Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers

Authors: Michael Freyberger (Princeton University), Warren He (UC Berkeley), Devdatta Akhawe (Dropbox), Michelle L. Mazurek (University of Maryland), Prateek Mittal (Princeton University)

Volume: 2018
Issue: 2
Pages: 47–63
DOI: https://doi.org/10.1515/popets-2018-0012

Download PDF

Abstract: An important line of privacy research is investigating the design of systems for secure input and output (I/O) within Internet browsers. These systems would allow for users’ information to be encrypted and decrypted by the browser, and the specific web applications will only have access to the users’ information in encrypted form. The state-of-the-art approach for a secure I/O system within Internet browsers is a system called ShadowCrypt created by UC Berkeley researchers [23]. This paper will explore the limitations of ShadowCrypt in order to provide a foundation for the general principles that must be followed when designing a secure I/O system within Internet browsers. First, we developed a comprehensive UI attack that cannot be mitigated with popular UI defenses, and tested the efficacy of the attack through a user study administered on Amazon Mechanical Turk. Only 1 of the 59 participants who were under attack successfully noticed the UI attack, which validates the stealthiness of the attack. Second, we present multiple attack vectors against ShadowCrypt that do not rely upon UI deception. These attack vectors expose the privacy weaknesses of Shadow DOM — the key browser primitive leveraged by ShadowCrypt. Finally, we present a sketch of potential countermeasures that can enable the design of future secure I/O systems within Internet browsers.

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.