Inhalt des Dokuments
Es gibt keine deutsche Übersetzung dieser Webseite.
Master Thesis: Design and Development of an Attribute-Based Encryption Client for Web Browsers
Design and Development of an Attribute-Based Encryption Client for Web Browsers
There is a growing need to share data securely. Attribute-Based Encryption (ABE) offers users the ability to encrypt data while allowing for fine-grained access control. Messages are encrypted using an access policy. A private key containing attributes is needed to be able to decrypt ABE files. The decryption is only successful if the attributes in a private key satisfy the access policy. The Entrance system realizes an architecture that adds the ability of retroactively granting and revoking attributes to a private key. Neither the private key nor the ciphertext need to be recreated in order to do that. The system relies on data storage in a Distributed Hash Table (DHT). The goal of the thesis was to build an ABE client that is able to utilize the capabilities of Entrance. Browsers are an ideal target platform, since they are ubiquitous and applications written for them can be deployed without requiring a user to install anything. Several browser technologies have been evaluated to that end. WebAssembly was chosen as the platform to build the client. The exceptional portability properties, through being supported by every major browser and the ability to have nearly native performance led to that decision. During the implementation a limitation of current browsers has been found. A client of the Entrance system is required to communicate with a DHT. The two major DHTs have been built with UDP in mind. Current browsers do not allow the utilization of UDP sockets. The solution was to add a proxy component that has to be set up separately. The component only relays data without manipulating it in any way. Changing the architecture could result in additional vulnerabilities which is why a threat analysis was performed. The addition of the proxy solely leads to threats that can be mitigated. The client itself can be attacked in a way that is not easily preventable without specific hardware support. The performance of the client has also been evaluated. Despite the claims that WebAssembly runs at near native performance a direct comparison revealed a 97% slowdown when switching to WebAssembly. Still, even on a smartphone the client is able to decrypt ABE files in a reasonable amount of time when limiting the complexity of the access policy.
Supervisor: Dirk Thatmann
Type: Master Thesis
Duration: 6 months
10587 Berlin, Germany
Phone: +49 30 8353 58811
Fax: +49 30 8353 58409