Recent surveys have shown that cloud services are becoming more and more popular, both in the enterprise sector and among individuals. Be it online file storage, e-mail, calendar & time management, note taking, or even password management, we rely heavily on online services. From a security standpoint, this poses several risks – data might be lost or corrupted, or even worse: accessed by unauthorized individuals.
In the past few years, tens of security incidents, hitting big and small, little-known and famous companies alike, were covered in the news. Many of these breaches resulted in several hundreds of thousands of user records being leaked and made available on the internet – some exclusively on the black market, others to the general public. This is not only dangerous because potentially confidential information (such as private messages or trade secrets) might get into the hands of competitors, but also because user records may contain passwords or password equivalents. Using said information, it might be possible for an adversary to get into the accounts of these victims for other services, gaining access to even more potentially sensitive information.
One of the possible solutions to this issue is employing transparent encryption, the principle of which is to encrypt information locally, before it is being sent to the cloud service provider (where it is stored in an encrypted form), and then, upon reception, decrypt it before it is processed by the local client. This way, even if the cloud service provider itself is compromised, or is accessed using stolen credentials, the attacker can obtain nothing but encrypted pieces of information.
Within this thesis, I am to choose a cloud service, analyse the communication protocol used, then design and implement a piece of software that can perform transparent encryption by identifying and modifying the relevant messages in transport.