亚洲免费av电影一区二区三区,日韩爱爱视频,51精品视频一区二区三区,91视频爱爱,日韩欧美在线播放视频,中文字幕少妇AV,亚洲电影中文字幕,久久久久亚洲av成人网址,久久综合视频网站,国产在线不卡免费播放

        ?

        Vulnerability Analysis of MEGA Encryption Mechanism

        2022-11-10 02:29:58QingbingJiZhihongRaoLvlinNiWeiZhaoandJingFu
        Computers Materials&Continua 2022年10期

        Qingbing Ji,Zhihong Rao,Lvlin Ni,Wei Zhao and Jing Fu

        1School of Cybersecurity,Northwestern Polytechnical University,Xi’an,710072,China

        2No.30 Institute of CETC,Chengdu,610041,China

        3Eberly College of Science,Pennsylvania State University-University Park,PA,16802,USA

        Abstract:MEGA is an end-to-end encrypted cloud storage platform controlled by users.Moreover,the communication between MEGA client and server is carried out under the protection of Transport Layer Security(TLS)encryption,it is difficult to intercept the key data packets in the process of MEGA registration,login,file data upload,and download.These characteristics of MEGA have brought great difficulties to its forensics.This paper presents a method to attack MEGA to provide an effective method for MEGA’s forensics.By debugging the open-source code of MEGA and analyzing the security white paper published,this paper first clarifies the encryption mechanism of MEGA,including the detailed process of registration,login,and file encryption,studies the encryption mechanism of MEGA from the perspective of protocol analysis,and finds out the vulnerability of MEGA encryption mechanism.On this basis,a method to attack MEGA is proposed,and the secret data stored in the MEGA server can be accessed or downloaded;Finally,the efficiency of the attack method is analyzed,and some suggestions to resist this attack method are put forward.

        Keywords:TLS;advanced encryption standard;forensics;protocol analysis;vulnerability

        1 Introduction

        MEGA is a cloud storage service launched by MEGA limited company.The content data stored on MEGA,such as files,messages,audio and video,are encrypted on the user’s client.After encryption,the user uploads the encrypted data to the MEGA platform,but the encryption key of the data will not be directly saved on the platform.Therefore,the access to the data stored on Mega is controlled by the user,not the platform.Even the platform cannot access the data.If other users want to access the data,the user must transmit the encryption key encrypted with the recipient’s public key to the recipient.

        All encryption related to the security of the user’s data is performed only on the user’s device.MEGA has released the source code of all client applications[1,2].Interested third parties can independently verify whether MEGA has the security advertised in the white paper and has no backdoors or accidental vulnerabilities.MEGA supports browser access,which not only lowers barriers to entry but also facilitates the use of other encryption technologies.As of August 20,2021,the site had 236 million registered users and uploaded more than 107 billion files.

        Encryption is a general double-edged sword,on the one hand,it protects the privacy of users,on the other hand,it is used by a small number of users as a tool to engage in illegal activities.As mentioned,MEGA has very good security and its security mechanism,and all communication between the client and the server is protected by TLS encryption from the time it is installed.In 2019,TLS1.2 was revealed that there were some vulnerabilities.Related attacks can be carried out based on man-in-the-middle attacks.With TLS1.3,these attack methods have failed.So far,no fatal defects have been found in the Advanced Encryption Standard(AES)and other algorithms used by MEGA[3,4].As you can imagine,MEGA’s forensics were very difficult.There are very few articles or information about MEGA’s encryption protocol analysis,almost none.Here,we analyze MEGA’s encryption mechanism,find its vulnerabilities,that is,its public links are encrypted only by password.Because people’s brain memory is limited and can only remember 5-7 passwords,most of the passwords set by the same person are similar[5-7].Based on this,we present a method to attack MEGA that can access or download encrypted data stored on MEGA’s server,thus bolstering MEGA’s forensics.According to the principle and efficiency of this attack method,we also put forward some protection suggestions,which can resist the attack to a certain extent or reduce the success rate of this attack.

        The paper is arranged in 6 sections as follows:In Section 2,by debugging the open-source code of MEGA and analyzing the security white paper published[8],we clarify MEGA’s encryption mechanism,including MEGA’s registration,login,and file and folder encryption details.In Section 3,we analyze MEGA’s security,point out that MEGA is not invulnerable,and propose a method or idea of attack.Section 4 analyzes the security mechanism of file or folder’s secure public links in detail,and proposes an attack method against the public links protected by password.Section 5 analyzes the efficiency of the attack and gives some suggestions to resist this attack.Finally,the paper is summarized in Section 6.

        2 The Encryption Mechanism of MEGA

        We clarify MEGA’s encryption mechanism as follows by debugging the open-source code of MEGA and analyzing the security white paper published.

