Crypto-shredding what is
Crypto-shredding is the practice of “removing” data by deliberately removing or overwriting encryption keys. It requires the data to be encrypted. Data is in three states: data at rest, data in transit and data in use. In the CIA triad of confidentiality, integrity and availability, all three states must be adequately protected.
Getting rid of inactive data, such as old backup tapes, data stored in the cloud, computers, phones and multifunction printers, can be challenging when privacy of information matters; when encryption is used, it allows data to be deleted seamlessly. Privacy and confidentiality are important drivers of encryption.
A motive for deleting data can be: a defective product, an old product, a refusal to continue using the data, no legal right to use or store the data, etc. E. Legal obligations may also come from rules such as: right to be forgotten, General Data Protection Regulation, etc.
In some cases everything is encrypted (e.g. hard drive, computer file, database, etc.), but in other cases only specific data (e.g. passport number, national insurance number, bank account number, name of person, database entry, etc.) is encrypted. Furthermore, the same specific data in one system can be encrypted with a different key in another system. The more specific pieces of data are encrypted (with different keys), the more specific data can be destroyed.
Example: iOS devices use crypto-shredding when “Erase all content and settings” is activated, deleting all keys in the “erase vault”. This makes all user data on the device cryptographically inaccessible.
- This only works with encrypted data. If your data is not fully encrypted, you should pay attention to this. Every time you send an email or access a cloud service or something similar, you expose yourself to unnecessary risks.
- For cloud computing, use the ‘bring your own encryption’ option whenever possible. This means that even your cloud provider cannot leak or disclose your data used in their application, because even they don’t have the key, and you do. You can’t write down or change the encryption key if it belongs to them, and you don’t have access to it.
- Make sure that your encryption keys are stored securely and cannot be duplicated. If your encryption keys can be easily accessed, this makes your encryption practically useless.
- Make sure you have a strong level of encryption, and be aware that over time it will probably need to be updated. As computers are able to process more and more information, the ability to break ciphers increases greatly. At the time of this writing 256-bit encryption is best and more than acceptable to most businesses, but that will change with time.
- Overwriting is better and more thorough than deleting the encryption key. Deleting the files does not mean that the 1s and 0s stored on your computer are gone. You need to write something on top of them. There are several ways to do this, so check with Google or your chief technology officer to see if this applies to you.
- Over time, the security of encryption may degrade as computers become faster or as flaws are discovered.
- Brute force attack : if the data is not encrypted properly, it can still be decrypted by brute force. Quantum computing can speed up brute force attack in the future. However, quantum computing is less effective against symmetric encryption than public key encryption. Assuming symmetric encryption is used, the fastest possible attack is the Grover algorithm, which can be mitigated by using larger keys.
- Data used. For example: encryption keys (plaintext) that are temporarily used in RAM, can be subjected to cold boot attacks, permanent hardware threats, rootkits/ bootkits, attacks on computer hardware supply chain and physical threats to computers from insiders (employees).
- Residual data : for example: when data on the hard disk is encrypted after it has been saved, there is the possibility that there is still unencrypted data on the hard disk. Encrypting data does not mean that it will automatically overwrite the same space with unencrypted data. Also, bad sectors cannot be subsequently encrypted. It is better to set up encryption before saving the data.
- Hibernation is a threat to the use of the encryption key. When the encryption key is loaded into RAM and the machine is hibernating at the time, all memory, including the encryption key, is stored on the hard disk (outside the safe storage location of the encryption key).
- The security issues mentioned are not related to crypto-shredding, but are generally related to encryption. In addition to crypto-shredding, data erasure, demagnetization and physical shredding of the physical device (disk) can further reduce risk.