亚洲免费av电影一区二区三区,日韩爱爱视频,51精品视频一区二区三区,91视频爱爱,日韩欧美在线播放视频,中文字幕少妇AV,亚洲电影中文字幕,久久久久亚洲av成人网址,久久综合视频网站,国产在线不卡免费播放

        ?

        Vulnerability Analysis of MEGA Encryption Mechanism

        2022-11-10 02:29:58QingbingJiZhihongRaoLvlinNiWeiZhaoandJingFu
        Computers Materials&Continua 2022年10期

        Qingbing Ji,Zhihong Rao,Lvlin Ni,Wei Zhao and Jing Fu

        1School of Cybersecurity,Northwestern Polytechnical University,Xi’an,710072,China

        2No.30 Institute of CETC,Chengdu,610041,China

        3Eberly College of Science,Pennsylvania State University-University Park,PA,16802,USA

        Abstract:MEGA is an end-to-end encrypted cloud storage platform controlled by users.Moreover,the communication between MEGA client and server is carried out under the protection of Transport Layer Security(TLS)encryption,it is difficult to intercept the key data packets in the process of MEGA registration,login,file data upload,and download.These characteristics of MEGA have brought great difficulties to its forensics.This paper presents a method to attack MEGA to provide an effective method for MEGA’s forensics.By debugging the open-source code of MEGA and analyzing the security white paper published,this paper first clarifies the encryption mechanism of MEGA,including the detailed process of registration,login,and file encryption,studies the encryption mechanism of MEGA from the perspective of protocol analysis,and finds out the vulnerability of MEGA encryption mechanism.On this basis,a method to attack MEGA is proposed,and the secret data stored in the MEGA server can be accessed or downloaded;Finally,the efficiency of the attack method is analyzed,and some suggestions to resist this attack method are put forward.

        Keywords:TLS;advanced encryption standard;forensics;protocol analysis;vulnerability

        1 Introduction

        MEGA is a cloud storage service launched by MEGA limited company.The content data stored on MEGA,such as files,messages,audio and video,are encrypted on the user’s client.After encryption,the user uploads the encrypted data to the MEGA platform,but the encryption key of the data will not be directly saved on the platform.Therefore,the access to the data stored on Mega is controlled by the user,not the platform.Even the platform cannot access the data.If other users want to access the data,the user must transmit the encryption key encrypted with the recipient’s public key to the recipient.

        All encryption related to the security of the user’s data is performed only on the user’s device.MEGA has released the source code of all client applications[1,2].Interested third parties can independently verify whether MEGA has the security advertised in the white paper and has no backdoors or accidental vulnerabilities.MEGA supports browser access,which not only lowers barriers to entry but also facilitates the use of other encryption technologies.As of August 20,2021,the site had 236 million registered users and uploaded more than 107 billion files.

        Encryption is a general double-edged sword,on the one hand,it protects the privacy of users,on the other hand,it is used by a small number of users as a tool to engage in illegal activities.As mentioned,MEGA has very good security and its security mechanism,and all communication between the client and the server is protected by TLS encryption from the time it is installed.In 2019,TLS1.2 was revealed that there were some vulnerabilities.Related attacks can be carried out based on man-in-the-middle attacks.With TLS1.3,these attack methods have failed.So far,no fatal defects have been found in the Advanced Encryption Standard(AES)and other algorithms used by MEGA[3,4].As you can imagine,MEGA’s forensics were very difficult.There are very few articles or information about MEGA’s encryption protocol analysis,almost none.Here,we analyze MEGA’s encryption mechanism,find its vulnerabilities,that is,its public links are encrypted only by password.Because people’s brain memory is limited and can only remember 5-7 passwords,most of the passwords set by the same person are similar[5-7].Based on this,we present a method to attack MEGA that can access or download encrypted data stored on MEGA’s server,thus bolstering MEGA’s forensics.According to the principle and efficiency of this attack method,we also put forward some protection suggestions,which can resist the attack to a certain extent or reduce the success rate of this attack.

        The paper is arranged in 6 sections as follows:In Section 2,by debugging the open-source code of MEGA and analyzing the security white paper published[8],we clarify MEGA’s encryption mechanism,including MEGA’s registration,login,and file and folder encryption details.In Section 3,we analyze MEGA’s security,point out that MEGA is not invulnerable,and propose a method or idea of attack.Section 4 analyzes the security mechanism of file or folder’s secure public links in detail,and proposes an attack method against the public links protected by password.Section 5 analyzes the efficiency of the attack and gives some suggestions to resist this attack.Finally,the paper is summarized in Section 6.

        2 The Encryption Mechanism of MEGA

        We clarify MEGA’s encryption mechanism as follows by debugging the open-source code of MEGA and analyzing the security white paper published.

        2.1 Registration and Login

        2.1.1 The Process to Register MEGA

        The process to register MEGA is as follows:

        Step6.The client will send the information described in Tab.1 to register an account.

        Table 1:User registration information

        2.1.2 The Process to Register MEGA

        The process to register MEGA is as follows:

        2.2 The Upload Encryption of File and Folder

        The keys of each file or folder are different.Since the folder does not contain data,the folder is not encrypted,and only the folder attribute(that is,the folder name)is encrypted.

        To encrypt the file,theFile Key(FK)consists of 128 random bits and 64 random bitsnone.The file is split into chunks,and each chunk is encrypted using Advanced Encryption Standard-Counter with Cipher lock chaining Message Authentication Code mode(AES-CCM).Thenoncein each encrypted block is incremented.

        After all chunks are encrypted,aCondensed Message Authentication Code (MAC)will be calculated according to the following steps:Firstly,A 128-bits array is initialized to zero.Secondly,the array is XORed with a block MAC,and the result is encrypted with Advanced Encryption Standard-Electronic Codebook Mode(AES-ECB).Again,each subsequent MAC block is processed according to this method.The final encryption result is the final MAC.

