Title: Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space

Comment: Cool stuff

- User has to choose threat model on current operators of cloud storage (Dropbox, etc)

- Data de-duplication

  - At the server: Same file only store once: save storage space at the server

  - At the client: calculate hash sum or other digest: reduce communication with clients

  - Beneficial for everyone, right?

- Dropbox (uses Amazon S3. Dada de-duplication using SHA256l file split in 4mb chunks; data encrypted AES-256 (server-sided))

  - 25 million users. More than 100bilion files

- They outline three attacks:

  - Hash manipulation attack (not specific for Dropbox. Any system that uses client-side de-duplication):

    - Every time a new file is added

    - Hash value needs to be known

    - Completely undetectable for victim or Dropbox

    - Results in unauthorized file access

  - Stolen Host ID Attack:

    - Dropbox uses host ID to link particular host with account (already publicly known)

    - Credentials needed only once

    - 128 bit in length

    - Arguably a security issue

    - Can be easily detected/prevented by Dropbox (verifying changes in HW and in IP etc)

  - Direct Up-/Download Attack

    - Transmission protocol is build upon HTTPS

      - Simple https request:

        - https://dl-clientXX.dropbox.com/retreive

      - As POST data: sha-256 value & a valid host ID

    - No check if chunk is linked with account!

    - Easily exploitable

    - Same effect as hash manipulation attack.

    - Hiding data in the could

      - Same as retrieval but for storing chunks

      - Uploading without linking

      - Simple https request: https://dl-clientXX.dropbox.com/store

      - No storage quota/ unlimited space

      - If host ID is known: push data to other peoples Dropbox

      - Can be detected/prevented by Dropbox

- Evaluation part 1:

  - They measured time until (hidden) chinks get deleted:

    -Random data in multiple files

    - Hidden upload: at least 4 weeks

    - Regular upload: unlimited undelete possible (> 6 months)

  - They used the HTTPS attack:

    - Stealthiness was not an issue

    - Hash manipulation equally suitable

- Evaluation part 2

  - Popular files on Dropbox:

    - The piratebay.org top 100 torrent files

    - Downloaded copyright-free content (.sfv, .nfo)

    - 97% were retrievable

    - Aprox 475 seeders

    - 20% of torrents were less than 24 hours old

  - Interpretation:

    - At least one of the seeders uses Dropbox

- Countermeasures:

    - Upload every file, no client-side data de-duplication

    - Data possession proofs [Ateniese et al. CCS 2007]

    - “Proof of Ownage” by Harnik et al. [under submission]

- Their solution: Interactive challenge-response protocol

  - Client and Server are in possession of the same file

  - Client has to answer challenges

  - Pre-computable by the server

  - Possible challenges

    - Hash a subset of data

    - Append & XOR random bits and bytes

    - Possible multiple rounds

  - Drawbacks

    - Challenges can be forwarded

    - Not a real proof!

    - But makes hash manipulation attacks detectable

- Timeline:

  - First results in Summer 2010

  - First paper draft November 2010

  - Same time notified Dropbox via a national CERT

  - April 2011, Dropbox fixed their sh$t.