22-05-2014, 12:58 PM
Data Loss Prevention Using an Ephemeral Key
Data Loss Prevention .pdf (Size: 402.89 KB / Downloads: 43)
ABSTRACT
With the advent of cloud storage, smartphones, MP3 music
players, and removable flash devices, data is more mobile
than ever before. However, with this newfound mobility
come the issues of how to determine whether data may be
too sensitive to leave a user’s device, and, if it is appropri-
ate to save the data to remote storage, how best to secure
it for the long term. Data loss prevention applications per-
form this job, typically by redirecting potentially sensitive
saved files to a secure local storage quarantine, scanning
them, and then doing a final copy to remote storage if the
scan passes policy. The problem with local storage quar-
antine is the additional overhead required to essentially se-
rially write the file twice—once to local storage and finally
once to the remote storage destination. This paper presents
an alternate method for doing data loss prevention using
an ephemeral cryptographic key. By using an ephemeral
key, encrypted data can be safely scanned in situ on the
remote storage destination and securely removed if inap-
propriate. This direct technique results in better efficiency
and lower latency than a circuitous local storage quaran-
tine. An added benefit of using an ephemeral key for data
loss prevention is that the encrypted file can be secured af-
terward to the persistent keys of multiple recipients with a
minimum of additional post-processing.
IMPLEMENTATION
An important aspect about DLP strategies is that unpro-
tected data should never be written to remote storage. De-
pending on secure deletion to remove the file if it is inap-
propriate is unreliable [7]. For example, because of wear
leveling in flash memory devices, it may never be possi-
ble to overwrite this sensitive data again [5]. In the case
of cloud storage, the cloud implementation may be so ab-
stracted from the actual storage device that overwriting ex-
isting data is not guaranteed, and if the data center is run
by a third party the implementation may not be completely
trusted [11]. Finally, in all cases the user could discon-
nect the remote storage device or simply power down the
machine while the DLP scan is occurring and before the
chance to overwrite and delete.
Ephemeral Key
In order to protect vulnerable data, an ephemeral crypto-
graphic key will be used in conjunction with the encrypt-
able file system. The key is considered ephemeral because
it exists only for the duration of the user’s logon session.
As shown in figure 2, the user logs on, the DLP engine ini-
tializes and creates an ephemeral key, the user logs off, and
then the DLP engine wipes that single ephemeral key from
memory. The ephemeral key is generated once per user’s
logon session not only to facilitate access to all files created
during the logon session but also to completely remove ac-
cess to those files after the logon session if the files have not
been properly DLP scanned or if the files have been deleted
due to DLP policy.
CONCLUSION
One issue particular to ephemeral key DLP is the safety
of encrypted data on the remote storage device that is then
deleted. Ephemeral key DLP relies on the strength of cryp-
tography to allow in situ processing of the file and quick
secure deletion. Similar techniques such as Enhanced Se-
cure Erase are NIST 800-88 approved and considered se-
cure. As long as the cryptographic algorithm used is not
compromised this data should not be recoverable.