skip to main content
10.1145/3052973.3052982acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

Published: 02 April 2017 Publication History

Abstract

Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext -- and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts.
We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension.
We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/

References

[1]
L. Adkinson-Orellana, D. A. Rodrıguez-Silva, F. Gil-Castineira, and J. C. Burguillo-Rial. Privacy for google docs: Implementing a transparent encryption layer. In CloudViews, pages 20--21, 2010.
[2]
A. Barth. The Web Origin Concept. RFC 6454 (Proposed Standard), Dec. 2011. URL http://www.ietf.org/rfc/rfc6454.txt.
[3]
A. Barth, C. Jackson, and J. C. Mitchell. Securing frame communication in browsers. In USENIX Security, 2008.
[4]
M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography: The case of hashing and signing. In CRYPTO, pages 216--233. Springer, 1994.
[5]
T. Bray. The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7159 (Proposed Standard), Mar. 2014. URL http://www.ietf.org/rfc/rfc7159.txt.
[6]
T. Bray, F. Yergeau, E. Maler, J. Paoli, and M. Sperberg-McQueen. Extensible markup language (XML) 1.0 (fifth edition). W3C recommendation, W3C, Nov. 2008.
[7]
E. Buonanno, J. Katz, and M. Yung. Incremental unforgeable encryption. In FSE, pages 109--124. Springer, 2001.
[8]
M. Clear, K. Reid, D. Ennis, A. Hughes, and H. Tewari. Collaboration-preserving authenticated encryption for operational transformation systems. In ISC, pages 204--223. Springer, 2012.
[9]
G. D'Angelo, F. Vitali, and S. Zacchiroli. Content cloaking: preserving privacy with google docs and other web applications. In SAC, pages 826--830. ACM, 2010.
[10]
A. H. Davis, C. Sun, and J. Lu. Generalizing operational transformation to the standard general markup language. In CSCW, pages 58--67. ACM, 2002.
[11]
C. A. Ellis and S. J. Gibbs. Concurrency control in groupware systems. In SIGMOD, volume 18, pages 399--407. ACM, 1989.
[12]
A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten. SPORC: Group collaboration using untrusted cloud resources. In OSDI, pages 337--350, 2010.
[13]
I. Fette and A. Melnikov. The WebSocket Protocol. RFC 6455 (Proposed Standard), Dec. 2011. URL http://www.ietf.org/rfc/rfc6455.txt.
[14]
J. Gentle, N. Smith, and Others. ShareJS. https://github.com/share/ShareJS/tree/0.6. (Retrieved: October 2016).
[15]
P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart, and V. Shmatikov. Breaking web applications built on top of encrypted data. In CCS, pages 1353--1364. ACM, 2016.
[16]
F. Hirsch, T. Roessler, J. Reagle, and D. Eastlake. XML encryption syntax and processing version 1.1. W3C recommendation, W3C, Apr. 2013.
[17]
Y. Huang and D. Evans. Private editing using untrusted cloud services. In ICDCSW, pages 263--272. IEEE, 2011.
[18]
C.-L. Ignat and G. Oster. Peer-to-peer collaboration over xml documents. In CDVE. Springer, 2008.
[19]
C. L. Ignat, G. Oster, et al. Flexible reconciliation of xml documents in asynchronous editing. In ICEIS, pages 359--368, 2007.
[20]
M. Jones and J. Hildebrand. JSON Web Encryption (JWE). RFC 7516 (Proposed Standard), May 2015. URL http://www.ietf.org/rfc/rfc7516.txt.
[21]
H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational), Feb. 1997. URL http://www.ietf.org/rfc/rfc2104.txt. Updated by RFC 6151.
[22]
J. Li, M. N. Krohn, D. Mazières, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, page 9, 2004.
[23]
P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish. Depot: Cloud storage with minimal trust. In TOCS. ACM, 2011.
[24]
N. Mehta, J. Sicking, E. Graff, A. Popescu, J. Orlow, and J. Bell. Indexed database API. Recommendation, W3C, Jan. 2015.
[25]
R. C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, pages 369--378. Springer, 1987.
[26]
D. Micciancio. Oblivious data structures: applications to cryptography. In STOC, pages 456--464. ACM, 1997.
[27]
A. Michalas and M. Bakopoulos. SecGOD Google Docs: Now I feel safer! In ICITST. IEEE, 2012.
[28]
D. A. Nichols, P. Curtis, M. Dixon, and J. Lamping. High-latency, low-bandwidth windowing in the jupiter collaboration system. In UIST. ACM, 1995.
[29]
G. Oster, H. Skaf-Molli, P. Molli, H. Naja-Jazzar, et al. Supporting collaborative writing of xml documents. In ICEIS, pages 335--341, 2007.
[30]
R. A. Popa, E. Stark, S. Valdez, J. Helfer, N. Zeldovich, and H. Balakrishnan. Building web applications on top of encrypted data using mylar. In NSDI, pages 157--172, 2014.
[31]
M. Ressel, D. Nitsche-Ruhland, and R. Gunzenhauser. An integrating, transformation-oriented approach to concurrency control and undo in group editors. In phCSCW, pages 288--297. ACM, 1996.
[32]
A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. Venus: Verification for untrusted cloud storage. In CCSW. ACM, 2010.
[33]
C. Sun, X. Jia, Y. Zhang, Y. Yang, and D. Chen. Achieving convergence, causality preservation, and intention preservation in real-time cooperative editing systems. TOCHI, 5 (1): 63--108, 1998.
[34]
M. Watson. Web cryptography API. W3C recommendation, Jan. 2017.
[35]
WHATWG. Html -- posting messages. Online, https://html.spec.whatwg.org/#posting-messages, October 2015.
[36]
WHATWG. Dom -- mutation observers. Online, https://dom.spec.whatwg.org/#mutation-observers, May 2016.
[37]
C. Zhang, J. Jin, E.-C. Chang, and S. Mehrotra. Secure quasi-realtime collaborative editing over low-cost storage services. In SDM, pages 111--129. Springer, 2012.

