Talks and Poster Presentations (with Proceedings-Entry):
M. Mulazzani, S. Schrittwieser, M. Huber, M. Leithner, E. Weippl:
"Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space";
Talk: Usenix Security Symposium,
- 2011-08-12; in: "Proceedings of 20th USENIX Security Symposium",
During the past few years, a vast number of online ﬁle storage services have been introduced. While several of these services provide basic functionality such as uploading and retrieving ﬁles by a speciﬁc user, more advanced services offer features such as shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. Within this paper we give an overview of existing ﬁle storage services and examine Dropbox, an advanced ﬁle storage solution, in depth. We analyze the Dropbox client software as well as its transmission protocol, show weaknesses and outline possible attack vectors against users. Based on our results we show that Dropbox is used to store copyright-protected ﬁles from a popular ﬁlesharing network. Furthermore Dropbox can be exploited to hide ﬁles in the cloud with unlimited storage capacity. We deﬁne this as online slack space. We conclude by discussing security improvements for modern online storage services in general, and Dropbox in particular. To prevent our attacks cloud storage operators should employ data possession proofs on clients, a technique which has been recently discussed only in the context of assessing trust in cloud storage operators.
cloud storage, security, privacy, attacks, forensics
Electronic version of the publication:
Created from the Publication Database of the Vienna University of Technology.