Login | Register

On End-to-end encryption for Cloud-based Services


On End-to-end encryption for Cloud-based Services

Majumdar, Suryadipta (2014) On End-to-end encryption for Cloud-based Services. Masters thesis, Concordia University.

[thumbnail of keyfob-thesis.pdf]
Text (application/pdf)
keyfob-thesis.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Cloud-based services are now an integral part of everyday lives of many users.
Indeed, users who do not use Facebook, Gmail, Dropbox, GoogleDrive, QQ, Baidu or
similar services are now a rarity. These services offer seamless integration of
user data with multiple user-owned devices, reliable online backup, and enable
easy and instant communications between users. Such features, at an affordable
price of zero dollars, make these services very popular, even though they are
an antithesis to user privacy, and help create large-scale surveillance programs
such as NSA PRISM. Several mechanisms have been proposed and implemented to make
these services privacy-friendly. Most past proposals rely on public key systems
with user-managed private keys, or password-based symmetric encryption.
We explore a symmetric-key approach without password-derived keys
to facilitate end-to-end encryption of
stored user data (e.g., cloud storage) and communication messages (e.g.,
web-based email). We propose Keyfob, a key management scheme for easy key
transfer between user-owned devices, and between users. Keyfob uses high-entropy
random keys for encryption instead of password-derived keys, and leverages
DH-EKE (Bellovin and Merritt, IEEE S&P 1992) with weak secrets for secure key
transfer. Each user needs to manage one user-master key, and all other keys are
derived from that master key or a pair-wise shared master key. We implemented Keyfob
as a Firefox extension using the Firefox Sync service, which implements an EKE
variant. Keyfob can make several applications and services privacy-friendly, if
appropriate intermediate layers are implemented, e.g., as plugins between a
target cloud-service application and the Keyfob extension. We have implemented
two such plugins to support encrypted Dropbox (in desktop and Android) and Gmail
(in desktop). Our hope in proposing Keyfob with a symmetric-key approach is to
highlight challenges in such a lesser-explored mechanism, and attract
researchers towards the long-standing problem of enabling end-to-end encryption
in a cloud-dominated environment.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Majumdar, Suryadipta
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:8 September 2014
Thesis Supervisor(s):Mannan, Mohammad
ID Code:978975
Deposited On:04 Nov 2014 17:08
Last Modified:18 Jan 2018 17:48
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top