research-article

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

Authors:

Christian Mainka,

Vladislav Mladenov,

Jörg SchwenkAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 835 - 848

https://doi.org/10.1145/3052973.3052982

Published: 02 April 2017 Publication History

Abstract

Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext -- and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts.

We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension.

We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/

References

[1]

L. Adkinson-Orellana, D. A. Rodrıguez-Silva, F. Gil-Castineira, and J. C. Burguillo-Rial. Privacy for google docs: Implementing a transparent encryption layer. In CloudViews, pages 20--21, 2010.

[2]

A. Barth. The Web Origin Concept. RFC 6454 (Proposed Standard), Dec. 2011. URL http://www.ietf.org/rfc/rfc6454.txt.

[3]

A. Barth, C. Jackson, and J. C. Mitchell. Securing frame communication in browsers. In USENIX Security, 2008.

Digital Library

[4]

M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography: The case of hashing and signing. In CRYPTO, pages 216--233. Springer, 1994.

Digital Library

[5]

T. Bray. The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7159 (Proposed Standard), Mar. 2014. URL http://www.ietf.org/rfc/rfc7159.txt.

[6]

T. Bray, F. Yergeau, E. Maler, J. Paoli, and M. Sperberg-McQueen. Extensible markup language (XML) 1.0 (fifth edition). W3C recommendation, W3C, Nov. 2008.

[7]

E. Buonanno, J. Katz, and M. Yung. Incremental unforgeable encryption. In FSE, pages 109--124. Springer, 2001.

Digital Library

[8]

M. Clear, K. Reid, D. Ennis, A. Hughes, and H. Tewari. Collaboration-preserving authenticated encryption for operational transformation systems. In ISC, pages 204--223. Springer, 2012.

Digital Library

[9]

G. D'Angelo, F. Vitali, and S. Zacchiroli. Content cloaking: preserving privacy with google docs and other web applications. In SAC, pages 826--830. ACM, 2010.

Digital Library

[10]

A. H. Davis, C. Sun, and J. Lu. Generalizing operational transformation to the standard general markup language. In CSCW, pages 58--67. ACM, 2002.

Digital Library

[11]

C. A. Ellis and S. J. Gibbs. Concurrency control in groupware systems. In SIGMOD, volume 18, pages 399--407. ACM, 1989.

Digital Library

[12]

A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten. SPORC: Group collaboration using untrusted cloud resources. In OSDI, pages 337--350, 2010.

Digital Library

[13]

I. Fette and A. Melnikov. The WebSocket Protocol. RFC 6455 (Proposed Standard), Dec. 2011. URL http://www.ietf.org/rfc/rfc6455.txt.

[14]

J. Gentle, N. Smith, and Others. ShareJS. https://github.com/share/ShareJS/tree/0.6. (Retrieved: October 2016).

[15]

P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart, and V. Shmatikov. Breaking web applications built on top of encrypted data. In CCS, pages 1353--1364. ACM, 2016.

Digital Library

[16]

F. Hirsch, T. Roessler, J. Reagle, and D. Eastlake. XML encryption syntax and processing version 1.1. W3C recommendation, W3C, Apr. 2013.

[17]

Y. Huang and D. Evans. Private editing using untrusted cloud services. In ICDCSW, pages 263--272. IEEE, 2011.

Digital Library

[18]

C.-L. Ignat and G. Oster. Peer-to-peer collaboration over xml documents. In CDVE. Springer, 2008.

Digital Library

[19]

C. L. Ignat, G. Oster, et al. Flexible reconciliation of xml documents in asynchronous editing. In ICEIS, pages 359--368, 2007.

[20]

M. Jones and J. Hildebrand. JSON Web Encryption (JWE). RFC 7516 (Proposed Standard), May 2015. URL http://www.ietf.org/rfc/rfc7516.txt.

[21]

H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational), Feb. 1997. URL http://www.ietf.org/rfc/rfc2104.txt. Updated by RFC 6151.

Digital Library

[22]

J. Li, M. N. Krohn, D. Mazières, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, page 9, 2004.

Digital Library

[23]

P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish. Depot: Cloud storage with minimal trust. In TOCS. ACM, 2011.

Digital Library

[24]

N. Mehta, J. Sicking, E. Graff, A. Popescu, J. Orlow, and J. Bell. Indexed database API. Recommendation, W3C, Jan. 2015.

[25]

R. C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, pages 369--378. Springer, 1987.

Digital Library

[26]

D. Micciancio. Oblivious data structures: applications to cryptography. In STOC, pages 456--464. ACM, 1997.

Digital Library

[27]

A. Michalas and M. Bakopoulos. SecGOD Google Docs: Now I feel safer! In ICITST. IEEE, 2012.

[28]

D. A. Nichols, P. Curtis, M. Dixon, and J. Lamping. High-latency, low-bandwidth windowing in the jupiter collaboration system. In UIST. ACM, 1995.

