Crypto-shredding is the technique to discard the encryption keys for the encrypted data without zeroizing/deleting the encrypted data, hence making the data undecipherable.
Over the past many years, the topic of data protection has been hitting the headlines. The unstoppable movement of data from various sources is susceptible to various risks and threats that had impacted millions of users in a short time. In the present technological era, data encryption has become the de-facto standard within the various industries; however, the management of encrypted data has become an uphill task for the stakeholders.
While discussing the management of encrypted data, there are two types of encrypted data to be looked into: Active encrypted data & Passive encrypted data.
With the active encrypted data, the data is used by various crypto-systems and being handled appropriately within the security ecosystem, whereas, with the passive encrypted data, the data is not used actively and is ready to be destructed.
Challenges in data destruction
Data destruction is a challenging task while exercising it as an individual’s right for erasure, specifically in reference to data protection regulations such as GDPR. While exercising the right to erasure, the organization has to look up all the references of concerned data within their databases, logs, backups, etc., find the relevant data and delete it from their systems; however, this is not a straightforward task and contains pros & cons of its own.
Next comes the solution to this problem, i.e., crypto-shredding.
Crypto-shredding: Solution to data destruction
As we know, in the crypto-shredding, the encryption is key is discarded/destroyed, and since the key is destroyed, the data that is encrypted by the key automatically becomes unusable as it can’t decrypt it without the key; however, we need to make sure there are no other copies of the key which could be used by bad actors to decrypt the data as the data is still available and lies in an encrypted fashion.
Also, there could be another possibility of breaking the encryption algorithm that can be safely discarded as if the algorithm would have been breakable. It would be considered and marked as vulnerable by the relevant authorities, and any organization would not be using it in the first place itself to encrypt the data.
Considering the above pointers, we can safely assume that the crypto-shredding is equivalent to deleting/zeroizing the data itself.
Crypto-shredding tackles the problem of searching/indexing the specific data reference across the entire infrastructure in a different way by focusing only on one crucial aspect, i.e., management of encryption keys. For example, when the new data is created and is supposed to be stored/backed up/replicated. Before performing any action on this, the data would be encrypted first and then processed further for any action. When the data is supposed to be deleted, rather than searching the data references in your infrastructure, it simply deletes the encryption keys to make the data undecipherable.
Till now, we have understood the strengths of crypto-shredding. Let’s look at the weaknesses as well:
If the encryption applied to the data is not strong enough, the data breach could still occur, and in this case, the process of crypto-shredding won’t be useful.
Since the crypto-shredding deletes the keys only, the encrypted data still exists, and that would require the management of storage in your environment.
As the whole concept of crypto-shredding revolves around the key deletion, the organizations must have an efficient key management system that involves secure key deletion.
Currently, there are no standards in place for crypto-shredding as such. However, certain compliance standards require something called “the right to be forgotten” where the customer has the right to ask that all their personal data be completely deleted without undue delay. Crypto-shredding is an efficient technique to manage the passive encrypted data, but with its own limitations. Many organizations still do not use crypto-shredding as it’s not prescribed by authorities such as NIST, GDPR, etc. Instead of crypto-shredding, customers can take a look at NIST Special Publication 800-88 revision 1, which is a NIST document discussing the sanitization of data.
Dipanshu Bhatnagar is a Principal Consultant Cloud Security Specialty at Encryption Consulting working with PKIs, AWS Cloud Cryptographic services and tools, Google Cloud Cryptographic Services, and helping high profile clients towards their cloud journey with complete data privacy assurance.