Browse by author
Lookup NU author(s): Professor Feng Hao, Professor Peter Ryan
This paper explains the sync problem and compares solutions in Firefox 4 and Chrome 10. The sync problem studies how to securely synchronize data across different computers. Google has added a built-in sync function in Chrome 10, which uses a user-defined password to encrypt bookmarks, history, cached passwords etc. However, due to the low-entropy of passwords, the encryption is inherently weak -- anyone with access to the ciphertext can easily uncover the key (and hence disclose the plaintext). Mozilla used to have a very similar sync solution in Firefox 3.5, but since Firefox 4 it has made a complete change of how sync works in the browser. The new solution is based on a security protocol called J-PAKE, which is a balanced Password Authenticated Key Exchange(PAKE) protocol. To our best knowledge, this is the first large-scale deployment of the PAKE technology. Since PAKE does not require a PKI, it has compelling advantages than PKI-based schemes such as SSL/TLS in many applications. However, in the past decade, deploying PAKE has been greatly hampered by the patent and other issues. With the rise of patent-free solutions such as J-PAKE and also that the EKE patent will soon expire in October, 2011, we believe the PAKE technology will be more widely adopted in the near future.
Author(s): Hao F, Ryan PYA
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2011
Pages: 12
Print publication date: 01/06/2011
Source Publication Date: June 2011
Report Number: 1260
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
