How to Sync with Alice
This paper explains the sync problem and compares solutions in Firefox 4 and Chrome 10. The sync problem studies how to securely synchronize data across different computers. Google has added a built-in sync function in Chrome 10, which uses a user-defined password to encrypt bookmarks, history, cached passwords etc. However, due to the low-entropy of passwords, the encryption is inherently weak – anyone with access to the ciphertext can easily uncover the key (and hence disclose the plaintext). Mozilla used to have a very similar sync solution in Firefox 3.5, but since Firefox 4 it has made a complete change of how sync works in the browser. The new solution is based on a security protocol called J-PAKE, which is a balanced Password Authenticated Key Exchange (PAKE) protocol. To our best knowledge, this is the first large-scale deployment of the PAKE technology. Since PAKE does not require a PKI, it has compelling advantages than PKI-based schemes such as SSL/TLS in many applications. However, in the past decade, deploying PAKE has been greatly hampered by the patent and other issues. With the rise of patent-free solutions such as J-PAKE and also that the EKE patent will soon expire in October, 2011, we believe the PAKE technology will be more widely adopted in the near future.
KeywordsSecurity Protocol Dictionary Attack Secret Code Knowledge Proof Active Attacker
Unable to display preview. Download preview PDF.
- 3.Dropbox, http://www.dropbox.com
- 4.Official SRP, http://srp.stanford.edu/
- 5.Bellovin, S., Merritt, M.: Encrypted Key Exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy (May 1992)Google Scholar
- 6.Bellovin, S., Merritt, M.: Cryptographic protocol for secure communications, U.S. Patent 5,241,599Google Scholar
- 8.Jablon, D.: Cryptographic methods for remote authentication, U.S. Patent 6,226,383 (March 1997)Google Scholar
- 9.Jaspan, B.: Dual-workfactor Encrypted Key Exchange: efficiently preventing password chaining and dictionary attacks. In: Proceedings of the Sixth Annual USENIX Security Conference, pp. 43–50 (July 1996)Google Scholar
- 10.IEEE P1363.2 Working Group, P1363.2: Standard Specifications for Password-Based Public-Key Cryptographic Techniques, draft available at http://grouper.ieee.org/groups/1363/
- 12.Hao, F.: On small subgroup non-confinement attacks. In: Proceedings of the 10th IEEE International Conference on Computer and Information Technology, CIT 2010, pp. 1022–1025 (2010)Google Scholar