cloud views2010 google docs privacy
TRANSCRIPT
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA
Privacy for Google Docs: Implementing a
Transparent Encryption Layer
Lilian [email protected]
GRADIANT, Galician Research and Development Centre in Advanced Telecommunication
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 2
Outline
• Introduction
• Firefox Add-on
• Using the secure Google Docs
• Conclusion and Future Work
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 3
Cloud Computing• Distributed computing + distributed storage +
virtualization.
• Advantages for users:
– Scalability.
– Ubiquity.
– Pay-per-use.
– No HW/maintenance cost.
IaaS
PaaS
SaaS
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 4
Cloud Privacy• Problems:
– Confidentiality: sensitive data exposed to the infrastructure provider.
– Privacy of the information: unauthorized access to private data by users.
– Loss of data: can users really trust on provider’s infrastructure reliability?
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 5
Document editing SaaS
Maximum document size Maximum storage Price
Real time collaboration
Edit uploaded documents Type documents
Google Docs 500K 1 GB free Yes Yes Text Spreadsheets Presentations
Zoho - 1 GB free No Yes Text Spreadsheets Presentations
Microsoft Office Live
25MB 500 MB free No No Text Spreadsheets Presentations
ThinkFree 10 MB 1 GB 30 days trial Yes - Text Spreadsheets Presentations
Feng Office - 300MB 30 days trial Yes Text Spreadsheets Presentations
Adobe BuzzWord 10 MB - free Yes No Text
Maximum document size
Maximum storage Price Real time
collaborationEdit uploaded documents
Type documents
Google Docs 500K 1 GB free Yes YesText
Spreadsheets Presentations
Zoho - 1 GB free No YesText
Spreadsheets Presentations
Microsoft Office Live 25MB 500 MB free No No
Text Spreadsheets Presentations
ThinkFree 10 MB 1 GB 30 days trial Yes -Text
Spreadsheets Presentations
Feng Office - 300MB 30 days trial YesText
Spreadsheets Presentations
Adobe BuzzWord 10 MB - free Yes No Text
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 6
Firefox Add-on• Master password.
• Hidden indices: algorithm + options
– User index: information about encrypted and not shared documents.
– Shared index: information about encrypted and shared documents.
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 7
Firefox Add-on
• Channel listeners: intercept the communication with Google Docs servers.
• Google Docs API • AJAX requests
• XUL (interface) + JavaScript.
authentication,documents list, sharing permissions...
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 8
Firefox Add-on
Algorithm, options
docId
Recover
Store
Google docsCloud
Encrypteddocuments
Client with Internet browser
EncryptionDecryption
module
Browser add-on
Cipheredtext
S
tore
Recover
Index
Plaintext
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 9
Using the secure Google Docs: Changes in interface
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 10
Using the secure Google Docs: Encrypting a
document
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 11
Using the secure Google Docs: Supported algorithms
Name Block size Key size Security SpeedSpeed
depends onkey size?
AES Advanced Encryption Standard 128 bits 128, 192, 256
bits Secure Fast Yes
DES Data Encryption Standard 64 bits 56 bits Insecure Slow -
Triple DES
Triple Data Encryption Algorithm 64 bits 56-168 bits Moderately secure Very Slow No
Blowfish - 64 bits 32-448 bits Moderately secure Fast No
RC4 Rivest Cipher 4 64 bits 8-2048 bits Insecure Very fast No
TEA Tiny Encryption Algorithm 64 bits 128 bits Insecure Fast No
xxTEA Corrected Block TEA
arbitrary, (min 64 bits) 128 bits Moderately secure Fast No
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 12
Using the secure Google Docs:
Opening document w/o plugin
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA 13
Conclusion and Future Work
• New security layer to protect Google Docs documents in a transparent way.
• Encryption in client-side: content of documents sent and stored in Google cloud servers are not accessible.
• Encrypted shared documents in development.• Ciphered spreadsheets: need of server side
support (operations performed in server-side).
CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA
Privacy for Google Docs: Implementing a
Transparent Encryption Layer
THANK YOU FOR YOUR ATTENTION!!
Lilian [email protected]