Daily Archives: 02/12/2012

Browser Side Cryptography

I talked about browser based security last week. As we have more and more cloud or web delivered applications, the browser is playing an important role. Most (if not all) user interaction in browser are programmed via javascript. With Cloud Computing, client side script will be playing a ever more important role.

The data security and data privacy concerns on using cloud services or hosted application (like web email) is holding people. The incident in Paula Broadwell showed law enforcement agents had far move power and means to access individual data than we think of. If you like to understand the legal framework on this, there is a very good paper wrote by three Netherlands legal researcher.

Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act

 

One way, user could protect their data ever if it in the cloud is using client side encryption. Why client side? It is because the data must be protected before it is going to the Internet. This means that data are encrypted at the client and the servers only store encrypted data. When the user want to use it, the servers send the encrypted data and the client decrypt it. As most user are access the internet using a browser, it it an obvious choice for doing the data encrypt/decrypt job. However, cryptography functions are not well developed in the javascript domain. There are some open source editions like Google-CryptoJS.

W3C has a working group on Web Cryptography and they is developing a library standard for JS cryptography.  Below are some user cases, for how the new Web Cryptography API is designed for

http://dev.w3.org/2006/webapi/FileAPI/OverviewUseCases.html