ShadowFPE: new encrypted web application solution based on shadow DOM

Guo, Xiaojie, Huang, Yanyu, Ye, Jinhui, Yin, Sijie, Li, Min, Li, Zhaohui, Yiu, Siu-Ming and Cheng, Xiaochun ORCID: https://orcid.org/0000-0003-0371-9646 (2021) ShadowFPE: new encrypted web application solution based on shadow DOM. Mobile Networks and Applications, 26 (4) . pp. 1733-1746. ISSN 1383-469X [Article] (doi:10.1007/s11036-019-01509-y)

This is the latest version of this item.

Preview

PDF - Final accepted version (with author's formatting)
Download (3MB) | Preview

Official URL: https://doi.org/10.1007/s11036-019-01509-y

Abstract

Most of users hesitate to use third-party web applications because of security and privacy concerns. An ideal solution would be to allow apps to work with encrypted data, so that users might be more willing to provide just the encrypted version of their sensitive data. ShadowCrypt, proposed in CCS 2014, is the first and so far only solution that can achieve this by leveraging the encapsulation provided by Shadow DOM V0, without the need for the users to trust neither server nor client codes of web applications. Unfortunately, researchers have shown that ShadowCrypt is vulnerable to several attacks. Note that ShadowCrypt is no longer compliant to the updated W3C standard since 2015. Furthermore, some attacks on ShadowCrypt have been proposed. Hence, currently there is no effective and secure solution to guarantee the privacy of users. In this paper, we present ShadowFPE, a novel format-preserving encryption that makes use of a robust property in Shadow DOM to obtain a feasible solution. Compared with ShadowCrypt, ShadowFPE does not destroy the data format and makes the data usable in most of cloud web applications. We confirmed the effectiveness and security of ShadowFPE through case studies on web applications. Our results show that ShadowFPE is practical since it has low computational overhead and requires minimal modification in existing applications.

Item Type:	Article
Keywords (uncontrolled):	Format-preserving encryption, ShadowCrypt, data privacy, shadow DOM, encrypted web applications
Research Areas:	A. > School of Science and Technology > Computer Science
Item ID:	29576
Notes on copyright:	This is a post-peer-review, pre-copyedit version of an article published in Mobile Networks and Applications. The final authenticated version is available online at: https://doi.org/10.1007/s11036-019-01509-y
Useful Links:	Publisher Publisher's T&Cs Publication Middlesex University Expert Profile
Depositing User:	Xiaochun Cheng
Date Deposited:	16 Apr 2020 15:44
Last Modified:	29 Nov 2022 17:44
URI:	https://eprints.mdx.ac.uk/id/eprint/29576

Available Versions of this Item

ShadowFPE: new encrypted web application solution based on shadow DOM. (deposited 12 Mar 2020 14:43)
- ShadowFPE: new encrypted web application solution based on shadow DOM. (deposited 16 Apr 2020 15:44) [Currently Displayed]

Actions (login required)

View Item

Statistics

DownloadsShow export options

Activity Overview

6 month trend

98Downloads

6 month trend

131Hits

Additional statistics are available via IRStats2.

CORE (COnnecting REpositories)