Cited By

View all
  • (2021)Secure Collaborative Editing Using Secret Sharing2021 IEEE International Workshop on Information Forensics and Security (WIFS)10.1109/WIFS53200.2021.9648395(1-6)Online publication date: 7-Dec-2021
  • (2019)Snapdoc: Authenticated snapshots with history privacy in peer-to-peer collaborative editingProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00442019:3(210-232)Online publication date: 12-Jul-2019
  • (2019)Towards Optimistic Access Control for Cloud-Based Collaborative Editors2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA47632.2019.9035245(1-8)Online publication date: Nov-2019

Index Terms

  1. SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
    April 2017
    952 pages
    ISBN:9781450349444
    DOI:10.1145/3052973
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 02 April 2017

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. JSON
    2. XML encryption
    3. collaborative editing
    4. operational transforms
    5. structure preserving encryption

    Qualifiers

    • Research-article

    Funding Sources

    • European Commission
    • German Federal Ministry of Education and Research (BMBF)

    Conference

    ASIA CCS '17
    Sponsor:

    Acceptance Rates

    ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;
    Overall Acceptance Rate 418 of 2,322 submissions, 18%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)16
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 28 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)Secure Collaborative Editing Using Secret Sharing2021 IEEE International Workshop on Information Forensics and Security (WIFS)10.1109/WIFS53200.2021.9648395(1-6)Online publication date: 7-Dec-2021
    • (2019)Snapdoc: Authenticated snapshots with history privacy in peer-to-peer collaborative editingProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00442019:3(210-232)Online publication date: 12-Jul-2019
    • (2019)Towards Optimistic Access Control for Cloud-Based Collaborative Editors2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA47632.2019.9035245(1-8)Online publication date: Nov-2019

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media