The rapid expansion of multi-cloud environments and the growing prevalence of collaborative data ownership present significant challenges in ensuring the verifiable deletion of co-owned data. Current approaches predominantly address individual ownership and often rely on simplistic one-bit result protocols where a deletion command merely outputs success or failure, turning the deletion into a black box without proper verification. This paper tackles the problem of secure processing and verifiable deletion of shared outsourced data in multi-cloud environments. We design a framework that enables a data owner to outsource encrypted data to multiple co-owners, who perform computations directly within their respective cloud providers---ensuring that sensitive data never leaves the cloud. Our system leverages readily available cloud Hardware Security Modules (HSMs) to manage cryptographic keys from generation to controlled destruction---ensuring data remains inaccessible beyond its intended use. Secure Enclaves enforce on-cloud data computation, eliminating local copies and preventing unauthorized exposure. Encrypted data is structured within a fixed storage model, ensuring controlled allocation and strict storage constraints. When data expires or must be deleted to meet regulatory requirements, our framework triggers zero-residual permuted overwriting to remove the data traces irreversibly. Verifiability is achieved at two levels: Bounded Merkle Hash Tree (BMHT) ensures bounded storage and verifiable deletion within each cloud provider. In contrast, Global Merkle Forest (GMF) aggregates BMHT roots across providers, enabling consistent global verification. The data owner maintains a log of these BMHT roots, allowing independent verification of secure deletion across the multi-cloud environment. ... Read more

The exponential growth of digital data has reshaped the global landscape of information management, posing urgent security, compliance, and sustainability challenges. Cloud computing offers scalable, ubiquitous storage but raises critical concerns about data lifecycle governance, especially the irreversible deletion of data that has outlived its purpose. Digital forgetting becomes the art of purposeful disappearance in a cloud that remembers everything. The thesis addresses this pressing question: \textbf{Can cloud-stored data ever be truly forgotten?}

To answer this, the thesis presents four interrelated contributions
to reinforce digital data forgetting in cloud storage: advancing privacy-preserving forgetting, enabling audience-specific expiration control, supporting collaborative deletion for co-owned data, and ensuring verifiable erasure in untrusted multi-cloud environments.

To address retrospective privacy, we propose Key Decay, a cryptographic scheme where encryption keys degrade irreversibly over time, eliminating reliance on ephemeral storage and enhancing data expiration guarantees.

To support audience-specific data expiration, we propose a Disjunctive Multi-Level Forgetting Scheme that enables distinct user groups to access the same data under tailored validity periods. Smart contracts and decay sensitivity tuning enforce flexible governance across hierarchical access levels.

To manage co-owned data deletion, we introduce a Policy-Based Conjunctive Scheme that accommodates overlapping group memberships and collaborative decision-making. It applies conjunctive thresholds and verifiable key decay that comply with secure forgetting under the EU General Data Protection Regulation (GDPR) Right to Be Forgotten in real-world multi-stakeholder settings.

To ensure verifiable deletion under Byzantine infrastructure, we design a Verifiable Deletion Framework for Multi-Cloud Environments, combining Hardware Security Modules, Secure Enclaves, and dual-layer Merkle hashing to produce cryptographic proofs of deletion across providers both locally and globally.

Together, these contributions form a unified, privacy-preserving framework for managing cloud data from creation to irreversible deletion, reinforcing secure digital forgetting and regulatory compliance. ... Read more

The virtue of data forgetting has become a substantial demand in the digital era. Once online content has served its purpose, the concept of forgetting arises to ensure that data remains private between data owners and service providers. Despite significant advancements in supporting data forgetting through approaches like access heuristics, elastic expiration times, and manual revocation, the existing research falls short in addressing the demand for a multi-level forgetting structure that can cater to diverse audience-based expiration requirements while considering additional criteria. To the best of our knowledge, no prior works have investigated this gap, emphasizing the need for a comprehensive solution that can effectively accommodate the varying expiration needs of different audience groups. In this paper, we introduce a novel disjunctive multi-level forgetting scheme designed to meet the aforementioned demand for data forgetting. Our scheme introduces unique expiration periods for the encrypted data the service provider stores, called levels. Users are grouped into different levels based on priorities assigned by the data owners. Each level corresponds to a specific expiration threshold, enabling designated user groups to access the content within its validity period before it is forgotten. This approach enables selective data forgetting for one group while enabling concurrent access and retention for other user groups until the stipulated expiration period elapses. To achieve this, we have devised a cutting-edge system that integrates a hierarchical and dynamic scheme utilizing a key decay for managing expiration periods. Moreover, we introduce an innovative approach that harnesses smart contracts on a local Ethereum blockchain to enforce regulations and streamline the secure and efficient expiration and deletion of data. Finally, we thoroughly evaluate our proposed scheme, focusing on decay sensitivity, computational complexity, and rigorous security analysis. ... Read more

During the recent development of information technology and the prevalent breakthroughs of its services, more digital data tend to be readily stored online. Although the massive advantages, there is a pivotal necessity for curating digital data forgetting. Online content can pose perilous threats in terms of privacy and security that may hinder the right to be forgotten, encompassed by the GDPR act, since the released data can be archived and accessed retrospectively. Prior approaches focused on various access heuristics and elastic expiration times to make the data unreachable to some extent. However, there are still many pending issues related to the proposed studies, such as securing ephemeral key storage and co-ownership data deletion. In this paper, we attempt to tackle the problem of storing ephemeral keys during the estimated validity period. Hence, we devise a novel concept called key decay over time, which can achieve the ephemeral existence of the key. The decay idea entails the gradual, irreversible corruption of the key with time passing. In the current work, we combine the concept of gradual time elapsing and corruption into a single notion of the decay rate. Meanwhile, the irreversibility merit formed by randomness and various obfuscation strategies impedes retrospective attacks. Over time, the decay rate will give an estimated range for the key to be destroyed entirely. Finally, we implement and thoroughly assess a proof-of-concept regarding the key decay, including computational complexity and security analysis. ... Read more