OblivSend: secure and ephemeral file sharing services with oblivious expiration control

Yanjun Shen; Bin Yu; Shangqi Lai; Xingliang Yuan; Shi-Feng Sun; Joseph K. Liu; Surya Nepal

doi:10.1007/978-3-031-22390-7_17

OblivSend: secure and ephemeral file sharing services with oblivious expiration control

Yanjun Shen, Bin Yu, Shangqi Lai, Xingliang Yuan, Shi-Feng Sun, Joseph K. Liu, Surya Nepal

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

1 Citation (Scopus)

Abstract

Users have personal or business need to share most private and confidential documents; however, often at the expense of privacy and security. A sought after feature in the trending ephemeral context is to set download constraints of a particular file - a file can only be downloaded a limited number of times and/or for a limited period of time. Emerging end-to-end encrypted file sharing services with enhanced expiration control are attempts to meet the needs. Although such new services have drawn much attention, their server can still observe and control metadata of such download constraints, which could reveal partial data information. To address this challenge, we propose OblivSend, a privacy-preserving file sharing web service that 1) supports end-to-end encryption, 2) allows a limited period of time and a limited number of downloads at users’ control, and 3) protects expiration control metadata from the server efficiently by lightweight cryptographic primitives. We develop a proof of concept prototype implemented in Hyperledger Fabric on a Research Cloud and evaluations demonstrate that our prototype can function as intended to achieve privacy of metadata without sacrificing user experience.

Original language	English
Title of host publication	Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings
Editors	Willy Susilo, Xiaofeng Chen, Fuchun Guo, Yudi Zhang, Rolly Intan
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	269-289
Number of pages	21
ISBN (Electronic)	9783031223907
ISBN (Print)	9783031223891
DOIs	https://doi.org/10.1007/978-3-031-22390-7_17
Publication status	Published - 2022
Event	Information Security Conference 2022 - Bali, Indonesia Duration: 18 Dec 2022 → 22 Dec 2022 Conference number: 25th https://link.springer.com/book/10.1007/978-3-031-22390-7 (Proceedings) https://isc2022.petra.ac.id/ (Website)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13640
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Information Security Conference 2022
Abbreviated title	ISC 2022
Country/Territory	Indonesia
City	Bali
Period	18/12/22 → 22/12/22
Internet address	https://link.springer.com/book/10.1007/978-3-031-22390-7 (Proceedings) https://isc2022.petra.ac.id/ (Website)

Keywords

Metadata protection
Privacy-preserving protocols
Security and privacy protection
Smart contract
Web application security

Access to Document

10.1007/978-3-031-22390-7_17

Cite this

Shen, Y., Yu, B., Lai, S., Yuan, X., Sun, S.-F., Liu, J. K., & Nepal, S. (2022). OblivSend: secure and ephemeral file sharing services with oblivious expiration control. In W. Susilo, X. Chen, F. Guo, Y. Zhang, & R. Intan (Eds.), Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings (pp. 269-289). (Lecture Notes in Computer Science; Vol. 13640). Springer. https://doi.org/10.1007/978-3-031-22390-7_17

Shen, Yanjun ; Yu, Bin ; Lai, Shangqi et al. / OblivSend : secure and ephemeral file sharing services with oblivious expiration control. Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings. editor / Willy Susilo ; Xiaofeng Chen ; Fuchun Guo ; Yudi Zhang ; Rolly Intan. Cham Switzerland : Springer, 2022. pp. 269-289 (Lecture Notes in Computer Science).

@inproceedings{0d075b133a6c4d5e939f7bfed6faead7,

title = "OblivSend: secure and ephemeral file sharing services with oblivious expiration control",

abstract = "Users have personal or business need to share most private and confidential documents; however, often at the expense of privacy and security. A sought after feature in the trending ephemeral context is to set download constraints of a particular file - a file can only be downloaded a limited number of times and/or for a limited period of time. Emerging end-to-end encrypted file sharing services with enhanced expiration control are attempts to meet the needs. Although such new services have drawn much attention, their server can still observe and control metadata of such download constraints, which could reveal partial data information. To address this challenge, we propose OblivSend, a privacy-preserving file sharing web service that 1) supports end-to-end encryption, 2) allows a limited period of time and a limited number of downloads at users{\textquoteright} control, and 3) protects expiration control metadata from the server efficiently by lightweight cryptographic primitives. We develop a proof of concept prototype implemented in Hyperledger Fabric on a Research Cloud and evaluations demonstrate that our prototype can function as intended to achieve privacy of metadata without sacrificing user experience.",

keywords = "Metadata protection, Privacy-preserving protocols, Security and privacy protection, Smart contract, Web application security",

author = "Yanjun Shen and Bin Yu and Shangqi Lai and Xingliang Yuan and Shi-Feng Sun and Liu, \{Joseph K.\} and Surya Nepal",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Information Security Conference 2022, ISC 2022 ; Conference date: 18-12-2022 Through 22-12-2022",

year = "2022",

doi = "10.1007/978-3-031-22390-7\_17",

language = "English",

isbn = "9783031223891",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "269--289",

editor = "Willy Susilo and Xiaofeng Chen and Fuchun Guo and Yudi Zhang and Rolly Intan",

booktitle = "Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings",

address = "Switzerland",

url = "https://link.springer.com/book/10.1007/978-3-031-22390-7, https://isc2022.petra.ac.id/",

