HTTP Cookies: Standards, privacy, and politics
ACM Transactions on Internet Technology (TOIT)
Remembrance of Data Passed: A Study of Disk Sanitization Practices
IEEE Security and Privacy
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Cryptree: A Folder Tree Structure for Cryptographic File Systems
SRDS '06 Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems
Pors: proofs of retrievability for large files
Proceedings of the 14th ACM conference on Computer and communications security
Provable data possession at untrusted stores
Proceedings of the 14th ACM conference on Computer and communications security
Scalable and efficient provable data possession
Proceedings of the 4th international conference on Security and privacy in communication netowrks
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
HAIL: a high-availability and integrity layer for cloud storage
Proceedings of the 16th ACM conference on Computer and communications security
Dynamic provable data possession
Proceedings of the 16th ACM conference on Computer and communications security
Proofs of retrievability: theory and implementation
Proceedings of the 2009 ACM workshop on Cloud computing security
Controlling data in the cloud: outsourcing computation without outsourcing control
Proceedings of the 2009 ACM workshop on Cloud computing security
Communications of the ACM
Enabling public verifiability and data dynamics for storage security in cloud computing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Review: A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
Side Channels in Cloud Services: Deduplication in Cloud Storage
IEEE Security and Privacy
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Remote data checking using provable data possession
ACM Transactions on Information and System Security (TISSEC)
Proofs of ownership in remote storage systems
Proceedings of the 18th ACM conference on Computer and communications security
CloudFilter: practical control of sensitive data propagation to the cloud
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Inside dropbox: understanding personal cloud storage services
Proceedings of the 2012 ACM conference on Internet measurement conference
Abusing cloud-based browsers for fun and profit
Proceedings of the 28th Annual Computer Security Applications Conference
A framework to support selection of cloud providers based on security and privacy requirements
Journal of Systems and Software
Social engineering attacks on the knowledge worker
Proceedings of the 6th International Conference on Security of Information and Networks
Computer Standards & Interfaces
Hi-index | 0.00 |
During the past few years, a vast number of online file storage services have been introduced. While several of these services provide basic functionality such as uploading and retrieving files by a specific user, more advanced services offer features such as shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. Within this paper we give an overview of existing file storage services and examine Dropbox, an advanced file storage solution, in depth. We analyze the Dropbox client software as well as its transmission protocol, show weaknesses and outline possible attack vectors against users. Based on our results we show that Dropbox is used to store copyright-protected files from a popular filesharing network. Furthermore Dropbox can be exploited to hide files in the cloud with unlimited storage capacity. We define this as online slack space. We conclude by discussing security improvements for modern online storage services in general, and Dropbox in particular. To prevent our attacks cloud storage operators should employ data possession proofs on clients, a technique which has been recently discussed only in the context of assessing trust in cloud storage operators.