securely assessing encrypted cloud storage from multiple devices nguyen hoang long supervisor :...
DESCRIPTION
3 Goals Design a multi-platform solution for secure remote storage and file synchronization that: automatically encrypts files with client-generated strong keys. securely distributes keys across users’ devices without any third party server. works seamlessly with existing cloud storage services offers consistent and minimal user interaction. is efficient in file update and synchronizationTRANSCRIPT
![Page 1: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/1.jpg)
Securely assessing encrypted cloud storage from multiple devices
Nguyen Hoang Long ([email protected])
Supervisor : Prof. N. AsokanAdvisor : Sandeep Tamrakar
![Page 2: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/2.jpg)
2
Motivation
• Cloud storage allows users to synchronize data across multiple devices.
• Privacy concern about data stored on cloud storage.
• Client-side encryption is an effective way of preserving data privacy.• State of the art: encryption keys derived from passwords
• People pick weak passwords; re-use passwords.• Strong keys: Key distribution • File updates require re-encrypting whole file communication overhead.
![Page 3: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/3.jpg)
3
Goals
Design a multi-platform solution for secure remote storage and file synchronization that:
• automatically encrypts files with client-generated strong keys.• securely distributes keys across users’ devices without any
third party server.• works seamlessly with existing cloud storage services• offers consistent and minimal user interaction.• is efficient in file update and synchronization
![Page 4: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/4.jpg)
4
Design & implementation
• OmniShare application• Works with Dropbox• Available on Android & Windows (PC)
https://se-sy.org/projects/omnishare/
![Page 5: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/5.jpg)
5
Design & implementation
![Page 6: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/6.jpg)
6
Key hierarchy
Auth. Encryption 128-bit AES-GCM
Key hierarchy Top: Root key (RK) Corresponds to directory
structure
Lock-box protects RK 2048-bit RSA public key
Directory Key
Root Key (RK)
Plaintext file Ciphertext fileFile Key
Device keypair
![Page 7: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/7.jpg)
7
Key Distribution
Mobile device A
c
Encrypted content
Key distribution channel discovered automatically (using capability info stored on cloud server)
OOB channel
Encrypt with PKnew
Camera / Display: QR code display / key board: passcode
Authorized DeviceB
New DeviceA
![Page 8: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/8.jpg)
8
Key distribution using QR code
Scan QR codeOOB channel
PKA Verify(PKA , H)
M1 = Enc(PKA , RK)
M2 = HMAC(KSesAuth , M1)M1 + M2
Verify (M1, M2, KSesAuth)
RK = Dec(SKA , M1)
H = hash(PKA)
KSesAuth ∈R{0,1}n
New Device A Authorized Device B
Local ChannelCloud storage
Channel
![Page 9: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/9.jpg)
9
Key distribution using Passcode
New Device A Authorized Device B
P
Copy OOB channel
M = EncAE(Kses , RK)M
RK = DecAE(Kses , M)
Password-authenticated key agreement protocol (PAKE)
Kses
(Passcode)P
Kses
P
Local ChannelCloud storage
Channel
We implement using the Secure Remote Password protocol
![Page 10: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/10.jpg)
10
Problem: Updating encrypted file
<< File size
≈ File size
P- =Updated file Original file
E- =Encrypted updated file
Encrypted original file
![Page 11: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/11.jpg)
11
c
Encrypted Original file
Incremental synchronization
Updated file Original file Diff file
Encrypted diff file
decrypt
Diff file
+Original file Updated file
![Page 12: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/12.jpg)
12
Implementation
![Page 13: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/13.jpg)
13
Evaluation: Security Security evaluation using tool-supported formal
method (Scyther)
Key distribution using QR code
Key distribution using passcode
![Page 14: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/14.jpg)
14
Evaluation: Performance
WA - QRP AA - QRP WA - SRP AW - SRP AA - SRP0
10
20
30
40
50
60
70
Avg
Protocol execution time(seconds)
WA: Windows - AndroidAA : Android - AndroidAW: Android – Windows
QRP: Key dist using QR codeSRP: Key dist using passcode
![Page 15: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/15.jpg)
15
Evaluation: Usability
![Page 16: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/16.jpg)
16
Conclusion
Advantages: Client-side encryption utility with high-entropy keys Multiple platforms Intuitive key distribution mechanism.
Limitation: Incremental synchronization is not robust
Error-prone Double local storage capacity Calculating diff requires reading both revision at the same time.
File conflicts
![Page 17: Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep](https://reader033.vdocuments.mx/reader033/viewer/2022052707/5a4d1b497f8b9ab0599a4aad/html5/thumbnails/17.jpg)
17
Thank you