Toggle Main Menu Toggle Search

Open Access padlockePrints

How to Sync with Alice

Lookup NU author(s): Professor Feng Hao, Professor Peter Ryan

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

This paper explains the sync problem and compares solutions in Firefox 4 and Chrome 10. The sync problem studies how to securely synchronize data across different computers. Google has added a built-in sync function in Chrome 10, which uses a user-defined password to encrypt bookmarks, history, cached passwords etc. However, due to the low-entropy of passwords, the encryption is inherently weak anyone with access to the ciphertext can easily uncover the key (and hence disclose the plaintext). Mozilla used to have a very similar sync solution in Firefox 3.5, but since Firefox 4 it has made a complete change of how sync works in the browser. The new solution is based on a security protocol called J-PAKE, which is a balanced Password Authenticated Key Exchange (PAKE) protocol. To our best knowledge, this is the first large-scale deployment of the PAKE technology. Since PAKE does not require a PKI, it has compelling advantages than PKI-based schemes such as SSL/TLS in many applications. However, in the past decade, deploying PAKE has been greatly hampered by the patent and other issues. With the rise of patent-free solutions such as J-PAKE and also that the EKE patent will soon expire in October, 2011, we believe the PAKE technology will be more widely adopted in the near future.


Publication metadata

Author(s): Hao F, Ryan PYA

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Security Protocols XIX : 19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers

Year of Conference: 2011

Pages: 170-178

ISSN: 0302-9743

Publisher: Springer-Verlag

URL: http://dx.doi.org/10.1007/978-3-642-25867-1_16

DOI: 10.1007/978-3-642-25867-1_16

Library holdings: Search Newcastle University Library for this item

Series Editor(s): Lecture Notes in Computer Science

ISBN: 9783642258664


Share