Collaborative Privacy for Web Applications

Real-time, online-editing web apps provide free and convenient services for collaboratively editing, sharing and storing files. The benefits of these web applications do not come for free: not only do service providers have full access to the users’ files, but they also control access, transmission, and storage mechanisms for them. As a result, user data may be at risk of data mining, third-party interception, or even manipulation. To combat this, we propose a new system for helping to preserve the privacy of user data within collaborative environments. There are several distinct challenges in producing such a system, including developing an encryption mechanism that does not interfere with the back-end (and often proprietary) control mechanisms utilized by the service, and identifying transparent code hooks through which to obfuscate user data. Toward the first challenge, we develop a character-level encryption scheme that is more resilient to the types of attacks that plague classical substitution ciphers. For the second challenge, we design a browser extension that robustly demonstrates the feasibility of our approach, and show a concrete implementation for Google Chrome and the widely-used Google Docs platform. Our example tangibly demonstrates how several users with a shared key can collaboratively and transparently edit a Google Docs document without revealing the plaintext directly to Google.

[1]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[2]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[3]  M. Hall,et al.  Combinatorial Analysis and Computers , 1965 .

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[6]  Wenke Lee,et al.  Mimesis Aegis: A Mimicry Privacy Shield-A System's Approach to Data Privacy on Public Cloud , 2014, USENIX Security Symposium.

[7]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[8]  D. H. Lehmer Teaching combinatorial tricks to a computer , 1960 .

[9]  Robert Sedgewick,et al.  Permutation Generation Methods , 1977, CSUR.

[10]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[11]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[12]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[13]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[14]  H. Feistel Cryptography and Computer Privacy , 1973 .

[15]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[16]  Daniel Zappala,et al.  Layering Security at Global Control Points to Secure Unmodified Software , 2017, 2017 IEEE Cybersecurity Development (SecDev).