Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long ([email protected]) Supervisor : Prof. N. Asokan Advisor : Sandeep Tamrakar
Jan 18, 2018
Securely assessing encrypted cloud storage from multiple devices
Nguyen Hoang Long ([email protected])
Supervisor : Prof. N. AsokanAdvisor : Sandeep Tamrakar
2
Motivation
• Cloud storage allows users to synchronize data across multiple devices.
• Privacy concern about data stored on cloud storage.
• Client-side encryption is an effective way of preserving data privacy.• State of the art: encryption keys derived from passwords
• People pick weak passwords; re-use passwords.• Strong keys: Key distribution • File updates require re-encrypting whole file communication overhead.
3
Goals
Design a multi-platform solution for secure remote storage and file synchronization that:
• automatically encrypts files with client-generated strong keys.• securely distributes keys across users’ devices without any
third party server.• works seamlessly with existing cloud storage services• offers consistent and minimal user interaction.• is efficient in file update and synchronization
4
Design & implementation
• OmniShare application• Works with Dropbox• Available on Android & Windows (PC)
https://se-sy.org/projects/omnishare/
5
Design & implementation
6
Key hierarchy
Auth. Encryption 128-bit AES-GCM
Key hierarchy Top: Root key (RK) Corresponds to directory
structure
Lock-box protects RK 2048-bit RSA public key
Directory Key
Root Key (RK)
Plaintext file Ciphertext fileFile Key
Device keypair
7
Key Distribution
Mobile device A
c
Encrypted content
Key distribution channel discovered automatically (using capability info stored on cloud server)
OOB channel
Encrypt with PKnew
Camera / Display: QR code display / key board: passcode
Authorized DeviceB
New DeviceA
8
Key distribution using QR code
Scan QR codeOOB channel
PKA Verify(PKA , H)
M1 = Enc(PKA , RK)
M2 = HMAC(KSesAuth , M1)M1 + M2
Verify (M1, M2, KSesAuth)
RK = Dec(SKA , M1)
H = hash(PKA)
KSesAuth ∈R{0,1}n
New Device A Authorized Device B
Local ChannelCloud storage
Channel
9
Key distribution using Passcode
New Device A Authorized Device B
P
Copy OOB channel
M = EncAE(Kses , RK)M
RK = DecAE(Kses , M)
Password-authenticated key agreement protocol (PAKE)
Kses
(Passcode)P
Kses
P
Local ChannelCloud storage
Channel
We implement using the Secure Remote Password protocol
10
Problem: Updating encrypted file
<< File size
≈ File size
P- =Updated file Original file
E- =Encrypted updated file
Encrypted original file
11
c
Encrypted Original file
Incremental synchronization
Updated file Original file Diff file
Encrypted diff file
decrypt
Diff file
+Original file Updated file
12
Implementation
13
Evaluation: Security Security evaluation using tool-supported formal
method (Scyther)
Key distribution using QR code
Key distribution using passcode
14
Evaluation: Performance
WA - QRP AA - QRP WA - SRP AW - SRP AA - SRP0
10
20
30
40
50
60
70
Avg
Protocol execution time(seconds)
WA: Windows - AndroidAA : Android - AndroidAW: Android – Windows
QRP: Key dist using QR codeSRP: Key dist using passcode
15
Evaluation: Usability
16
Conclusion
Advantages: Client-side encryption utility with high-entropy keys Multiple platforms Intuitive key distribution mechanism.
Limitation: Incremental synchronization is not robust
Error-prone Double local storage capacity Calculating diff requires reading both revision at the same time.
File conflicts
17
Thank you