Collaborative Privacy for Web Applications

01/10/2019
by   Yihao Hu, et al.
0

Real-time, online-editing web apps provide free and convenient services for collaboratively editing, sharing and storing files. The benefits of these web applications do not come for free: not only do service providers have full access to the users' files, but they also control access, transmission, and storage mechanisms for them. As a result, user data may be at risk of data mining, third-party interception, or even manipulation. To combat this, we propose a new system for helping to preserve the privacy of user data within collaborative environments. There are several distinct challenges in producing such a system, including developing an encryption mechanism that does not interfere with the back-end (and often proprietary) control mechanisms utilized by the service, and identifying transparent code hooks through which to obfuscate user data. Toward the first challenge, we develop a character-level encryption scheme that is more resilient to the types of attacks that plague classical substitution ciphers. For the second challenge, we design a browser extension that robustly demonstrates the feasibility of our approach, and show a concrete implementation for Google Chrome and the widely-used Google Docs platform. Our example tangibly demonstrates how several users with a shared key can collaboratively and transparently edit a Google Docs document without revealing the plaintext directly to Google.

READ FULL TEXT

page 2

page 3

page 6

page 7

page 9

page 10

page 11

page 13

research
11/05/2021

Security and Privacy Perceptions of Third-Party Application Access for Google Accounts (Extended Version)

Online services like Google provide a variety of application programming...
research
06/01/2018

A Revision Control System for Image Editing in Collaborative Multimedia Design

Revision control is a vital component in the collaborative development o...
research
03/03/2021

Exploring Privacy Implications in OAuth Deployments

Single sign-on authentication systems such as OAuth 2.0 are widely used ...
research
02/26/2021

PASSAT: Single Password Authenticated Secret-Shared Intrusion-Tolerant Storage with Server Transparency

In this paper, we introduce PASSAT, a practical system to boost the secu...
research
04/17/2021

Blockchain-Enabled End-to-End Encryption for Instant Messaging Applications

In the era of social media and messaging applications, people are becomi...
research
08/31/2021

DLPFS: The Data Leakage Prevention FileSystem

Shared folders are still a common practice for granting third parties ac...
research
01/10/2019

EmPoWeb: Empowering Web Applications with Browser Extensions

Browser extensions are third party programs, tightly integrated to brows...

Please sign up or login with your details

Forgot password? Click here to reset