A secure data deletion scheme for IoT devices through key derivation encryption and data analysis

Jinbo Xiong, Lei Chen, Md Zakirul Alam Bhuiyan, Chunjie Cao, Minshen Wang, Entao Luo, Ximeng Liu

Research output: Contribution to journalArticlepeer-review

33 Scopus citations

Abstract

With the widespread adoption of mobile devices in various IoT services, an increasing amount of personal sensitive data are stored in IoT devices using flash memory as storage medium. Personal sensitive data are subject to privacy leakage due to unauthorized access, accidentally loss or resale of IoT devices. To tackle this challenge, in this paper, we present a novel key derivation encryption (KDE) algorithm, which is then used to construct a secure data deletion (SDDK) scheme for IoT devices. Initially, we design a nodal key tree based on flash memory's hierarchical structure, and present a KDE algorithm to generate data key for encrypting user's sensitive data and simplify key management. Meanwhile, based on KDE, we propose an SDDK scheme by combining partial block erasure with key deletion to remove both the ciphertext and the key components after data expiration, thereby implementing secure data deletion on IoT devices. Furthermore, we formally describe the process of SDDK using a mathematical analysis model, and give an optimal solution to reduce the page transfer overhead by employing implicit enumeration analysis algorithm. Finally, security analysis shows that the KDE algorithm is provably secure and the SDDK scheme implements data privacy protection and secure deletion of invalid data. Performance analysis and experimental results indicate that the SDDK scheme is effective and efficient.

Original languageEnglish
Pages (from-to)741-753
Number of pages13
JournalFuture Generation Computer Systems
Volume111
DOIs
StatePublished - Oct 2020

Scopus Subject Areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Keywords

  • Block erasure
  • IoT devices
  • Key derivation
  • Privacy protection
  • Secure deletion

Fingerprint

Dive into the research topics of 'A secure data deletion scheme for IoT devices through key derivation encryption and data analysis'. Together they form a unique fingerprint.

Cite this