Skip to Main content Skip to Navigation
Conference papers

Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage

Abstract : To protect sensitive user data against server-side attacks, a number of security-conscious web applications have turned to client-side encryption, where only encrypted user data is ever stored in the cloud. We formally investigate the security of a number of such applications, including password managers, cloud storage providers, an e-voting website and a conference management system. We find that their security relies on both their use of cryptography and the way it combines with common web security mechanisms as implemented in the browser. We model these applications using the WebSpi web security library for ProVerif, we discuss novel attacks found by automated formal analysis, and we propose robust countermeasures.
Document type :
Conference papers
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal.inria.fr/hal-00863375
Contributor : Ben Smyth <>
Submitted on : Monday, April 4, 2016 - 2:53:51 PM
Last modification on : Friday, May 25, 2018 - 12:02:06 PM
Long-term archiving on: : Monday, November 14, 2016 - 4:01:09 PM

File

keys-to-the-cloud-post13.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00863375, version 1

Collections

Citation

Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis. Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage. 2nd Conference on Principles of Security and Trust (POST 2013), 2013, Rome, Italy. pp.126--146. ⟨hal-00863375⟩

Share

Metrics

Record views

282

Files downloads

361