Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • WOOT '12 Home
  • Organizers
  • Registration Information
  • Registration Discounts
  • Workshop Program
  • Co-located Workshops
  • Sponsors
  • Students
  • Help Promote
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor
General Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Web-based Attacks on Host-Proof Encrypted Storage
Tweet

connect with us

http://twitter.com/usenix
https://www.facebook.com/events/385528201466018/

Web-based Attacks on Host-Proof Encrypted Storage

Authors: 

Karthikeyan Bhargavan, INRIA; Antoine Delignat-Lavaud, ENS Cachan

Abstract: 

Cloud-based storage services, such as Wuala, and password managers, such as LastPass, are examples of socalled host-proof web applications that aim to protect users from attacks on the servers that host their data. To this end, user data is encrypted on the client and the server is used only as a backup data store. Authorized users may access their data through client-side software, but for ease of use, many commercial applications also offer browser-based interfaces that enable features such as remote access, form-filling, and secure sharing.

We describe a series of web-based attacks on popular host-proof applications that completely circumvent their cryptographic protections. Our attacks exploit standard web application vulnerabilities to expose flaws in the encryption mechanisms, authorization policies, and key management implemented by these applications. Our analysis suggests that host-proofing by itself is not enough to protect users from web attackers, who will simply shift their focus to flaws in client-side interfaces.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179513,
title = {Web-based Attacks on {Host-Proof} Encrypted Storage},
booktitle = {6th USENIX Workshop on Offensive Technologies (WOOT 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/woot12/workshop-program/presentation/bhargavan},
publisher = {USENIX Association},
month = aug,
}
Download
Bhargavan PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

Bronze Sponsors

General Sponsors

© USENIX

  • Privacy Policy
  • Contact Us