila, Douglas | |
| dc.contributor.author | Aly, Mohamed | |
| dc.contributor.department | Computing and Software | en_US |
| dc.date.accessioned | 2023-10-12T20:07:33Z | |
| dc.date.available | 2023-10-12T20:07:33Z | |
| dc.date.issued | 2023 | |
| dc.description.abstract | Every year the amount of digitally stored sensitive information increases significantly. Due to the digitization of such information, adversarial attacks on digital archiving systems have increased significantly as well. In this thesis, we address two areas of digital archiving systems security, mass data breaches and long-term security. Mass data breaches—mass leakage of stored information—are a major security concern. Encryption can provide confidentiality, but encryption depends on a key which, if compromised, allows the attacker to decrypt everything, effectively instantly. Security of encrypted data thus becomes a question of protecting and managing the encryption keys. For long-term security, cryptographic schemes based on single computational assumptions are not guaranteed to stay secure for such long periods so they cannot be used for this purpose. Current state-of-the-art systems providing long-term confidentiality and integrity rely on information-theoretic techniques, such as multi-server secret sharing and commitments. These systems achieve the desired results; however, establishing private channels for secret sharing is costly and requires a complex setup. This thesis provides solutions for both mass data breaches and long-term security. First, we propose using keyless encryption to construct ArchiveSafe, a mass leakage resistant archiving system, where decryption of a file is only possible after the requester, whether an authorized user or an adversary, solves a cryptographic puzzle. This proposal is geared towards protection of infrequently accessed archival data, where any one file may not require too much work to decrypt but decryption of a large number of files—mass leakage—becomes increasingly expensive for an attacker. Secondly, we present ArchiveSafe LT, a framework for digital archiving systems aiming to provide long-term confidentiality and integrity. The framework relies on using multiple computationally secure schemes to form robust combiners, with a design that plans for agility and evolution of cryptographic schemes. ArchiveSafe LT is efficient and suitable for practical adoption as it eliminates the need for private channels compared to its counterparts. Finally, we present the Hybrid Merkle Tree. An authenticated data structure based on the Merkle tree. It supports evolving to a secure hashing function if its hashing function becomes insecure, making it suitable for integrity schemes used by secure long-term digital archiving systems. We show how it can be integrated in ArchiveSafe LT as an example. Due to the recent increase in digitally stored sensitive information, digital archiving systems have become a crucial part in the information systems space, and we believe their importance will continue to grow in the near future. This research contributes towards the goal of improving the security of these systems in the short and long term. | en_US |
| dc.description.degree | Doctor of Philosophy (PhD) | en_US |
| dc.description.degreetype | Dissertation | en_US |
| dc.description.layabstract | In this thesis, we address three challenges faced in securing digital archives. The first challenge is how to protect digital archives against security information leakage leading to mass data breaches. We developed an anti mass-leakage archiving system that eliminates the need for managing large sets of secret keys and preventing an adversary from gaining immediate and unlimited access to all archives if a key is compromised. The second challenge is how to keep these archives secure in the long-term despite the advancement of computational powers and cryptanalysis techniques. We developed a secure archiving framework guaranteeing secure long-term confidentiality and integrity protection. The third challenge is to construct an efficient and simple way to protect the integrity of the archives in the long-term. We developed the Hybrid Merkle Tree, a succinct updatable data structure based on Merkle trees. | en_US |
| dc.identifier.uri | http://hdl.handle.net/11375/29037 | |
| dc.language.iso | en | en_US |
| dc.subject | Secure Digital Archiving Systems | en_US |
| dc.subject | Secure Data Storage | en_US |
| dc.subject | Hybrid Merkle Tree | en_US |
| dc.subject | Client Puzzles | en_US |
| dc.title | Securing Digital Archiving Systems Against Mass Breaches and Long-Term Security Degradation | en_US |
| dc.type | Thesis | en_US |