端到端加密文件同步系统的体系结构

2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises Pub Date : 2015-06-15 DOI:10.1109/WETICE.2015.30

Christian Hoffmann, Christoph Brand, Steffen Heinzl

{"title":"端到端加密文件同步系统的体系结构","authors":"Christian Hoffmann, Christoph Brand, Steffen Heinzl","doi":"10.1109/WETICE.2015.30","DOIUrl":null,"url":null,"abstract":"Users often utilize Dropbox and similar services to store their data in a cloud. They protect their data through encryption services offered by the cloud provider. But how reasonable is such a protection? The cloud provider is usually able to (at least theoretically) read the encrypted data, since he is the one holding the encryption keys. And even if you trust a cloud provider, what happens if the cloud provider is acquired by another company? Do you also trust the acquiring company? Global surveillance has become a daily issue, outlined by disclosures of files from the United States National Security Agency (NSA). To keep one's data protected from unauthorized access, a user optimally needs to trust as few other parties as possible. We should aim for a future, in which users are able to protect their data without having to trust the cloud provider who stores their data. This can be achieved by using strong, auditable client-side encryption. This paper presents a first step towards this goal. Starting from a basic requirement -- the principle of least privilege -- requirements are derived that again result in an architecture to build end-to-end-encrypted file synchronization systems. The resulting architecture's practical applicability is shown by a concrete implementation.","PeriodicalId":256616,"journal":{"name":"2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards an Architecture for End-to-End-Encrypted File Synchronization Systems\",\"authors\":\"Christian Hoffmann, Christoph Brand, Steffen Heinzl\",\"doi\":\"10.1109/WETICE.2015.30\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Users often utilize Dropbox and similar services to store their data in a cloud. They protect their data through encryption services offered by the cloud provider. But how reasonable is such a protection? The cloud provider is usually able to (at least theoretically) read the encrypted data, since he is the one holding the encryption keys. And even if you trust a cloud provider, what happens if the cloud provider is acquired by another company? Do you also trust the acquiring company? Global surveillance has become a daily issue, outlined by disclosures of files from the United States National Security Agency (NSA). To keep one's data protected from unauthorized access, a user optimally needs to trust as few other parties as possible. We should aim for a future, in which users are able to protect their data without having to trust the cloud provider who stores their data. This can be achieved by using strong, auditable client-side encryption. This paper presents a first step towards this goal. Starting from a basic requirement -- the principle of least privilege -- requirements are derived that again result in an architecture to build end-to-end-encrypted file synchronization systems. The resulting architecture's practical applicability is shown by a concrete implementation.\",\"PeriodicalId\":256616,\"journal\":{\"name\":\"2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WETICE.2015.30\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2015.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

用户经常使用Dropbox和类似的服务将他们的数据存储在云端。他们通过云提供商提供的加密服务来保护他们的数据。但是这样的保护有多合理呢?云提供商通常能够(至少在理论上)读取加密数据，因为他是持有加密密钥的一方。即使你信任一家云提供商，如果这家云提供商被另一家公司收购了怎么办?你也信任收购公司吗?美国国家安全局(NSA)披露的文件概述了全球监控已成为一个日常问题。为了保护自己的数据免受未经授权的访问，用户需要尽可能少地信任其他方。我们应该着眼于这样一个未来:用户能够保护他们的数据，而不必信任存储他们数据的云提供商。这可以通过使用强大的、可审计的客户端加密来实现。本文为实现这一目标迈出了第一步。从一个基本需求——最小特权原则——出发，推导出的需求再次导致构建端到端加密文件同步系统的体系结构。所得到的体系结构的实际适用性通过一个具体的实现来证明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards an Architecture for End-to-End-Encrypted File Synchronization Systems

Users often utilize Dropbox and similar services to store their data in a cloud. They protect their data through encryption services offered by the cloud provider. But how reasonable is such a protection? The cloud provider is usually able to (at least theoretically) read the encrypted data, since he is the one holding the encryption keys. And even if you trust a cloud provider, what happens if the cloud provider is acquired by another company? Do you also trust the acquiring company? Global surveillance has become a daily issue, outlined by disclosures of files from the United States National Security Agency (NSA). To keep one's data protected from unauthorized access, a user optimally needs to trust as few other parties as possible. We should aim for a future, in which users are able to protect their data without having to trust the cloud provider who stores their data. This can be achieved by using strong, auditable client-side encryption. This paper presents a first step towards this goal. Starting from a basic requirement -- the principle of least privilege -- requirements are derived that again result in an architecture to build end-to-end-encrypted file synchronization systems. The resulting architecture's practical applicability is shown by a concrete implementation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises

自引率

0.00%

发文量