Proceedings Article10.1109/ACSAC.2009.42
Symmetric Cryptography in Javascript
Emily Stark,Michael Hamburg,Dan Boneh +2 more
- 07 Dec 2009
- pp 373-381
TL;DR: This work takes a systematic approach to developing a symmetric cryptography library in Javascript and proposes a number of optimizations that reduce both running time and code size and shows that certain symmetric systems that are faster than AES when implemented in native x86 code, are in fact much slower than AESWhen implemented in Javascript.
read more
Abstract: We take a systematic approach to developing a symmetric cryptography library in Javascript. We study various strategies for optimizing the code for the Javascript interpreter, and observe that traditional crypto optimization techniques do not apply when implemented in Javascript. We propose a number of optimizations that reduce both running time and code size. Our optimized library is about four times faster and 12% smaller than the fastest and smallest existing symmetric Javascript encryption libraries. On Internet Explorer 8, our library is about 11 times faster than the fastest previously existing code. In addition, we show that certain symmetric systems that are faster than AES when implemented in native x86 code, are in fact much slower than AES when implemented in Javascript. As a result, the choice of ciphers for a Javascript crypto library may be substantially different from the choice of ciphers when implementing crypto natively. Finally, we study the problem of generating strong randomness in Javascript and give extensive measurements validating our techniques.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Foundations of Security Analysis and Design V: FOSAD 2007/2008/2009 Tutorial Lectures
TL;DR: This paper, summarizing the six hours lesson taught during the Summer School FOSAD’12, gives an overview of the test data selection techniques and provides a state-of-the-art about Model-Based approaches for security testing.
298
Building web applications on top of encrypted data using Mylar
Raluca Ada Popa,Emily Stark,Jonas Helfer,Steven Valdez,Nickolai Zeldovich,M. Frans Kaashoek,Hari Balakrishnan +6 more
- 02 Apr 2014
TL;DR: Mylar is presented, a platform for building web applications, which protects data confidentiality against attackers with full access to servers, and stores sensitive data encrypted on the server, and decrypts that data only in users' browsers.
•Posted Content
Building web applications on top of encrypted data using Mylar.
Raluca Ada Popa,Emily Stark,Jonas Helfer,Steven Valdez,Nickolai Zeldovich,M. Frans Kaashoek,Hari Balakrishnan +6 more
TL;DR: Mylar as discussed by the authors is a platform for building web applications, which protects data confidentiality against attackers with full access to servers by allowing the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys.
ShadowCrypt: Encrypted Web Applications for Everyone
Warren He,Devdatta Akhawe,Sumeet Jain,Elaine Shi,Dawn Song +4 more
- 03 Nov 2014
TL;DR: A systematization of the design space of web applications and a previously unexplored design point that enables encrypted input/output without trusting any part of the web applications are presented, and a study of 17 popular web applications, across different domains, and the functionality impact and security advantages of encrypting the data they handle.
115
•Proceedings Article
The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites.
Sooel Son,Vitaly Shmatikov +1 more
- 25 Feb 2013
TL;DR: This work collected postMessage receivers from the Alexa top 10,000 websites and found that many perform origin checks incorrectly or not at all, which results in exploitable vulnerabilities in 84 popular sites, including cross-site scripting and injection of arbitrary content into local storage.
References
•Book
Practical Cryptography
Niels Ferguson,Bruce Schneier +1 more
- 01 Jan 2003
TL;DR: The Practical Cryptography as mentioned in this paper provides a hands-on cryptographic product implementation guide, bridging the gap between cryptographic theory and real-world cryptographic applications, which can be used to implement cryptography and how to incorporate it into real world systems.
684
Native Client: a sandbox for portable, untrusted x86 native code
Bennet S. Yee,David C. Sehr,Gregory Dardyk,J. Bradley Chen,Robert Muth,Tavis Ormandy,Shiki Okasaka,Neha Narula,Nicholas Fullagar +8 more
TL;DR: This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code that combines software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Bennet S. Yee,David C. Sehr,Gregory Dardyk,J. Bradley Chen,Robert Muth,Tavis Ormandy,Shiki Okasaka,Neha Narula,Nicholas Fullagar +8 more
- 17 May 2009
TL;DR: The Native Client project as mentioned in this paper is a sandbox for untrusted x86 native code that uses software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client.
Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
Morris J. Dworkin
- 01 May 2005
TL;DR: In this article, the authors proposed a MAC algorithm based on a symmetric key block cipher, called CMAC, which may be used to provide assurance of the authenticity and hence the integrity of binary data.
456
SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
Morris J. Dworkin
- 01 May 2004
TL;DR: CCM may be used to provide assurance of the confidentiality and the authenticity of computer data by combining the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm.
323
Related Papers (5)
Alma Whitten,J. D. Tygar +1 more
- 23 Aug 1999
Roger Dingledine,Nick Mathewson,Paul Syverson +2 more
- 13 Aug 2004
Dawn Song,David Wagner,Adrian Perrig +2 more
- 14 May 2000
Devdatta Akhawe,Prateek Saxena,Dawn Song +2 more
- 08 Aug 2012