Please use this identifier to cite or link to this item:
http://arks.princeton.edu/ark:/88435/dsp01c821gn21q
Title: | The Limitations of Web Privacy: Cracking ShadowCrypt |
Authors: | Freyberger, Michael |
Advisors: | Mittal, Prateek |
Contributors: | Cuff, Paul |
Department: | Electrical Engineering |
Class Year: | 2016 |
Abstract: | In web settings it is very difficult to assure users their data is being kept private. Recent work has been done to develop a browser extension that can make text based web applications private without trusting any part of the application itself. The name of this project is ShadowCrypt and is available in the Chrome Extension store. This extension fails to address a serious user interface attack which will be described in detail. The effectiveness of this attack was measured through a user study administered through Amazon Mechanical Turk, in which only 5.4% of participants noticed the attack. In addition to a demonstration of the effectiveness of the user interface attack, I created multiple fundamental attacks against ShadowCrypt, exposing the privacy weaknesses of ShadowDOM. Finally, a framework for possible countermeasures is pre- sented in order to provide clear guidelines on how to design a secure input and output system within internet browsers. |
Extent: | 43 pages |
URI: | http://arks.princeton.edu/ark:/88435/dsp01c821gn21q |
Type of Material: | Princeton University Senior Theses |
Language: | en_US |
Appears in Collections: | Electrical Engineering, 1932-2020 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
freyberger_michael_thesis.pdf | 1.24 MB | Adobe PDF | Request a copy |
Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.