ABSTRACT
Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext -- and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts.
We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension.
We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/
- L. Adkinson-Orellana, D. A. Rodrıguez-Silva, F. Gil-Castineira, and J. C. Burguillo-Rial. Privacy for google docs: Implementing a transparent encryption layer. In CloudViews, pages 20--21, 2010.Google Scholar
- A. Barth. The Web Origin Concept. RFC 6454 (Proposed Standard), Dec. 2011. URL http://www.ietf.org/rfc/rfc6454.txt.Google Scholar
- A. Barth, C. Jackson, and J. C. Mitchell. Securing frame communication in browsers. In USENIX Security, 2008. Google ScholarDigital Library
- M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography: The case of hashing and signing. In CRYPTO, pages 216--233. Springer, 1994. Google ScholarDigital Library
- T. Bray. The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7159 (Proposed Standard), Mar. 2014. URL http://www.ietf.org/rfc/rfc7159.txt.Google Scholar
- T. Bray, F. Yergeau, E. Maler, J. Paoli, and M. Sperberg-McQueen. Extensible markup language (XML) 1.0 (fifth edition). W3C recommendation, W3C, Nov. 2008.Google Scholar
- E. Buonanno, J. Katz, and M. Yung. Incremental unforgeable encryption. In FSE, pages 109--124. Springer, 2001. Google ScholarDigital Library
- M. Clear, K. Reid, D. Ennis, A. Hughes, and H. Tewari. Collaboration-preserving authenticated encryption for operational transformation systems. In ISC, pages 204--223. Springer, 2012. Google ScholarDigital Library
- G. D'Angelo, F. Vitali, and S. Zacchiroli. Content cloaking: preserving privacy with google docs and other web applications. In SAC, pages 826--830. ACM, 2010. Google ScholarDigital Library
- A. H. Davis, C. Sun, and J. Lu. Generalizing operational transformation to the standard general markup language. In CSCW, pages 58--67. ACM, 2002. Google ScholarDigital Library
- C. A. Ellis and S. J. Gibbs. Concurrency control in groupware systems. In SIGMOD, volume 18, pages 399--407. ACM, 1989. Google ScholarDigital Library
- A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten. SPORC: Group collaboration using untrusted cloud resources. In OSDI, pages 337--350, 2010. Google ScholarDigital Library
- I. Fette and A. Melnikov. The WebSocket Protocol. RFC 6455 (Proposed Standard), Dec. 2011. URL http://www.ietf.org/rfc/rfc6455.txt.Google Scholar
- J. Gentle, N. Smith, and Others. ShareJS. https://github.com/share/ShareJS/tree/0.6. (Retrieved: October 2016).Google Scholar
- P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart, and V. Shmatikov. Breaking web applications built on top of encrypted data. In CCS, pages 1353--1364. ACM, 2016. Google ScholarDigital Library
- F. Hirsch, T. Roessler, J. Reagle, and D. Eastlake. XML encryption syntax and processing version 1.1. W3C recommendation, W3C, Apr. 2013.Google Scholar
- Y. Huang and D. Evans. Private editing using untrusted cloud services. In ICDCSW, pages 263--272. IEEE, 2011. Google ScholarDigital Library
- C.-L. Ignat and G. Oster. Peer-to-peer collaboration over xml documents. In CDVE. Springer, 2008. Google ScholarDigital Library
- C. L. Ignat, G. Oster, et al. Flexible reconciliation of xml documents in asynchronous editing. In ICEIS, pages 359--368, 2007.Google Scholar
- M. Jones and J. Hildebrand. JSON Web Encryption (JWE). RFC 7516 (Proposed Standard), May 2015. URL http://www.ietf.org/rfc/rfc7516.txt.Google Scholar
- H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational), Feb. 1997. URL http://www.ietf.org/rfc/rfc2104.txt. Updated by RFC 6151. Google ScholarDigital Library
- J. Li, M. N. Krohn, D. Mazières, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, page 9, 2004. Google ScholarDigital Library
- P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish. Depot: Cloud storage with minimal trust. In TOCS. ACM, 2011. Google ScholarDigital Library
- N. Mehta, J. Sicking, E. Graff, A. Popescu, J. Orlow, and J. Bell. Indexed database API. Recommendation, W3C, Jan. 2015.Google Scholar
- R. C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, pages 369--378. Springer, 1987. Google ScholarDigital Library
- D. Micciancio. Oblivious data structures: applications to cryptography. In STOC, pages 456--464. ACM, 1997. Google ScholarDigital Library
- A. Michalas and M. Bakopoulos. SecGOD Google Docs: Now I feel safer! In ICITST. IEEE, 2012.Google Scholar
- D. A. Nichols, P. Curtis, M. Dixon, and J. Lamping. High-latency, low-bandwidth windowing in the jupiter collaboration system. In UIST. ACM, 1995. Google ScholarDigital Library
- G. Oster, H. Skaf-Molli, P. Molli, H. Naja-Jazzar, et al. Supporting collaborative writing of xml documents. In ICEIS, pages 335--341, 2007.Google Scholar
- R. A. Popa, E. Stark, S. Valdez, J. Helfer, N. Zeldovich, and H. Balakrishnan. Building web applications on top of encrypted data using mylar. In NSDI, pages 157--172, 2014. Google ScholarDigital Library
- M. Ressel, D. Nitsche-Ruhland, and R. Gunzenhauser. An integrating, transformation-oriented approach to concurrency control and undo in group editors. In phCSCW, pages 288--297. ACM, 1996. Google ScholarDigital Library
- A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. Venus: Verification for untrusted cloud storage. In CCSW. ACM, 2010. Google ScholarDigital Library
- C. Sun, X. Jia, Y. Zhang, Y. Yang, and D. Chen. Achieving convergence, causality preservation, and intention preservation in real-time cooperative editing systems. TOCHI, 5 (1): 63--108, 1998. Google ScholarDigital Library
- M. Watson. Web cryptography API. W3C recommendation, Jan. 2017.Google Scholar
- WHATWG. Html -- posting messages. Online, https://html.spec.whatwg.org/#posting-messages, October 2015.Google Scholar
- WHATWG. Dom -- mutation observers. Online, https://dom.spec.whatwg.org/#mutation-observers, May 2016.Google Scholar
- C. Zhang, J. Jin, E.-C. Chang, and S. Mehrotra. Secure quasi-realtime collaborative editing over low-cost storage services. In SDM, pages 111--129. Springer, 2012.Google ScholarCross Ref
Index Terms
- SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
Recommendations
ID-based secret-key cryptography
This paper introduces ID-based secret-key cryptography, in which secret keys are privately and uniquely binded to an identity. This enables to extend public-key cryptography features at the high throughput rate of secret-key cryptography. As ...
SECRET: smartly EnCRypted energy efficient non-volatile memories
DAC '16: Proceedings of the 53rd Annual Design Automation ConferenceData persistence in emerging non-volatile memories (NVMs) poses a multitude of security vulnerabilities, motivating main memory encryption for data security. However, practical encryption algorithms demonstrate strong diffusion characteristics that ...
Secret Public Key Protocols Revisited
Security ProtocolsPassword-based protocols are important and popular means of providing human-to-machine authentication. The concept of secret public keys was proposed more than a decade ago as a means of securing password-based authentication protocols against off-line ...
Comments