Toggle Main Menu Toggle Search

ePrints

How to Sync with Alice

Lookup NU author(s): Dr Feng Hao, Professor Peter Ryan

Downloads


Abstract

This paper explains the sync problem and compares solutions in Firefox 4 and Chrome 10. The sync problem studies how to securely synchronize data across different computers. Google has added a built-in sync function in Chrome 10, which uses a user-defined password to encrypt bookmarks, history, cached passwords etc. However, due to the low-entropy of passwords, the encryption is inherently weak -- anyone with access to the ciphertext can easily uncover the key (and hence disclose the plaintext). Mozilla used to have a very similar sync solution in Firefox 3.5, but since Firefox 4 it has made a complete change of how sync works in the browser. The new solution is based on a security protocol called J-PAKE, which is a balanced Password Authenticated Key Exchange(PAKE) protocol. To our best knowledge, this is the first large-scale deployment of the PAKE technology. Since PAKE does not require a PKI, it has compelling advantages than PKI-based schemes such as SSL/TLS in many applications. However, in the past decade, deploying PAKE has been greatly hampered by the patent and other issues. With the rise of patent-free solutions such as J-PAKE and also that the EKE patent will soon expire in October, 2011, we believe the PAKE technology will be more widely adopted in the near future.


Publication metadata

Author(s): Hao F, Ryan PYA

Publication type: Report

Series Title: School of Computing Science Technical Report Series

Year: 2011

Pages: 12

Source Publication Date: June 2011

Report Number: 1260

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne


Share