ArchiveSafe: Mass-Leakage-Resistant Storage from Proof-of-Work

TL;DR

ArchiveSafe introduces a keyless, proof-of-work-based storage system that makes mass data leakage costly for attackers, especially suitable for infrequently accessed archives, by requiring computational puzzles for decryption.

Contribution

The paper presents a novel keyless encryption method using proof-of-work to resist mass data leakage, with a prototype implementation as a Linux file system driver.

Findings

System behavior varies with file size and puzzle difficulty.

Keyless encryption can be layered with traditional encryption for enhanced security.

Prototype demonstrates practical feasibility and resistance to mass decryption.

Abstract

Data breaches-mass leakage of stored information-are a major security concern. Encryption can provide confidentiality, but encryption depends on a key which, if compromised, allows the attacker to decrypt everything, effectively instantly. Security of encrypted data thus becomes a question of protecting the encryption keys. In this paper, we propose using keyless encryption to construct a mass leakage resistant archiving system, where decryption of a file is only possible after the requester, whether an authorized user or an adversary, completes a proof of work in the form of solving a cryptographic puzzle. This proposal is geared towards protection of infrequently-accessed archival data, where any one file may not require too much work to decrypt, decryption of a large number of files-mass leakage-becomes increasingly expensive for an attacker. We present a prototype implementation realized as a user-space file system driver for Linux. We report experimental results of system behaviour under different file sizes and puzzle difficulty levels. Our keyless encryption technique can be added as a layer on top of traditional encryption: together they provide strong security against adversaries without the key and resistance against mass decryption by an attacker.