}

Shen, Y, Yu, B, Lai, S, Yuan, X, Sun, S-F, Liu, JK & Nepal, S 2022, OblivSend: secure and ephemeral file sharing services with oblivious expiration control. in W Susilo, X Chen, F Guo, Y Zhang & R Intan (eds), Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings. Lecture Notes in Computer Science, vol. 13640, Springer, Cham Switzerland, pp. 269-289, Information Security Conference 2022, Bali, Indonesia, 18/12/22. https://doi.org/10.1007/978-3-031-22390-7_17

OblivSend: secure and ephemeral file sharing services with oblivious expiration control. / Shen, Yanjun; Yu, Bin; Lai, Shangqi et al.
Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings. ed. / Willy Susilo; Xiaofeng Chen; Fuchun Guo; Yudi Zhang; Rolly Intan. Cham Switzerland: Springer, 2022. p. 269-289 (Lecture Notes in Computer Science; Vol. 13640).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - OblivSend

T2 - Information Security Conference 2022

AU - Shen, Yanjun

AU - Yu, Bin

AU - Lai, Shangqi

AU - Yuan, Xingliang

AU - Sun, Shi-Feng

AU - Liu, Joseph K.

AU - Nepal, Surya

N1 - Conference code: 25th

PY - 2022

Y1 - 2022

N2 - Users have personal or business need to share most private and confidential documents; however, often at the expense of privacy and security. A sought after feature in the trending ephemeral context is to set download constraints of a particular file - a file can only be downloaded a limited number of times and/or for a limited period of time. Emerging end-to-end encrypted file sharing services with enhanced expiration control are attempts to meet the needs. Although such new services have drawn much attention, their server can still observe and control metadata of such download constraints, which could reveal partial data information. To address this challenge, we propose OblivSend, a privacy-preserving file sharing web service that 1) supports end-to-end encryption, 2) allows a limited period of time and a limited number of downloads at users’ control, and 3) protects expiration control metadata from the server efficiently by lightweight cryptographic primitives. We develop a proof of concept prototype implemented in Hyperledger Fabric on a Research Cloud and evaluations demonstrate that our prototype can function as intended to achieve privacy of metadata without sacrificing user experience.

AB - Users have personal or business need to share most private and confidential documents; however, often at the expense of privacy and security. A sought after feature in the trending ephemeral context is to set download constraints of a particular file - a file can only be downloaded a limited number of times and/or for a limited period of time. Emerging end-to-end encrypted file sharing services with enhanced expiration control are attempts to meet the needs. Although such new services have drawn much attention, their server can still observe and control metadata of such download constraints, which could reveal partial data information. To address this challenge, we propose OblivSend, a privacy-preserving file sharing web service that 1) supports end-to-end encryption, 2) allows a limited period of time and a limited number of downloads at users’ control, and 3) protects expiration control metadata from the server efficiently by lightweight cryptographic primitives. We develop a proof of concept prototype implemented in Hyperledger Fabric on a Research Cloud and evaluations demonstrate that our prototype can function as intended to achieve privacy of metadata without sacrificing user experience.

KW - Metadata protection

KW - Privacy-preserving protocols

KW - Security and privacy protection

KW - Smart contract

KW - Web application security

UR - http://www.scopus.com/inward/record.url?scp=85145259003&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-22390-7_17

DO - 10.1007/978-3-031-22390-7_17

M3 - Conference Paper

AN - SCOPUS:85145259003

SN - 9783031223891

T3 - Lecture Notes in Computer Science

SP - 269

EP - 289

BT - Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings

A2 - Susilo, Willy

A2 - Chen, Xiaofeng

A2 - Guo, Fuchun

A2 - Zhang, Yudi

A2 - Intan, Rolly

PB - Springer

CY - Cham Switzerland

Y2 - 18 December 2022 through 22 December 2022

ER -

Shen Y, Yu B, Lai S, Yuan X, Sun SF, Liu JK et al. OblivSend: secure and ephemeral file sharing services with oblivious expiration control. In Susilo W, Chen X, Guo F, Zhang Y, Intan R, editors, Information Security - 25th International Conference, ISC 2022 Bali, Indonesia, December 18–22, 2022 Proceedings. Cham Switzerland: Springer. 2022. p. 269-289. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-22390-7_17