Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage

Abstract : To protect sensitive user data against server-side attacks, a number of security-conscious web applications have turned to client-side encryption, where only encrypted user data is ever stored in the cloud. We formally investigate the security of a number of such applications, including password managers, cloud storage providers, an e-voting website and a conference management system. We find that their security relies on both their use of cryptography and the way it combines with common web security mechanisms as implemented in the browser. We model these applications using the WebSpi web security library for ProVerif, we discuss novel attacks found by automated formal analysis, and we propose robust countermeasures.
Type de document :
Communication dans un congrès
David Basin and John Mitchell. 2nd Conference on Principles of Security and Trust (POST 2013), 2013, Rome, Italy. spv, 7796, pp.126--146, 2013, lncs
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00863375
Contributeur : Ben Smyth <>
Soumis le : lundi 4 avril 2016 - 14:53:51
Dernière modification le : mardi 12 avril 2016 - 01:07:20
Document(s) archivé(s) le : lundi 14 novembre 2016 - 16:01:09

Fichier

keys-to-the-cloud-post13.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-00863375, version 1

Collections

Citation

Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis. Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage. David Basin and John Mitchell. 2nd Conference on Principles of Security and Trust (POST 2013), 2013, Rome, Italy. spv, 7796, pp.126--146, 2013, lncs. 〈hal-00863375〉

Partager

Métriques

Consultations de la notice

200

Téléchargements de fichiers

139