ShadowFPE: New Encrypted Web Application Solution Based on Shadow DOM,Mobile Networks and Applications

当前位置： X-MOL 学术 › Mobile Netw. Appl. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

ShadowFPE: New Encrypted Web Application Solution Based on Shadow DOM
Mobile Networks and Applications ( IF 2.3 ) Pub Date : 2020-02-22 , DOI: 10.1007/s11036-019-01509-y
Xiaojie Guo , Yanyu Huang , Jinhui Ye , Sijie Yin , Min Li , Zhaohui Li , Siu-Ming Yiu , Xiaochun Cheng

Abstract

Most of users hesitate to use third-party web applications because of security and privacy concerns. An ideal solution would be to allow apps to work with encrypted data, so that users might be more willing to provide just the encrypted version of their sensitive data. ShadowCrypt, proposed in CCS 2014, is the first and so far only solution that can achieve this by leveraging the encapsulation provided by Shadow DOM V0, without the need for the users to trust neither server nor client codes of web applications. Unfortunately, researchers have shown that ShadowCrypt is vulnerable to several attacks. Note that ShadowCrypt is no longer compliant to the updated W3C standard since 2015. Furthermore, some attacks on ShadowCrypt have been proposed. Hence, currently there is no effective and secure solution to guarantee the privacy of users. In this paper, we present ShadowFPE, a novel format-preserving encryption that makes use of a robust property in Shadow DOM to obtain a feasible solution. Compared with ShadowCrypt, ShadowFPE does not destroy the data format and makes the data usable in most of cloud web applications. We confirmed the effectiveness and security of ShadowFPE through case studies on web applications. Our results show that ShadowFPE is practical since it has low computational overhead and requires minimal modification in existing applications.

中文翻译：

ShadowFPE：基于Shadow DOM的新型加密Web应用程序解决方案

摘要

由于安全性和隐私问题，大多数用户都不愿使用第三方Web应用程序。理想的解决方案是允许应用处理加密数据，以便用户可能更愿意仅提供其敏感数据的加密版本。CCS 2014中提出的ShadowCrypt是迄今为止第一个也是唯一一个可以通过利用Shadow DOM V0提供的封装来实现此目的的解决方案，而无需用户信任Web应用程序的服务器或客户端代码。不幸的是，研究人员表明ShadowCrypt容易受到多种攻击。请注意，自2015年以来，ShadowCrypt不再兼容更新的W3C标准。此外，已提出对ShadowCrypt的一些攻击。因此，目前没有有效且安全的解决方案来保证用户的隐私。在本文中，我们介绍了ShadowFPE，这是一种新颖的格式保留加密，它利用Shadow DOM中的可靠属性来获得可行的解决方案。与ShadowCrypt相比，ShadowFPE不会破坏数据格式，并使数据在大多数云Web应用程序中可用。通过对Web应用程序的案例研究，我们证实了ShadowFPE的有效性和安全性。我们的结果表明ShadowFPE是实用的，因为它具有较低的计算开销，并且在现有应用程序中需要的修改最少。通过对Web应用程序的案例研究，我们证实了ShadowFPE的有效性和安全性。我们的结果表明ShadowFPE是实用的，因为它具有较低的计算开销，并且需要在现有应用程序中进行最少的修改。通过对Web应用程序的案例研究，我们证实了ShadowFPE的有效性和安全性。我们的结果表明ShadowFPE是实用的，因为它具有较低的计算开销，并且需要在现有应用程序中进行最少的修改。

更新日期：2020-03-07

点击分享查看原文

点击收藏

阅读更多本刊最新论文