Digital Library

[29]

G. Oster, H. Skaf-Molli, P. Molli, H. Naja-Jazzar, et al. Supporting collaborative writing of xml documents. In ICEIS, pages 335--341, 2007.

[30]

R. A. Popa, E. Stark, S. Valdez, J. Helfer, N. Zeldovich, and H. Balakrishnan. Building web applications on top of encrypted data using mylar. In NSDI, pages 157--172, 2014.

Digital Library

[31]

M. Ressel, D. Nitsche-Ruhland, and R. Gunzenhauser. An integrating, transformation-oriented approach to concurrency control and undo in group editors. In phCSCW, pages 288--297. ACM, 1996.

Digital Library

[32]

A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. Venus: Verification for untrusted cloud storage. In CCSW. ACM, 2010.

Digital Library

[33]

C. Sun, X. Jia, Y. Zhang, Y. Yang, and D. Chen. Achieving convergence, causality preservation, and intention preservation in real-time cooperative editing systems. TOCHI, 5 (1): 63--108, 1998.

Digital Library

[34]

M. Watson. Web cryptography API. W3C recommendation, Jan. 2017.

[35]

WHATWG. Html -- posting messages. Online, https://html.spec.whatwg.org/#posting-messages, October 2015.

[36]

WHATWG. Dom -- mutation observers. Online, https://dom.spec.whatwg.org/#mutation-observers, May 2016.

[37]

C. Zhang, J. Jin, E.-C. Chang, and S. Mehrotra. Secure quasi-realtime collaborative editing over low-cost storage services. In SDM, pages 111--129. Springer, 2012.

Cited By

Arora SAtrey P(2021)Secure Collaborative Editing Using Secret Sharing2021 IEEE International Workshop on Information Forensics and Security (WIFS)10.1109/WIFS53200.2021.9648395(1-6)Online publication date: 7-Dec-2021
https://doi.org/10.1109/WIFS53200.2021.9648395
Kollmann SKleppmann MBeresford A(2019)Snapdoc: Authenticated snapshots with history privacy in peer-to-peer collaborative editingProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00442019:3(210-232)Online publication date: 12-Jul-2019
https://doi.org/10.2478/popets-2019-0044
Abusalem OCherif AImine A(2019)Towards Optimistic Access Control for Cloud-Based Collaborative Editors2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA47632.2019.9035245(1-8)Online publication date: Nov-2019
https://doi.org/10.1109/AICCSA47632.2019.9035245

Index Terms

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
1. Information systems
  1. Information systems applications
    1. Collaborative and social computing systems and tools

Recommendations

ID-based secret-key cryptography

This paper introduces ID-based secret-key cryptography, in which secret keys are privately and uniquely binded to an identity. This enables to extend public-key cryptography features at the high throughput rate of secret-key cryptography. As ...
SECRET: smartly EnCRypted energy efficient non-volatile memories
DAC '16: Proceedings of the 53rd Annual Design Automation Conference

Data persistence in emerging non-volatile memories (NVMs) poses a multitude of security vulnerabilities, motivating main memory encryption for data security. However, practical encryption algorithms demonstrate strong diffusion characteristics that ...
Secret Public Key Protocols Revisited
Security Protocols

Password-based protocols are important and popular means of providing human-to-machine authentication. The concept of secret public keys was proposed more than a decade ago as a means of securing password-based authentication protocols against off-line ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

European Commission
German Federal Ministry of Education and Research (BMBF)

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
197
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Arora SAtrey P(2021)Secure Collaborative Editing Using Secret Sharing2021 IEEE International Workshop on Information Forensics and Security (WIFS)10.1109/WIFS53200.2021.9648395(1-6)Online publication date: 7-Dec-2021
https://doi.org/10.1109/WIFS53200.2021.9648395
Kollmann SKleppmann MBeresford A(2019)Snapdoc: Authenticated snapshots with history privacy in peer-to-peer collaborative editingProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00442019:3(210-232)Online publication date: 12-Jul-2019
https://doi.org/10.2478/popets-2019-0044
Abusalem OCherif AImine A(2019)Towards Optimistic Access Control for Cloud-Based Collaborative Editors2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA47632.2019.9035245(1-8)Online publication date: Nov-2019
https://doi.org/10.1109/AICCSA47632.2019.9035245

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten