Cloud Storage Systems: From Bad Practice to Practical Attacks
OPEN ACCESS
Author / Producer
Date
2022-03-06
Publication Type
Master Thesis
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
Cloud storage security gained significant importance in the last decades due to the vast amount of outsourced sensitive information. Increased privacy awareness has led more and more cloud operators to adopt end-to-end encryption, removing the necessity for customers to trust the providers for data confidentiality. We analyze the cryptographic design of Mega, a cloud storage provider storing over 1000 petabytes of data for more than 243 million users. This thesis contributes four severe attacks allowing a malicious service provider or man-in-the-middle adversary who compromises the TLS connection to break the confidentiality and integrity of user keys and files. We exploit the lack of ciphertext integrity of the encrypted and outsourced RSA private key and characteristics of RSA-CRT to perform a binary search for one prime factor of the RSA-2048 modulus and recover the secret key – with lattice-based optimizations – in 512 user login attempts. During a single login attempt, the second attack decrypts any key ciphertext and exploits key reuse and knowledge of the RSA key. Furthermore, the third attack allows an attacker to frame users by inserting new files indistinguishable from genuinely uploaded ones. Finally, the fourth attack contributes a new variant of Bleichenbacher’s attack on PKCS#1 v1.5 adapted for Mega’s custom padding scheme, which tolerates small unknown prefix values through a new guess-and-purge strategy. We discuss significant challenges introduced by Mega’s massive scale for a fundamental redesign of their architecture and suggest short-term and long-term countermeasures. We generalize our findings, examine the reasons for flawed cryptography in large-scale applications, and advocate for a cloud storage standard to improve the security and transparency of cloud providers in practice.
Permanent link
Publication status
published
External links
Editor
Contributors
Examiner : Paterson, Kenneth G.
Examiner: Backendal, Matilda
Book title
Journal / series
Volume
Pages / Article No.
Publisher
ETH Zurich
Event
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Cloud Storage; Key Management; Key Recovery Attacks; File-injection Attacks
Organisational unit
09653 - Paterson, Kenneth / Paterson, Kenneth