Introduction
Crypto-shredding is a data destruction technique that consists in destroying the keys that allow the data to be decrypted, thus making the data undecipherable.
加密粉碎是一种数据销毁技术,旨在销毁允许数据解密的密钥,从而使数据无法破译。
Difficulty of data destruction
Data destruction is a major issue in data protection regulations such as the GDPR in the context of exercising an individual's right to erasure.
在行使个人删除权的背景下,数据销毁是 GDPR 等数据保护法规中的一个主要问题。
When a company exercises a person's right to erasure, it must search all databases, all object or flat storage, all logs (and their backups) to find all occurrences of a piece of data, and delete them.
当公司行使个人删除权时,它必须搜索所有数据库、所有对象或平面存储、所有日志(及其备份),以找到某条数据的所有出现位置,并将其删除。
Anyone who has ever been confronted with such a request will know that this is not easy:
任何曾经遇到过这样的请求的人都会知道这并不容易:
- it is difficult, if not impossible, to delete data contained in a backup (not to mention the backups that are silently made by the hosting companies);
- 删除备份中包含的数据即使不是不可能也是很困难的(更不用说托管公司默默制作的备份了);
- the same data is often replicated in different forms in the infrastructure;
- 相同的数据经常在基础设施中以不同的形式复制;
- deletion in a relational database can trigger a cascade of involuntary deletions;
- 关系数据库中的删除可能会触发级联的非自愿删除;
- and so on.
- 等等。
Benefits
Crypto-shredding changes the approach to the problem: instead of searching / cataloguing all versions of a piece of data across the entire infrastructure, the problem is centralized on one encryption key for all versions of a piece of data.
加密粉碎改变了解决问题的方法:问题集中在一条数据的所有版本的一个加密密钥上,而不是在整个基础设施中搜索/编目一条数据的所有版本。
When a piece of data is first collected, it is encrypted with a centrally managed individual key. The encrypted data is stored, backed up, replicated normally, decrypted each time it is used, and as soon as a new version is produced, it is encrypted with the same key.
首次收集数据时,会使用集中管理的单独密钥对其进行加密。加密的数据被正常存储、备份、复制,每次使用时都解密,一旦产生新版本,就用相同的密钥加密。
When you want to delete the piece of data, you don't need to start an archaeological dig, you just have to destroy the encryption key, which is managed centrally.
当你想要删除该数据时,你不需要开始考古挖掘,你只需要销毁加密密钥,加密密钥是集中管理的。
How it works
If the encryption key used to decrypt a piece of data is destroyed and there is no copy of it, this prevents anyone from decrypting the piece of data. This is called crypto-shredding a piece of data.
如果用于解密数据的加密密钥被破坏并且没有其副本,则任何人都无法解密该数据。 这称为加密粉碎数据。
The original data could then only be reconstructed by “breaking” the encryption, which with modern and robust algorithms is considered impossible. If “breaking” the cipher were possible on a given algorithm, then the algorithm used would be judged as vulnerable and would have to be abandoned.
原始数据只能通过“破解”加密来重建,而这对于现代且强大的算法来说是不可能的。 如果在给定的算法上“破解”密码是可能的,那么所使用的算法将被判断为易受攻击并且必须被放弃。
Thus, crypto-shredding a piece of data is equivalent, in terms of risk of data breach, to deleting the data.
因此,就数据泄露风险而言,加密粉碎一段数据相当于删除数据。
Limitations
Three limitations exist with crypto-shredding:
加密粉碎存在三个限制:
- if the encryption is poorly implemented (e.g., using vulnerable algorithms) crypto-shredding of a data would not be equivalent to deleting it;
- 如果加密实施不当(例如,使用易受攻击的算法),数据的加密粉碎并不等同于删除它;
- since crypto-shredding does not delete the encrypted data, the encrypted data would still take up disk space;
- 如果加密实施不当(例如,使用易受攻击的算法),数据的加密粉碎并不等同于删除它;
- keys have to be managed for each data and decryption operations have to be performed at each use, which requires a well organized key management, and secure deletion of the keys in paramount to crypto-shredding.
- 必须为每个数据管理密钥,并且必须在每次使用时执行解密操作,这需要组织良好的密钥管理,并且安全删除密钥对于加密粉碎至关重要。