Performance Impacts of JavaScript-Based Encryption of HTML5 Web Storage for Enhanced Privacy

The HTML5 Web Storage API provides the ability for web applications to store data on client machines. This storage is commonly used for caching, local state tracking, and offline support that allows web applications to work when the web server cannot be contacted. The HTML5 Web Storage is becoming increasingly popular with the majority of new web applications using at least some features provided by this standard. Unfortunately, the local storage provided by HTML5 Web Storage is not entirely secure and does not sufficiently ensure the confidentiality of the user’s data. Encrypting data prior to storage is a common approach to protecting local user data. However, as browser-based applications become more complex and demanding the impact of data encryption may adversely impact application performance. Furthermore, the average web developer is generally not proficient in cryptographic best practices in web applications. First, we provide a simple design approach for encryption of local storage that supports offline web applications. Second, we analyze the impact of various symmetric encryption algorithms and implementations on the performance of the HTML Web Storage API. We show that there are several viable options that will increase the confidentiality and privacy of user data within local storage without imposing significant performance penalties.