Crypto-shredding, also known as cryptographic erasure, is a method used to sanitize or destroy data. The process involves encrypting the target data with a strong encryption key and then deliberately and securely deleting or overwriting that key. Without the key, the encrypted data (ciphertext) is rendered unrecoverable, which is functionally equivalent to its destruction. This technique is a core component of the "Destroy" phase of the cloud data life cycle, ensuring data is permanently and securely eliminated when it is no longer needed.

B. Create: This phase involves the generation of new data. While data may be encrypted upon creation, the destruction of its key does not occur here.

C. Archive: This phase is for long-term, inactive data retention. Data is preserved and protected, which is the opposite of the destruction accomplished by crypto-shredding.

D. Store: This phase involves committing data to a repository for active use. The goal is to maintain data availability and integrity, not to destroy it.

1. Cloud Security Alliance (CSA). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. (2017). In Domain 2: Governance and Enterprise Risk Management

the Data Security Lifecycle section describes the "Destroy" phase. It explicitly states

"For data in the cloud

the most viable option for data destruction is cryptographic erasure (crypto-shredding)." (p. 39).

2. National Institute of Standards and Technology (NIST). NIST Special Publication 800-88 Revision 1: Guidelines for Media Sanitization. (December 2014). Section 2.5

"Cryptographic Erase (CE)

" defines the process as using "the encryption of target data as a method of sanitization" where "the media is sanitized by erasing the cryptographic key." This publication categorizes CE as a method for data purging and destruction.

3. Mell

P.

& Grance

T. NIST Special Publication 800-144: Guidelines on Security and Privacy in Public Cloud Computing. (December 2011). Section 6.3

"Data Disposal

" discusses the challenges of verifying data deletion in the cloud and notes that "a possible solution is to encrypt the data and to discard the keys when the data is no longer needed

" which is the definition of crypto-shredding as a destruction method. (p. 22).

4. Fernandes

D. A. B.

Soares

L. F. B.

Gomes

J. V.

Freire

M. M.

& Inácio

P. R. M. (2014). "Security issues in cloud environments: a survey." International Journal of Information Security

13(2)

113–170. Section 5.3

"Data Deletion

" discusses crypto-shredding as a primary technique for secure data deletion in multi-tenant cloud environments

aligning it with the data destruction phase. (DOI: https://doi.org/10.1007/s10207-013-0208-7).