1,416 research outputs found
PALPAS - PAsswordLess PAssword Synchronization
Tools that synchronize passwords over several user devices typically store
the encrypted passwords in a central online database. For encryption, a
low-entropy, password-based key is used. Such a database may be subject to
unauthorized access which can lead to the disclosure of all passwords by an
offline brute-force attack. In this paper, we present PALPAS, a secure and
user-friendly tool that synchronizes passwords between user devices without
storing information about them centrally. The idea of PALPAS is to generate a
password from a high entropy secret shared by all devices and a random salt
value for each service. Only the salt values are stored on a server but not the
secret. The salt enables the user devices to generate the same password but is
statistically independent of the password. In order for PALPAS to generate
passwords according to different password policies, we also present a mechanism
that automatically retrieves and processes the password requirements of
services. PALPAS users need to only memorize a single password and the setup of
PALPAS on a further device demands only a one-time transfer of few static data.Comment: An extended abstract of this work appears in the proceedings of ARES
201
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
There is a growing demand for cloud storage services such as Dropbox, Box,
Syncplicity and SugarSync. These public cloud storage services can store
gigabytes of corporate and personal data in remote data centres around the
world, which can then be synchronized to multiple devices. This creates an
environment which is potentially conducive to security incidents, data breaches
and other malicious activities. The forensic investigation of public cloud
environments presents a number of new challenges for the digital forensics
community. However, it is anticipated that end-devices such as smartphones,
will retain data from these cloud storage services. This research investigates
how forensic tools that are currently available to practitioners can be used to
provide a practical solution for the problems related to investigating cloud
storage environments. The research contribution is threefold. First, the
findings from this research support the idea that end-devices which have been
used to access cloud storage services can be used to provide a partial view of
the evidence stored in the cloud service. Second, the research provides a
comparison of the number of files which can be recovered from different
versions of cloud storage applications. In doing so, it also supports the idea
that amalgamating the files recovered from more than one device can result in
the recovery of a more complete dataset. Third, the chapter contributes to the
documentation and evidentiary discussion of the artefacts created from specific
cloud storage applications and different versions of these applications on iOS
and Android smartphones
Using smartphones as a proxy for forensic evidence contained in cloud storage services
Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community.
It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services
- …