Private Notes: Encrypted XML Notes Synchronization and Sharing with Untrusted Web Services

Size: px

Start display at page:

Download "Private Notes: Encrypted XML Notes Synchronization and Sharing with Untrusted Web Services"

Sharon Craig
5 years ago
Views:

1 Private Notes: Encrypted XML Notes Syncronization and Saring wit Untrusted Web Services iiwas :00 Paul Klingeluber, Rene Mayrofer University of Applied Sciences Upper Austria 1

2 Mobile note taking and syncronization Secure saring of notes Aim: Mobile notes saring Wat? Note taking is a part of daily life Meeting notes, sopping lists, notes to self, etc. How? Mobile devices appropriate because tey are wit te user But: entering on mobile is difficult syncronize Saring notes between users, e.g. family members René Mayrofer 2

text for ease of syncronization, conflict andling, etc.

3 Mobile note taking and syncronization Secure saring of notes Aim: Mobile notes saring Problem: Security and Privacy Notes often contain sensitive data Notes syncronized and stored in plain text for ease of syncronization, conflict andling, etc. Need to trust commercial services Issue of mobile device security (loss, teft, etc.) Client-side encryption of notes René Mayrofer 3

Syncronizing encrypted data Saring encrypted data Cross-platform interoperability Syncronizing encrypted notes Syncronization among devices of te same user Syncronization wit mobile devices and local

4 Syncronizing encrypted data Saring encrypted data Cross-platform interoperability Syncronizing encrypted notes Syncronization among devices of te same user Syncronization wit mobile devices and local cacing necessary because of disconnected operation Conflict resolution in encrypted form not possible Terefore we estimate minimal textual diffs between plaintext notes and replay to plaintext René Mayrofer 4

Syncronizing encrypted data Saring encrypted data Cross-platform interoperability Saring of encrypted notes Saring of notes between different users From a

5 Syncronizing encrypted data Saring encrypted data Cross-platform interoperability Saring of encrypted notes Saring of notes between different users From a security point of view, no common sared password possible? Different public/private keypairs In te general case, will not use te same syncronization server René Mayrofer 5

6 Syncronizing encrypted data Saring encrypted data Cross-platform interoperability Different (mobile) platforms Desktops/laptops Windows Linux MacOS/X Mobile devices ios Android and many more... René Mayrofer 6

7 Encryption Syncronization Saring Clients Options for notes encryption Option 1 Simple password-based encryption and integrity protection Only symmetric cryptograpy (AES, SHA-256) Encryption and decryption fast even on slow devices Option 2 OpenPGP standard for file en-/decryption René Mayrofer 7

8 Encryption Syncronization Saring Clients Syncronization via WebDAV Only assume standard WebDAV command set Servers provide storage, but are untrusted oterwise No active role in syncronization any WebDAV ok Client diff/merge Project provides free WebDAV service for notes syncronization René Mayrofer 8

Encryption Syncronization Saring Clients Saring via extended WebDAV Saring on a note basis every note can be sared wit a different set of users Instead of sared

9 Encryption Syncronization Saring Clients Saring via extended WebDAV Saring on a note basis every note can be sared wit a different set of users Instead of sared password, note is encrypted to set of OpenPGP public keys Dynamically created WebDAV URLs for sared notes note://tomboysare/ttps://x:y@myserver.com/sare1/ René Mayrofer 9

Encryption Syncronization Saring Clients Client implementations Tomboy add-in Tomdroid fork for Android Encryption of notes wit simple sceme and wit gnupg binary Note saring Editing of notes

10 Encryption Syncronization Saring Clients Client implementations Tomboy add-in Tomdroid fork for Android Encryption of notes wit simple sceme and wit gnupg binary Note saring Editing of notes Encryption of notes wit simple sceme Encryption of notes wit APG (OpenPGP for Android) 2-way syncronization Receiving sared notes Port to ipone under development, not yet finised René Mayrofer 10

11 Current work Peer-to-peer live syncronization between clients Based on XMPP (Jabber) messaging wit arbitrary XMPP servers and textual diffs Consider binary attacments to notes and compare e.g. wit git binary delta syncronization Pusing Tomdroid extensions to upstream autors (active again after a year of stagnation) René Mayrofer 11

12 Conclusions and Future outlook Private Notes supports encryption of notes bot on te device and on te server solves different treats Syncronization for te same and saring for different users based on standard WebDAV servers wit minimal extensions Clients available for desktop/laptop (Tomboy in.net) and Android (Tomdroid fork), ipone under development ttp://privatenotes.dyndnsserver.com René Mayrofer 12

Tank you for your attention! Slides: ttp://www.mayrofer.eu.

13 Tank you for your attention! Slides: ttp:// Later questions: OpenPGP keys: 0x249BC034 (new) and 0xC3C24BDE (old) 717A 033B BB45 A2B3 28CF B84B A1E5 2A7E 249B C034 7FE4 0DB5 61EC C645 B2F1 C847 ABB4 8F0D C3C2 4BDE 13

Security by Spatial Reference

Security by Spatial Reference : Using Relative Positioning to Authenticate Devices for Spontaneous Interaction Ubicomp 2007, Session D 18. September 2007, 12:00 Rene Mayrhofer, Hans Gellersen, Mike Hazas Lancaster University, UK 1