Christian Hoffmann, Christoph Brand, Steffen Heinzl
{"title":"Towards an Architecture for End-to-End-Encrypted File Synchronization Systems","authors":"Christian Hoffmann, Christoph Brand, Steffen Heinzl","doi":"10.1109/WETICE.2015.30","DOIUrl":null,"url":null,"abstract":"Users often utilize Dropbox and similar services to store their data in a cloud. They protect their data through encryption services offered by the cloud provider. But how reasonable is such a protection? The cloud provider is usually able to (at least theoretically) read the encrypted data, since he is the one holding the encryption keys. And even if you trust a cloud provider, what happens if the cloud provider is acquired by another company? Do you also trust the acquiring company? Global surveillance has become a daily issue, outlined by disclosures of files from the United States National Security Agency (NSA). To keep one's data protected from unauthorized access, a user optimally needs to trust as few other parties as possible. We should aim for a future, in which users are able to protect their data without having to trust the cloud provider who stores their data. This can be achieved by using strong, auditable client-side encryption. This paper presents a first step towards this goal. Starting from a basic requirement -- the principle of least privilege -- requirements are derived that again result in an architecture to build end-to-end-encrypted file synchronization systems. The resulting architecture's practical applicability is shown by a concrete implementation.","PeriodicalId":256616,"journal":{"name":"2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2015.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Users often utilize Dropbox and similar services to store their data in a cloud. They protect their data through encryption services offered by the cloud provider. But how reasonable is such a protection? The cloud provider is usually able to (at least theoretically) read the encrypted data, since he is the one holding the encryption keys. And even if you trust a cloud provider, what happens if the cloud provider is acquired by another company? Do you also trust the acquiring company? Global surveillance has become a daily issue, outlined by disclosures of files from the United States National Security Agency (NSA). To keep one's data protected from unauthorized access, a user optimally needs to trust as few other parties as possible. We should aim for a future, in which users are able to protect their data without having to trust the cloud provider who stores their data. This can be achieved by using strong, auditable client-side encryption. This paper presents a first step towards this goal. Starting from a basic requirement -- the principle of least privilege -- requirements are derived that again result in an architecture to build end-to-end-encrypted file synchronization systems. The resulting architecture's practical applicability is shown by a concrete implementation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
