Majumdar, Suryadipta (2014) On End-to-end encryption for Cloud-based Services. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
1MBkeyfob-thesis.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
Cloud-based services are now an integral part of everyday lives of many users.
Indeed, users who do not use Facebook, Gmail, Dropbox, GoogleDrive, QQ, Baidu or
similar services are now a rarity. These services offer seamless integration of
user data with multiple user-owned devices, reliable online backup, and enable
easy and instant communications between users. Such features, at an affordable
price of zero dollars, make these services very popular, even though they are
an antithesis to user privacy, and help create large-scale surveillance programs
such as NSA PRISM. Several mechanisms have been proposed and implemented to make
these services privacy-friendly. Most past proposals rely on public key systems
with user-managed private keys, or password-based symmetric encryption.
We explore a symmetric-key approach without password-derived keys
to facilitate end-to-end encryption of
stored user data (e.g., cloud storage) and communication messages (e.g.,
web-based email). We propose Keyfob, a key management scheme for easy key
transfer between user-owned devices, and between users. Keyfob uses high-entropy
random keys for encryption instead of password-derived keys, and leverages
DH-EKE (Bellovin and Merritt, IEEE S&P 1992) with weak secrets for secure key
transfer. Each user needs to manage one user-master key, and all other keys are
derived from that master key or a pair-wise shared master key. We implemented Keyfob
as a Firefox extension using the Firefox Sync service, which implements an EKE
variant. Keyfob can make several applications and services privacy-friendly, if
appropriate intermediate layers are implemented, e.g., as plugins between a
target cloud-service application and the Keyfob extension. We have implemented
two such plugins to support encrypted Dropbox (in desktop and Android) and Gmail
(in desktop). Our hope in proposing Keyfob with a symmetric-key approach is to
highlight challenges in such a lesser-explored mechanism, and attract
researchers towards the long-standing problem of enabling end-to-end encryption
in a cloud-dominated environment.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Majumdar, Suryadipta |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Information Systems Security |
Date: | 8 September 2014 |
Thesis Supervisor(s): | Mannan, Mohammad |
ID Code: | 978975 |
Deposited By: | SURYADIPTA MAJUMDAR |
Deposited On: | 04 Nov 2014 17:08 |
Last Modified: | 18 Jan 2018 17:48 |
Repository Staff Only: item control page