A client-based encryption model for secure data storing in publicly available storage systems

• Autorzy: Retinger Marek

Identyfikatory

DOI

10.7494/csci.2019.20.2.3188

• Języki publikacji: EN

Abstrakty

EN

This document presents a conceptual model of a system for protecting thedata stored in publicly available data storage systems. The main idea was toapply encryption on both the client and server sides that would consequentlyhave a significant impact on data security. The compatibility with existingsystems allows us to deploy the solution fast and at a low cost. The testsconducted on a simplified implementation have confirmed the solution’s validity,and they have shown some possible performance issues as compared to theclassical system (which can be easily bypassed).

Słowa kluczowe

EN

data storage; data protection; encryption; security

• Wydawca: Wydawnictwa AGH
• Czasopismo: Computer Science
• Rocznik: 2019
• Tom: Vol. 20 (2)
• Strony: 179--194
• Opis fizyczny: Bibliogr. 19 poz., rys., tab.

Twórcy

autor

Retinger Marek

• Poznan University of Technology, Institute of Control, Robotics and Information Engineering, ul. Piotrowo 3a, 60-965 Poznan, Poland

Bibliografia

• [1] Cairns K., Halpin H., Steel G.: Security Analysis of the W3C Web CryptographyAPI. In: Security Standardisation Research, pp. 112–140, Springer, 2016. https://doi.org/10.1007/978-3-319-49100-4_5.
• [2] Cebollero M., Natarajan J., Coles M.: Pro T-SQL Programmer’s Guide, Apress,2015. https://doi.org/10.1007/978-1-4842-0145-9.
• [3] Dell’Amico M., Michiardi P., Roudier Y.: Password Strength: An EmpiricalAnalysis. In: 2010 Proceedings IEEE INFOCOM, IEEE, 2010. https://doi.org/10.1109/infcom.2010.5461951.
• [4] Gaur T., Sharma D.: A Secure and Efficient Client-Side Encryption Scheme inCloud Computing, International Journal of Wireless and Microwave Technologies,vol. 6(1), pp. 23–33, 2016. https://doi.org/10.5815/ijwmt.2016.01.03.
• [5] Grocholewska-Czuryło A., Retinger M.: Secure cloud services – extended cryptographicmodel of data storage, Przeglad Elektrotechniczny, vol. 1(3), pp. 164–169,2018. https://doi.org/10.15199/48.2018.03.33.
• [6] Gupta S., Gupta B.B.: Cross-Site Scripting (XSS) attacks and defense mechanisms:classification and state-of-the-art. In: International Journal of System Assurance Engineering and Management, vol. 8(S1), pp. 512–530, 2015.https://doi.org/10.1007/s13198-015-0376-0.
• [7] Kaczmarczyk V., Bradác Z., Fiedler P., Arm J.: Client side data encryption/decryption for web application. In: IFAC-PapersOnLine, vol. 49(25),pp. 241–246, 2016. https://doi.org/10.1016/j.ifacol.2016.12.041.
• [8] Kaliski B.: PKCS #5: Password-Based Cryptography Specification Version 2.0,RFC 2898, 2000. https://doi.org/10.17487/RFC2898.
• [9] Laine M.: Client-Side Storage in Web Applications, Aalto University, 2012.
• [10] Layton R.: How the GDPR Compares to Best Practices for Privacy, Accountabilityand Trust, SSRN Electronic Journal, 2017. http://dx.doi.org/10.2139/ssrn.2944358.
• [11] Lee H.K., Malkin T., Nahum E.: Cryptographic strength of SSL/TLS servers.In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement – IMC ’07, ACM Press, 2007. http://dx.doi.org/10.1145/1298306.1298318.
• [12] Rahmani H., Sundararajan E., Ali Z.M., Zin A.M.: Encryption as a Service(EaaS) as a Solution for Cryptography in Cloud, Procedia Technology, vol. 11,pp. 1202–1210, 2013. http://dx.doi.org/10.1016/j.protcy.2013.12.314.
• [13] Rydstedt G., Bursztein E., Boneh D., Jackson C.: Busting frame busting: a study of clickjacking vulnerabilities on popular sites. In: In IEEE Oakland Web 2.0 Security and Privacy Workshop, p. 6. 2010.
• [14] Sankara Narayanan A.: Clickjacking Vulnerability and Countermeasures, International Journal of Applied Information Systems, vol. 4(7), pp. 7–10, 2012.http://dx.doi.org/10.5120/ijais12-450793.
• [15] Sivakorn S., Polakis I., Keromytis A.D.: The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 2016. http://dx.doi.org/10.1109/sp.2016.49.
• [16] Software – Avast PC Trends Report (Q3 2017), 2017. https://press.avast.com/hubfs/media-materials/kits/PC-trends-report-Q3-2017/avast_q3_2017_pc_trends_report.pdf.
• [17] Souza S.M.P.C., Puttini R.S.: Client-side Encryption for Privacy-sensitive Applicationson the Cloud, Procedia Computer Science, vol. 97, pp. 126–130, 2016.http://dx.doi.org/10.1016/j.procs.2016.08.289.
• [18] Stokłosa J., Bilski T., Pankowski T.: Bezpieczenstwo danych w systemach informatycznych,Wydawnictwo Naukowe PWN, 2001.
• [19] Zakas N.C.: High Performance JavaScript: Build Faster Web Application Interfaces.YAHOO PR, 2010. https://www.ebook.de/de/product/9283796/nicholas_c_zakas_high_performance_javascript_build_faster_web_application_interfaces.html.