Based on our results we show that Dropbox is used to store copyright-protected files from a popular filesharing network. We analyze the Dropbox client software as well as its transmission protocol, show weaknesses and outline possible attack vectors against users. Within this paper we give an overview of existing file storage services and examine Dropbox, an advanced file storage solution, in depth. While several of these services provide basic functionality such as uploading and retrieving files by a specific user, more advanced services offer features such as shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. Finally, we describe the design and implementation of an open-source version of Dropbox client (and yes, it runs on ARM too).ĭuring the past few years, a vast number of online file storage services have been introduced. Dropbox will / should no longer be a black box. We believe that our biggest contribution is to open up the Dropbox platform to further security analysis and research. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented. ![]() We describe a method to bypass Dropbox's two factor authentication and hijack Dropbox accounts. This paper presents new and generic techniques, to reverse engineer frozen Python applications, which are not limited to just the Dropbox world. Moreover, the existing Python bytecode reversing techniques are not enough for reversing hardened applications like Dropbox. Also, the previous work on the security analysis of Dropbox has been heavily censored. In spite of its widespread popularity, we believe that Dropbox as a platform hasn't been analyzed extensively enough from a security standpoint. The goal is threefold: (1) review and categorize PDMS solutions and identify existing privacy threats and countermeasures (2) review new security models capitalizing on TEEs and related privacy-preserving data management solutions relevant to the personal context (3) discuss new challenges at the intersection of PDMS security and TEE-based data management.ĭropbox is a cloud based file storage service used by more than 100 million users. This tutorial offers a global perspective of the current state of work at the confluence of these two rapidly growing areas. Concurrently, the emergence of Trusted Execution Environments (TEE) changes the game in privacy-preserving data management with novel security models. Consequently, the thorny issue of data security becomes more and more prominent, but highly differs from traditional privacy issues in outsourced corporate databases. ![]() ![]() Smart disclosure initiatives and new regulations such as GDPR in the EU increase the interest for Personal Data Management Systems (PDMS) being provided to individuals to preserve their entire digital life.
0 Comments
Leave a Reply. |