OmniShare: Encrypted Cloud Storage for the Multi-Device Era

Two attractive features of cloud storage services are (1) the automatic synchronization of files between multiple devices and (2) the possibility of sharing files with other users. However, many users are concerned about the security and privacy of data stored in the cloud. Client-side encryption is an effective safeguard, but it requires all client devices to have the decryption key. Current solutions derive these keys from user-chosen passwords, which are easily guessed. We present OmniShare, the first scheme to combine strong client-side encryption with intuitive key distribution mechanisms to enable access from multiple client devices and sharing between users. OmniShare uses a novel combination of out-of-band channels (including QR codes and ultrasonic communication), as well as the cloud storage service itself, to authenticate new devices. We describe the design and implementation of OmniShare and explain how we evaluated its security (using formal methods), its performance (benchmarks), and its usability (cognitive walkthrough).

[1]  Paul Stephens,et al.  A cognitive walkthrough of Autopsy Forensic Browser , 2009, Inf. Manag. Comput. Secur..

[2]  Ahmad-Reza Sadeghi,et al.  OmniShare: Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices , 2015, ArXiv.

[3]  Si Chen,et al.  ${\ssr{PriWhisper}}$ : Enabling Keyless Secure Acoustic Communication for Smartphones , 2014, IEEE Internet of Things Journal.

[4]  J. A. Clark,et al.  Modelling user-phishing interaction , 2008, 2008 Conference on Human System Interactions.

[5]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[6]  Jeremy Clark,et al.  Usability of anonymous web browsing: an examination of Tor interfaces and deployability , 2007, SOUPS '07.

[7]  Sunghyun Choi,et al.  Chirp signal-based aerial acoustic communication for smart devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[8]  Cathleen Wharton,et al.  The cognitive walkthrough method: a practitioner's guide , 1994 .

[9]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[10]  Sadie Creese,et al.  Guidelines for usable cybersecurity: Past and present , 2011, 2011 Third International Workshop on Cyberspace Safety and Security (CSS).

[11]  Christopher Soghoian,et al.  Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era , 2009, J. Telecommun. High Technol. Law.

[12]  Charles E. Cook,et al.  Linear FM Signal Formats for Beacon and Communication Systems , 1974, IEEE Transactions on Aerospace and Electronic Systems.

[13]  Tommaso Melodia,et al.  U-Wear: Software-Defined Ultrasonic Networking for Wearable Devices , 2015, MobiSys.

[14]  Guoliang Xue,et al.  The Power of Whispering: Near Field Assertions via Acoustic Communications , 2015, AsiaCCS.

[15]  Adrian Perrig,et al.  SafeSlinger: easy-to-use and secure public-key exchange , 2013, MobiCom.

[16]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.