Browse by author
Lookup NU author(s): Professor Feng Hao,
Professor Peter Ryan
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
This paper explains the sync problem and compares solutions in Firefox 4 and Chrome 10. The sync problem studies how to securely synchronize data across different computers. Google has added a built-in sync function in Chrome 10, which uses a user-defined password to encrypt bookmarks, history, cached passwords etc. However, due to the low-entropy of passwords, the encryption is inherently weak anyone with access to the ciphertext can easily uncover the key (and hence disclose the plaintext). Mozilla used to have a very similar sync solution in Firefox 3.5, but since Firefox 4 it has made a complete change of how sync works in the browser. The new solution is based on a security protocol called J-PAKE, which is a balanced Password Authenticated Key Exchange (PAKE) protocol. To our best knowledge, this is the first large-scale deployment of the PAKE technology. Since PAKE does not require a PKI, it has compelling advantages than PKI-based schemes such as SSL/TLS in many applications. However, in the past decade, deploying PAKE has been greatly hampered by the patent and other issues. With the rise of patent-free solutions such as J-PAKE and also that the EKE patent will soon expire in October, 2011, we believe the PAKE technology will be more widely adopted in the near future.
Author(s): Hao F, Ryan PYA
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: Security Protocols XIX : 19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers
Year of Conference: 2011
Library holdings: Search Newcastle University Library for this item
Series Editor(s): Lecture Notes in Computer Science