        2.1 Registration and Login

        2.1.1 The Process to Register MEGA

        The process to register MEGA is as follows:

        Step6.The client will send the information described in Tab.1 to register an account.

        Table 1:User registration information

        2.1.2 The Process to Register MEGA

        The process to register MEGA is as follows:

        2.2 The Upload Encryption of File and Folder

        The keys of each file or folder are different.Since the folder does not contain data,the folder is not encrypted,and only the folder attribute(that is,the folder name)is encrypted.

        To encrypt the file,theFile Key(FK)consists of 128 random bits and 64 random bitsnone.The file is split into chunks,and each chunk is encrypted using Advanced Encryption Standard-Counter with Cipher lock chaining Message Authentication Code mode(AES-CCM).Thenoncein each encrypted block is incremented.

        After all chunks are encrypted,aCondensed Message Authentication Code (MAC)will be calculated according to the following steps:Firstly,A 128-bits array is initialized to zero.Secondly,the array is XORed with a block MAC,and the result is encrypted with Advanced Encryption Standard-Electronic Codebook Mode(AES-ECB).Again,each subsequent MAC block is processed according to this method.The final encryption result is the final MAC.

        TheFKis uploaded to the API after processed as follows:

        3 MEGA Security Analysis

        All communication between MEGA client and server is protected by TLS encryption from the time it is installed,and intercepting key packets during registration and login from traffic is not feasible unless the TLS encryption mechanism can be broken.Is MEGA unbreakable?Not necessarily.While MEGA offers end-to-end encryption,it does not use two-factor authentication for logins,so an attacker can log into each account using only login credentials and grab the name of the file in the account.Many users use Email Address as a user name and use the same user name and password for multiple sites.According to Troy Hunt[9],administrator of the website “Have I Been Pwned”,a massive file leak on MEGA in 2019 contained over 12,000 individual files and 87GB of data.It contained nearly 773 million email addresses and 22 million passwords.

        Meanwhile,while communication between MEGA client and server is protected by TLS encryption,anyone other than MEGA’s uploader who wants to access or download the uploader’s material needs the uploader to give him a public link to share the file or folder.When the downloader is an unregistered MEGA user,the uploader can only send it through insecure channels.In this case,if an attacker obtains a public link to a file or folder,he may access and download encrypted file data stored on the MEGA server to which the link points,as detailed in the next section for analysis and attack implementation.

        4 Cracking the Password Protected Public Links

        Anyone other than the MEGA uploader who wants to access or download the uploader’s profile needs the uploader to give him a public link to share the file or folder.Public links are classified into plaintext public links and password protected public links.

        4.1 Analysis of the Plaintext Public Link

        The plaintext public file links are as follows:

        https://mega.nz/file/Base64(Handle)#Base64(Key).

        The plaintext public folder links are as follows:

        https://mega.nz/folder/Base64(Handle)#Base64(Key).

        In the above links,“Handle”is the Handle of a file or folder,similar to ID or index.“Key”is theOFKfor public file links and theShare Keyfor public folder links.

        The generic format of the plaintext public link is shown in Tab.2.

        Table 2:Generic format of plaintext public link

        4.2 Analysis of the Password Protected Public Links

        The password protected public file or folder links are as follows:

        https://mega.nz/#P!Base64(data).

        The generic format of password protected public link is shown in Tab.3.

        The difference in the format of MEGA File and Folder’s password protected public links is the length of the data section.The length of the data in password protected public folder links is equal to 118,and the length of the data in password protected public file links is equal to 139.

        Table 3:Generic format of password protected public link

        The procedure for constructing a password protected link is as follows:

        In the above format,the meaning of each field identification is shown in Tab.4.

        Table 4:The meaning of each field identification

        Step3.Constructing protected links.

        ■A MAC Tag of 32 bytes is computed by

        MAC Tag=HMAC-SHA-256(MAC Key,(Algorithm||Type||Public Handle||Salt||Encrypted Key)).

        ■The format of protected link data is constructed by Algorithm||Type||Public Handle||Salt||Encrypted Key||MAC Tag.

        According to Tab.3,we firstly Base64 encode the link data,then substitute incompatible characters,and finally get a password protected link,for example,https://mega.nz/#P!WWWT5WcTsZ7Z_ghxV0FTJXKOQZs_3a...

        4.3 Cracking Algorithm of the Password Protected Public Links

        When the downloader is an unregistered MEGA user,the uploader can only send it through insecure channels.In this case,the attacker has a chance to obtain a public link to a file or folder.If the public link is not password protected,the attacker can use the link to access and download encrypted file data stored on the MEGA server to which the link points.If the link is password-protected,the attacker needs to crack it first.

