SDOS: Using Trusted Platform Modules for Secure Cryptographic Deletion in the Swift Object Store Tim Waizenegger University of Stuttgart Institute for Parallel and Distributed Systems waizentm@ipvs.uni- stuttgart.de Frank Wagner University of Stuttgart Institute for Parallel and Distributed Systems wagnerfk@ipvs.uni- stuttgart.de Cataldo Mega University of Stuttgart Institute for Parallel and Distributed Systems megaco@ipvs.uni- stuttgart.de ABSTRACT The secure deletion of data is becoming increasingly im- portant to individuals, corporations as well as governments. Recent advances in worldwide laws and regulations now re- quire secure deletion for sensitive data in certain industries. Data leaks in the public and private sector are commonplace today, and they often reveal data which was supposed to be deleted. Secure deletion describes any mechanism that ren- ders stored data unrecoverable, even through forensic means. In the past this was achieved by destroying storage media or overwriting storage sectors. Both of these mechanisms are not well suited to today’s multi-tenant cloud storage solu- tions. Cryptographic deletion is a suitable candidate for these services, but a research gap still exists in applying cryp- tographic deletion to large cloud storage services. Cloud providers today rarely offer storage solutions with secure deletion for these reasons. In this Demo, we present a work- ing prototype for a cloud storage service that offers crypto- graphic deletion with the following two main contributions: A key-management mechanism that enables cryptographic deletion an on large volume of data, and integration with Trusted Platform Modules (TPM) for securing master keys. Keywords secure data deletion, cryptographic deletion, data erasure, records management, retention management, key manage- ment, data shredding, trusted platform module, TPM 1. BACKGROUND Cloud based storage solutions are popular services today especially among consumers. They are used for synchroniz- ing data across devices, for backup and archiving purposes, and for enabling access at any time from anywhere. But the adoption of such storage services still faces many challenges in the government and enterprise sector. The customers, c 2017, Copyright is with the authors. Published in Proc. 20th Inter- national Conference on Extending Database Technology (EDBT), March 21-24, 2017 - Venice, Italy: ISBN 978-3-89318-073-8, on OpenProceed- ings.org. Distribution of this paper is permitted under the terms of the Cre- ative Commons license CC-by-nc-nd 4.0 as well as the providers, have a desire to move storage sys- tems, or parts of these systems, to cloud environments in order to reduce cost and improve the service. But security issues often prevent customers from adopting cloud storage services. The providers often address these issues by offering some type of data encryption. They differ in three aspects: i) where the data encryption happens, ii) who has authority over the encryption keys, and iii) how keys are managed. In most offerings, the provider has authority over master keys and encryption happens on the provider side [1]. This allows the provider to read the customer’s data and enables them to offer more advanced services and up-sell customers in the future. If client side encryption is used and customers have authority over master keys, no provider access is pos- sible and less trust in the provider is required. Client side encryption with customer side key authority enables the use of cloud storage services for especially sensitive data. We propose a cloud storage systems that employs client- side encryption of content in order to address confidentiality concerns of customers. We further propose a key manage- ment that enables cryptographic deletion in order to assure customers’ legal and regulatory compliance. In this demo, we present a cloud storage system with the two main contributions: 1. Transparent data encryption with support for crypto- graphic deletion. 2. Trusted Platform Module integration that provides se- cure deletion and confidentiality for master keys. 2. CRYPTOGRAPHIC DELETION An often overlooked security aspect of cloud storage sys- tems is the secure deletion of data. Secure deletion de- scribes any mechanism that renders deleted data unrecov- erable, even through forensic means. Recent advances in worldwide regulation make secure deletion a requirement in many industries like banking and law enforcement [2, 4, 5]. Even industries without explicit regulation have an interest in securely removing deleted data in order to prevent fu- ture leaks and exposure [6]. In the past, secure deletion was achieved by destroying storage media or overwriting stor- age sectors. Both of these mechanisms are not well suited to today’s multi-tenant cloud storage solutions. Identifying the physical disks that need to be destroyed, or the blocks that need to be overwritten, becomes difficult to impossi- ble [7]. In this work, we assume an untrusted cloud storage Demonstration Series ISSN: 2367-2005 550 10.5441/002/edbt.2017.67