[Paper Summary] Implementing Secure Web-Based Cloud Services Using Client-Side Encryption

News 2023-04-17 07:40:12 views: null

Secure web-based cloud services using client-side encryption

introduce

This is a paper from CCSW2020. The full name of CCSW is Cloud Computing Security Workshop, which is the top meeting of cloud computing security. The authors are Martin Johns and Alexandra Dirksen

overview

Since the use of client-side encryption cannot be translated to cloud applications on the Web, this paper proposes a built-in end-to-end component, CRYPTOMEMBANES, which can provide an isolation layer between client-side encrypted user data and untrusted JavaScript. At the same time, the authors propose the feasibility of implementing CRYPTOMEMBRANES using existing methods. The way to implement CRYPTOMEMBRANES is to use CMEMBRANEELEMENTS. In addition, the author also proposed the feasibility of reproducing the method implemented by browsers, that is, using the browser plug-in EXTENSIONMEEMBRANES.

Pre-knowledge

DOM: DOM is the abbreviation of Document Object Model, a standard interface specification formulated by W3C, and a standard API for processing HTML and XML files. DOM provides a standard way to access and manipulate HTML documents, expressing HTML documents in a tree structure. DOM parses an HTML document into a structured collection of nodes and objects (objects containing properties and methods). Through the DOM, developers can use scripts to dynamically create, access, and modify the content and structure of documents.

CRYPTOMEMBANES

main idea

The core of CRYPTOMEMBRANES is based on CMEMBRANEELMENTS instead of conventional DOM elements, such as using div elements instead of cryptoFIV elements.

structure

The backend of the database stores encrypted data. The cloud application queries the database to obtain user data and compiles it into encrypted HTML/JavaScript/JSON content. The web browser presents the HTML/JavaScript of the cloud application and provides a user interface. The client-side encryption and decryption mechanism and key storage unit decrypt incoming data and encrypt outgoing HTTP traffic. To protect the decrypted value from malicious JavaScript, the data is saved in CMEMBRANEELMENTS in the browser.

To put it simply, there is a proprietary unit in the browser. When the browser receives the proprietary unit and transmits encrypted data, it first decrypts the interface presented to the user. First, the cloud application queries the content of the database and parses it into encrypted HTML/JavaScript/JSON content. Then, the web browser receives the content and decrypts it with a dedicated unit. The decrypted result is stored in CMEMBRANEELMENTS and presented to users see. At the same time, the user key is used for encryption, and the encrypted result is presented to JavaScript.
insert image description here

CMEMBRANEELMENTS

It corresponds to the corresponding DOM elements in terms of form, API, and function. It has two forms of values: encrypted data and unencrypted data. The unencrypted value is presented to the user through the browser UI, and the encrypted value is encapsulated in the website. In the JavaScript value, if one of the two values ​​changes, the other value will be updated accordingly. The website's JavaScript does not have access to unencrypted values.
insert image description here

CMEMBRANEELMENTS data form

1. Data output form (presented to the user):

Use the key with ID 123 to decrypt, the decrypted algorithm is OrderPreserving, and the encrypted value is "AB34CEA23..."

<CryptoDIV CMKeyID= " 123 " CMAlgID= "OrderPreserving ">

AB34CEA23...

< / CryptoDIV >

2. Data input form (rendered to JavaScript):

Use the key whose id is 345 to encrypt the data, and the encrypted data is obtained through the DOM API, so when JavaScript requests the DOM API to obtain the corresponding HTML form, it will also carry the encrypted value.

<CryptoINPUT Type= " text " Name= " confinput " CMKeyID= "345 " CMAlgID= " Deterministic ">

EXTENSIONMEMBRANES

EXTENSIONMEMBRANES is an extension that replaces CMEMBRANEELMENTS with the current browser, so that it can be used in current mainstream browsers without being noticed by users. The relevant process is as follows:
insert image description here
the method is to rewrite the incoming HTML source code immediately before passing it to the rendering engine, as follows:

The following CMembraneElement..:

<CryptoDIV ID=" CM1 " CMKeyID= " 911 " CMAlgID= "Deterministic ">
AB34CEA23...
< / CryptoDIV >

... will be rewritten into:
<DIV rel-crypto= " cryptodiv " ID=" CM1 " CMKeyID= " 911 "CMAlgID= " Deterministic ">
AB34CEA23...
< /DIV >

Guess you like

Origin blog.csdn.net/Ohh24/article/details/130054892
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com