R&D: FileCrypt, Transparent and Scalable Protection of Sensitive Data in Browser-Based Cloud Storage

IEEE Xplore has published, in 2019 IEEE Conference on Communications and Network Security (CNS) proceedings, an article written by Peiyi Han, Beijing University of Posts and Telecommunications, Beijing, China, Chuanyi Liu, Harbin Institute of Technology (Shenzhen), Shenzhen, China, Yingfei Dong, University of Hawaii, Hawaii, USA, Hezhong Pan, Beijing University of Posts and Telecommunications, Beijing, China, QiYang Song, Tsinghua University, Beijing, China, and Binxing Fang, University of Hawaii, Hawaii, USA

Abstract: “While cloud storage has become a common practice for more and more organizations, many severe cloud data breaches in recent years show that protecting sensitive data in the cloud is still a challenging problem. Although various mitigation techniques have been proposed, they are not scalable for large scale enterprise users with strict security requirements or often depend on error-prone human interventions. To address these issues, we propose FileCrypt, a generic proxy-based technique for enterprise users to automatically secure sensitive files in browser-based cloud storage. To the best of our knowledge, FileCrypt is the first attempt towards transparent and fully automated file encryption for browser-based cloud storage services. More importantly, it does not require active cooperations from cloud providers or modifications of existing cloud applications. By instrumenting mandatory file-related JavaScript APIs in browsers, FileCrypt can naturally support new cloud storage services and guarantee the file encryption cannot be bypassed. We have evaluated the efficacy of FileCrypt on a number of popular realworld cloud storage services. The results show that it can protect files on the public cloud with relatively low overheads.“