        As you can see from the construction process of the password protected public links,its security depends on the password entered by the user.Although MEGA excludes passwords that it considers weak by forcing users to input passwords with a length greater than 8 and using different types of characters,to facilitate memory,users are usually far from meeting the requirements of random construction when constructing passwords[10-14].Generally,people choose passwords that are easy to remember for themselves,resulting in the centralized distribution of a large number of passwords in the whole password range,which greatly improves the success rate of the attacker to crack passwords[15-19].Next,we give the cracking algorithm of the password protected links based on password guessing.

        The cracking process of the password protected links is as follows:

        4.4 Examples of Cracking

        4.4.1 Cracking the Password Protected Public Folder Links

        4.4.2 Cracking the Password Protected Public File Links

        5 Efficiency Analysis and Suggestions

        Our attack method mainly depends on password guessing,so the efficiency of our attack method is equal to that of password guessing.The efficiency of password guessing generally depends on the rate of password guessing,password guessing algorithm,the complexity of the guessed password,and the size of the password training set.Since it is difficult to collect the data of MEGA’s password protected public links,we will use the public data to analyze the efficiency of the password guessing method,as shown in Tabs.5 and 6[20].

        Table 5:Intra-site password cracking

        Table 5:Continued

        Table 6:Intra-site password cracking

        It can be seen from Tabs.1 and 2 that when the password space is 1.4×109,the success rate of probabilistic context-free grammars (PCFG) in intra-site password cracking is more than 40%,and the success rate is greater with the increase of the password training set.If it is cross-site password cracking and the training set is homologous,the average success rate of PCFG is more than 30%.As far as the guessing algorithm is concerned,the success rate of semantic based password cracking algorithm(Sem+)[21]is about 7%higher than that of PCFG.

        According to the above analysis of password guessing efficiency,to improve the security of MEGA’s password protected public links,our suggestions are as follows:

        1.Increase the complexity of password setting,such as requiring at least 12 bits,including upper case letters,lower case letters,numbers,special characters,etc.

        2.The number of iterations of generatingDKin Section 4.2 is increased to more than 400000.

        The combination of the above two measures will greatly reduce the efficiency of password guessing,effectively resist password attacks and enhance the security of MEGA’s password protected public links.

        6 Conclusion

        MEGA is an end-to-end encrypted cloud storage platform controlled by users.The content data stored on MEGA are encrypted on the user’s client before the user uploads them to the MEGA platform.The encryption key of the data will not be directly saved on the platform.Therefore,the access to the data stored on Mega is controlled by the user,not the platform.Even the platform cannot access the data.MEGA not only has a good security mechanism of its own but all communication between the client and the server is protected by TLS encryption.So,MEGA’s forensics were very difficult.This paper clarifies the encryption mechanism of MEGA and finds out the vulnerability of the MEGA encryption mechanism.A method to attack MEGA is presented,and the secret data stored in the MEGA server can be accessed or downloaded.Finally,two examples are given to verify the correctness of the method.Therefore,the result of this paper provides an effective method for MEGA’s forensics.

        Funding Statement:This work was supported by the Key Laboratory of confidential communication Fund Project(No.6142103190308).

        Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

        国产一区二区三区蜜桃| 国内精品视频一区二区三区| 亚洲都市校园激情另类| 亚洲一区二区三区新视频| 国产精品自线一区二区三区| 日日碰狠狠添天天爽| 欧美中文字幕在线| 国产亚洲三级在线视频| 91成人黄色蘑菇视频| 无遮挡呻吟娇喘视频免费播放| 国产一区二区三区美女| 日本在线免费精品视频| 亚洲激情综合中文字幕| 亚洲欧美乱综合图片区小说区| 国际无码精品| 91亚洲最新国语中文字幕| 国产免费在线观看不卡| 亚洲avav天堂av在线网毛片| 亚洲综合伊人制服丝袜美腿| 亚洲中文有码一区二区| 国产禁区一区二区三区| 色欲人妻综合网| 国产一区二区精品久久凹凸| 亚洲av成熟国产精品一区二区| 国产激情无码视频在线播放性色| 播放灌醉水嫩大学生国内精品| 无码人妻少妇久久中文字幕| 野花视频在线观看免费| 天天爽天天爽夜夜爽毛片| 精品视频入口| 日本伦理视频一区二区| 亚洲国产日韩a在线乱码| 四虎影库久免费视频| 日韩肥熟妇无码一区二区三区| 国产成人综合精品一区二区| 九九热线有精品视频86| AV无码中文字幕不卡一二三区 | 日韩精品一二区在线视频| 蜜桃精品人妻一区二区三区| 精品国产人妻一区二区三区| 亚洲中文欧美日韩在线|