Integrity Attack, a less stealthy variant of the Framing Attack that can be exploited to forge a file in the name of the victim and place it in the target's cloud storage, and.Framing Attack, wherein MEGA can insert arbitrary files into the user's file storage that are indistinguishable from genuinely uploaded ones. Plaintext Recovery Attack, which allows MEGA to decrypt node keys - an encryption key associated with every uploaded file and are encrypted with a user's master key - and use them to decrypt all user communication and files.The recovered RSA key can then be extended to make way for four other attacks. MEGA, which advertises itself as the "privacy company" and claims to provide user-controlled end-to-end encrypted cloud storage, has more than 10 million daily active users, with over 122 billion files uploaded to the platform to date. Paterson said in an analysis of the service's cryptographic architecture. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client," ETH Zurich's Matilda Backendal, Miro Haller, and Kenneth G. In a paper titled " MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files. A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |