Crypto-shredding

Last updated January 17, 2025

Crypto-shredding or crypto erase (cryptographic erasure) is the practice of rendering encrypted data unusable by deliberately deleting or overwriting the encryption keys: assuming the key is not later recovered and the encryption is not broken, the data should become irrecoverable, effectively permanently deleted or "shredded".^[1] This requires that the data have been encrypted.

Data may be considered to exist in three states: data at rest, data in transit and data in use. General data security principles, such as in the CIA triad of confidentiality, integrity, and availability, require that all three states must be adequately protected. Deleting data at rest on storage media such as backup tapes, data stored in the cloud, computers, phones, or multi-function printers can present challenges when confidentiality of information is of concern. When encryption is in place, data disposal is more secure, as less data (only the key material) needs to be destroyed.

Motivations for use

There are various reasons for using crypto-shredding, including when the data is contained in defective or out-of date systems, there is no further use for the data, the circumstances are such that there are no [longer] legal rights to use or retain the data, and other similar motivations. Legal obligations may also come from regulations such as the right to be forgotten, the General Data Protection Regulation, and others. Data security is largely influenced by confidentiality and privacy concerns.

Use

In some cases all data storage is encrypted, such as encrypting entire harddisks, computer files, or databases. Alternatively only specific data may be encrypted, such as passport numbers, social security numbers, bank account numbers, person names, or record in a databases. Additionally, data in one system may be encrypted with separate keys when that same data is contained in multiple systems. When specific pieces of data are encrypted (possibly with different keys) it allows for more specific data shredding. There is no need to have access to the data (like an encrypted backup tape), only the encryption keys need to be shredded.^[2]

Example

iOS devices and Macintosh computers with an Apple T2 or Apple silicon chip use crypto-shredding when performing the "Erase all content and settings" action by discarding all the keys in 'effaceable storage'. This renders all user data on the device cryptographically inaccessible, in a very short amount of time.^[3]

Best practices

Storing encryption keys securely is important for shredding to be effective. For instance, shredding has no effect when a symmetric or asymmetric encryption key has already been compromised. A Trusted Platform Module is meant to address this issue. A hardware security module is considered one of the most secure ways to use and store encryption keys.
Bring your own encryption refers to a cloud computing security model to help cloud service customers to use their own encryption software and manage their own encryption keys.
Cryptographic 'salting': Hashing can be inadequate for confidentiality, because the hash is always the same when entering the same data. For example: The hash of a specific social security number can be reverse engineered by the help of rainbow tables. Salt addresses this problem.

Security considerations

There are many security issues that should be considered when securing data. Some examples are listed in this section. The security issues listed here are not specific to crypto-shredding, and in general these may apply to all types of data encryption. In addition to crypto-shredding, data erasure, degaussing and physically shredding the physical device (disk) can mitigate the risk further.

Encryption strength can weaken over time as computing speed becomes more efficient and more time is available to discover exploits in secure systems.
Brute-force attack : If data is not adequately encrypted it may be possible to decrypt it through brute-force methods. Newer technology such as quantum computing increases the potential to allow brute-force attacks to become more efficient in the future.^[4] However, quantum computing is less effective against specific encryption methods such as symmetric encryption than others that are more vulnerable to brute-force attacks such as public-key encryption. Even when data is secured via use of symmetric encryption, there are methods such as Grover's algorithm that make these kinds of attacks more effective, though this can be mitigated by other enhancements, such as using larger key values^[5] and/or using post-quantum cryptography standards.^[6]

Data in use : Data that is "in use" has specific vulnerabilities. For example, when (plaintext) encryption keys are temporarily stored in RAM, it may be vulnerable to cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats from users who have access.
Data remanence is the ability of computer memory to retain previously stored information beyond its intended lifetime, which also increases its vulnerability to unintended access. For example: When data on a harddisk is encrypted after it has been stored, it is possible that unencrypted data may remain on the harddisk. Encrypting data does not necessarily ensure the data will be overwritten at the same location as the unencrypted data. In addition, any bad sectors on a harddisk cannot be encrypted after data has been written to those locations. Encrypting data at the time it is written is always more secure than encrypting it after it has been stored without encryption.
Hibernation presents additional threats when an encryption key is used. Once an encryption key is loaded into RAM and the machine is placed into hibernation, all memory, including the encryption key, may be stored on the harddisk, which is outside of the encryption key's safe storage location.

Related Research Articles

In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm.

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security. There are many kinds of public-key cryptosystems, with different security goals, including digital signature, Diffie-Hellman key exchange, public-key key encapsulation, and public-key encryption.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. The requirement that both parties have access to the secret key is one of the main drawbacks of symmetric-key encryption, in comparison to public-key encryption. However, symmetric-key encryption algorithms are usually better for bulk encryption. With exception of the one-time pad they have a smaller key size, which means less storage space and faster transmission. Due to this, asymmetric-key encryption is often used to exchange the secret key for symmetric-key encryption.

In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

<span class="mw-page-title-main">Block cipher mode of operation</span> Cryptography algorithm

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

In computer security, challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

Multiple encryption is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. It is also known as cascade encryption, cascade ciphering, multiple encryption, and superencipherment. Superencryption refers to the outer-level encryption of a multiple encryption.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of stored data and for the corresponding cryptographic key management.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into "cipher text" that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially "malicious" intentions. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as "meaningless" encrypted data adds extra steps for hackers to retrieve the data. There are multiple techniques and technologies available for database encryption, the most important of which will be detailed in this article.

Convergent encryption, also known as content hash keying, is a cryptosystem that produces identical ciphertext from identical plaintext files. This has applications in cloud computing to remove duplicate files from storage without the provider having access to the encryption keys. The combination of deduplication and convergent encryption was described in a backup system patent filed by Stac Electronics in 1995. This combination has been used by Farsite, Permabit, Freenet, MojoNation, GNUnet, flud, and the Tahoe Least-Authority File Store.

In cryptographic protocol design, cryptographic agility or crypto-agility is the ability to switch between multiple cryptographic primitives.

An oblivious pseudorandom function (OPRF) is a cryptographic function, similar to a keyed-hash function, but with the distinction that in an OPRF two parties cooperate to securely compute a pseudorandom function (PRF).

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Crypto-shredding in 'The Official ISC2 Guide to the SSCP CBK' ISBN 1119278651

[2] Crypto shredding: How it can solve modern data retention challenges on medium.com

[3] Crypto-shredding using effaceable storage in iOS on stanford.edu

[4] "Factsheet post quantum cryptography on ncsc.nl". Archived from the original on 2017-11-17. Retrieved 2017-11-17.

[5] Post Quantum-Crypto for dummies on wiley-vch.de

[6] NIST post-quantum encryption standards

[1]

[2]

[3]

[4]

[5]

[6]