Skip to Main content Skip to Navigation
New interface
Conference papers

Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage

Abstract : To protect sensitive user data against server-side attacks, a number of security-conscious web applications have turned to client-side encryption, where only encrypted user data is ever stored in the cloud. We formally investigate the security of a number of such applications, including password managers, cloud storage providers, an e-voting website and a conference management system. We find that their security relies on both their use of cryptography and the way it combines with common web security mechanisms as implemented in the browser. We model these applications using the WebSpi web security library for ProVerif, we discuss novel attacks found by automated formal analysis, and we propose robust countermeasures.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download
Contributor : Ben Smyth Connect in order to contact the contributor
Submitted on : Monday, April 4, 2016 - 2:53:51 PM
Last modification on : Saturday, November 19, 2022 - 3:58:59 AM
Long-term archiving on: : Monday, November 14, 2016 - 4:01:09 PM


Files produced by the author(s)


  • HAL Id : hal-00863375, version 1


Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis. Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage. 2nd Conference on Principles of Security and Trust (POST 2013), 2013, Rome, Italy. pp.126--146. ⟨hal-00863375⟩



Record views


Files downloads