Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

From Cyber Threat to Data Shield: Constructing Provably Secure File Erasure with Repurposed Ransomware Cryptography

Jiahui Shang, Luning Zhang, Zhongxiang Zheng

TL;DR

This work addresses secure data erasure by repurposing ransomware-style encryption into a legitimate destruction mechanism. It introduces SEER, a system that combines Curve25519 for key exchange, SHA-256 for key derivation, and the Sosemanuk stream cipher in a layered architecture with immediate in-memory key destruction, linking encryption irrecoverability to secure key erasure. Theoretical reductions tie SEER’s security to well-known hard problems, while practical validation on an ESXI platform demonstrates four-order-of-magnitude speedups over DoD 5220.22 across file types, with empirical evidence that the core ransomware encryption remains resistant to public cracking. This dual emphasis on theory and implementation establishes SEER as a fast, verifiable, and robust solution for irrecoverable data destruction in high-security contexts.

Abstract

Ransomware has emerged as a persistent cybersecurity threat,leveraging robust encryption schemes that often remain unbroken even after public disclosure of source code. Motivated by the technical resilience of such mechanisms, this paper presents SEER (Secure and Efficient Encryption-based Erasure via Ransomware), a provably secure file destruction system that repurposes ransomware encryption for legitimate data erasure tasks. SEER integrates the triple-encryption design of the Babuk ransomware family, including Curve25519-based key exchange,SHA-256-based key derivation, and the Sosemanuk stream cipher, to construct a layered key management architecture. It tightly couples encryption and key destruction by securely erasing session keys immediately after use. Experimental results on an ESXI platform demonstrate that SEER achieves four orders of magnitude performance improvement over the DoD 5220.22 standard. The proposed system further ensures provable security through both theoretical foundations and practical validation, offering an efficient and resilient solution for the secure destruction of sensitive data.

From Cyber Threat to Data Shield: Constructing Provably Secure File Erasure with Repurposed Ransomware Cryptography

TL;DR

This work addresses secure data erasure by repurposing ransomware-style encryption into a legitimate destruction mechanism. It introduces SEER, a system that combines Curve25519 for key exchange, SHA-256 for key derivation, and the Sosemanuk stream cipher in a layered architecture with immediate in-memory key destruction, linking encryption irrecoverability to secure key erasure. Theoretical reductions tie SEER’s security to well-known hard problems, while practical validation on an ESXI platform demonstrates four-order-of-magnitude speedups over DoD 5220.22 across file types, with empirical evidence that the core ransomware encryption remains resistant to public cracking. This dual emphasis on theory and implementation establishes SEER as a fast, verifiable, and robust solution for irrecoverable data destruction in high-security contexts.

Abstract

Ransomware has emerged as a persistent cybersecurity threat,leveraging robust encryption schemes that often remain unbroken even after public disclosure of source code. Motivated by the technical resilience of such mechanisms, this paper presents SEER (Secure and Efficient Encryption-based Erasure via Ransomware), a provably secure file destruction system that repurposes ransomware encryption for legitimate data erasure tasks. SEER integrates the triple-encryption design of the Babuk ransomware family, including Curve25519-based key exchange,SHA-256-based key derivation, and the Sosemanuk stream cipher, to construct a layered key management architecture. It tightly couples encryption and key destruction by securely erasing session keys immediately after use. Experimental results on an ESXI platform demonstrate that SEER achieves four orders of magnitude performance improvement over the DoD 5220.22 standard. The proposed system further ensures provable security through both theoretical foundations and practical validation, offering an efficient and resilient solution for the secure destruction of sensitive data.

Paper Structure

This paper contains 16 sections, 1 equation, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Technical Limitations of Traditional File Destruction Methods
  4. Application of Encryption Technology in File Destruction
  5. Approach
  6. Experiment
  7. Experimental Setup
  8. Experimental Evaluation
  9. Security Reduction
  10. Theoretical Level
  11. Implementation Level
  12. Two-dimensional Verification of Ransomware Encryption Algorithm Security
  13. Actual Attack Cases
  14. Actual Cracking Cases
  15. Case Summary and Implementation Level Reduction
  16. ...and 1 more sections

Figures (3)

  • Figure 1: Comparison between ransomware and SEER
  • Figure 2: Double adversary model of Curve25519 algorithm
  • Figure 3: Implementation-level dual adversary model algorithm