News

Award-winning mobile app OmniShare provides secure and easy-to-use cloud storage

OmniShare is the first system to combine strong client-side file encryption with secure and intuitive key distribution mechanisms.

Omnishare is the overall winner of the "Privacy via IT Security: Innovating Mobile Apps" competition - a European contest to develop mobile apps that leverage security technologies to enhance users' privacy. The top three teams in the competition were invited to demonstrate their apps in exhibition stands at CeBIT 2016. Researchers from Aalto University and TU Darmstadt are demonstrating OmniShare. The competition jury selected OmniShare as the overall winner and it will receive 20 000€ as prize money. OmniShare is open source software and will soon be released for Windows and Android.

– I am very glad that  a relatively small project centered around a single Master's thesis research won over much larger and longer projects in the competition. The jury cited open source nature of the project and the clear explanations about the technologies underpinning the system as reasons for selecting OmniShare as the overall winner, says Professor N. Asokan from Aalto University.

Cloud storage services, such as Dropbox and Google Drive, are widely used but security and privacy are often cited as serious concerns. 44% of those who chose not to use the cloud services were concerned about who might have access to their files.

– Cloud providers always have access to the data and that makes the cloud storage vulnerable. There might be for instance a data breach or a malicious insider working as an employee, explains Andrew Paverd, a post-doctoral researcher working in Professor N. Asokan’s Secure Systems research group in the Department of Computer Science.

Long Nguyen, Andrew Paverd and N. Asokan. Photo by Jonathan Stoklas.

One solution is to encrypt your files before uploading them to the cloud, and to keep the decryption key on your own device. However, one of the main features of cloud storage is the ability to access your files from multiple devices. If your files are now encrypted, the decryption key must somehow be distributed to all your devices. Some existing services sidestep this issue by deriving this key from your password, but it is well-known that passwords are relatively easy to guess, so this does not provide much security. Other service providers use additional servers to manage and distribute keys, but this adds costs and introduces new vulnerabilities.

OmniShare solves this problem by automatically selecting the best mechanism to transfer the decryption key securely between your devices.

– OmniShare solves this problem by automatically selecting the best mechanism to transfer the decryption key securely between your devices, using an out-of-band (OOB) channel. All you have to do is scan a QR code or bring your devices close enough for them to communicate over an ultrasonic channel. OmniShare is designed to minimize the required user-interaction, continues Paverd.

Omnishare runs as a client-side app on each of the devices and automatically encrypts the files with a strong key. As the files are encrypted on the device, there are no longer risks related to the cloud provider.

– OmniShare also allows you to share individual encrypted files with other users. The file itself is still shared via the cloud, so all you need to do is transfer the decryption key. There are several mechanisms to set up a secure sharing relationship, such as Bluetooth, Near Field Communication and also ultrasonic communication. Once this relationship is established, the devices can share encrypted files wherever they are, concludes Paverd.

OmniShare began as the Master’s thesis of Long Nguyen under the supervision of Professor Asokan, and is now a joint research effort between Aalto and Technische Universität Darmstadt. It is supported by the Academy of Finland (via the CloSe project) and the Intel Collaborative Research Institute for Secure Computing (ICRI-SC).

More information:

Professor N. Asokan
Aalto University Department of Computer Science
Secure Systems Research Group
Tel. +358 50 483 6465
[email protected]

Blog: http://blog.se-sy.org/2016/02/omnishare.html

Website: https://ssg.aalto.fi/omnishare/
 

  • Published:
  • Updated:
Share
URL copied!

Related news

ARTS open science roadshow, pic of the session
Research & Art Published:

European Open Science Cloud (EOSC) Finnish Forum webinar on 25th January

One of the speakers is Karel Luyben, the first president of the EOSC Association and a member of board at Aalto University.
Installation Talk 2020, Jarkko Niiranen
Research & Art Published:

Professor Jarkko Niiranen on the computational mechanics of microarchitectural solids and structures

'When developing models, we spend a lot of time on mathematical physics, numerical mathematics and computer programming, but the fundamental concepts of mechanics remain the same' says Niiranen in his installation talk.
A photo showing Dr. Dorothea Golze
Research & Art Published:

Computational physicist Dorothea Golze receives prestigious Emmy Noether Award

Dorothea Golze received funding from the German Research Foundation within the Emmy Noether Programme to establish her own junior research group at the Technical University of Dresden.
Dronen ottama kuva Otakaari 1:sestä, kuva: Mikko Raskinen
Research & Art Published:

How do you know where a drone is flying without a GPS signal?

In Jouko Kinnari's doctoral dissertation, the location of a drone can be determined using map data and sensors.