        TheFKis uploaded to the API after processed as follows:

        3 MEGA Security Analysis

        All communication between MEGA client and server is protected by TLS encryption from the time it is installed,and intercepting key packets during registration and login from traffic is not feasible unless the TLS encryption mechanism can be broken.Is MEGA unbreakable?Not necessarily.While MEGA offers end-to-end encryption,it does not use two-factor authentication for logins,so an attacker can log into each account using only login credentials and grab the name of the file in the account.Many users use Email Address as a user name and use the same user name and password for multiple sites.According to Troy Hunt[9],administrator of the website “Have I Been Pwned”,a massive file leak on MEGA in 2019 contained over 12,000 individual files and 87GB of data.It contained nearly 773 million email addresses and 22 million passwords.

        Meanwhile,while communication between MEGA client and server is protected by TLS encryption,anyone other than MEGA’s uploader who wants to access or download the uploader’s material needs the uploader to give him a public link to share the file or folder.When the downloader is an unregistered MEGA user,the uploader can only send it through insecure channels.In this case,if an attacker obtains a public link to a file or folder,he may access and download encrypted file data stored on the MEGA server to which the link points,as detailed in the next section for analysis and attack implementation.

        4 Cracking the Password Protected Public Links

        Anyone other than the MEGA uploader who wants to access or download the uploader’s profile needs the uploader to give him a public link to share the file or folder.Public links are classified into plaintext public links and password protected public links.

        4.1 Analysis of the Plaintext Public Link

        The plaintext public file links are as follows:

        https://mega.nz/file/Base64(Handle)#Base64(Key).

        The plaintext public folder links are as follows:

        https://mega.nz/folder/Base64(Handle)#Base64(Key).

        In the above links,“Handle”is the Handle of a file or folder,similar to ID or index.“Key”is theOFKfor public file links and theShare Keyfor public folder links.

        The generic format of the plaintext public link is shown in Tab.2.

        Table 2:Generic format of plaintext public link

        4.2 Analysis of the Password Protected Public Links

        The password protected public file or folder links are as follows:

        https://mega.nz/#P!Base64(data).

        The generic format of password protected public link is shown in Tab.3.

        The difference in the format of MEGA File and Folder’s password protected public links is the length of the data section.The length of the data in password protected public folder links is equal to 118,and the length of the data in password protected public file links is equal to 139.

        Table 3:Generic format of password protected public link

        The procedure for constructing a password protected link is as follows:

        In the above format,the meaning of each field identification is shown in Tab.4.

        Table 4:The meaning of each field identification

        Step3.Constructing protected links.

        ■A MAC Tag of 32 bytes is computed by

        MAC Tag=HMAC-SHA-256(MAC Key,(Algorithm||Type||Public Handle||Salt||Encrypted Key)).

        ■The format of protected link data is constructed by Algorithm||Type||Public Handle||Salt||Encrypted Key||MAC Tag.

        According to Tab.3,we firstly Base64 encode the link data,then substitute incompatible characters,and finally get a password protected link,for example,https://mega.nz/#P!WWWT5WcTsZ7Z_ghxV0FTJXKOQZs_3a...

        4.3 Cracking Algorithm of the Password Protected Public Links

        When the downloader is an unregistered MEGA user,the uploader can only send it through insecure channels.In this case,the attacker has a chance to obtain a public link to a file or folder.If the public link is not password protected,the attacker can use the link to access and download encrypted file data stored on the MEGA server to which the link points.If the link is password-protected,the attacker needs to crack it first.

        As you can see from the construction process of the password protected public links,its security depends on the password entered by the user.Although MEGA excludes passwords that it considers weak by forcing users to input passwords with a length greater than 8 and using different types of characters,to facilitate memory,users are usually far from meeting the requirements of random construction when constructing passwords[10-14].Generally,people choose passwords that are easy to remember for themselves,resulting in the centralized distribution of a large number of passwords in the whole password range,which greatly improves the success rate of the attacker to crack passwords[15-19].Next,we give the cracking algorithm of the password protected links based on password guessing.

        The cracking process of the password protected links is as follows:

        4.4 Examples of Cracking

        4.4.1 Cracking the Password Protected Public Folder Links

        4.4.2 Cracking the Password Protected Public File Links

        5 Efficiency Analysis and Suggestions

        Our attack method mainly depends on password guessing,so the efficiency of our attack method is equal to that of password guessing.The efficiency of password guessing generally depends on the rate of password guessing,password guessing algorithm,the complexity of the guessed password,and the size of the password training set.Since it is difficult to collect the data of MEGA’s password protected public links,we will use the public data to analyze the efficiency of the password guessing method,as shown in Tabs.5 and 6[20].

        Table 5:Intra-site password cracking

        Table 5:Continued

        Table 6:Intra-site password cracking

        It can be seen from Tabs.1 and 2 that when the password space is 1.4×109,the success rate of probabilistic context-free grammars (PCFG) in intra-site password cracking is more than 40%,and the success rate is greater with the increase of the password training set.If it is cross-site password cracking and the training set is homologous,the average success rate of PCFG is more than 30%.As far as the guessing algorithm is concerned,the success rate of semantic based password cracking algorithm(Sem+)[21]is about 7%higher than that of PCFG.

        According to the above analysis of password guessing efficiency,to improve the security of MEGA’s password protected public links,our suggestions are as follows:

        1.Increase the complexity of password setting,such as requiring at least 12 bits,including upper case letters,lower case letters,numbers,special characters,etc.

        2.The number of iterations of generatingDKin Section 4.2 is increased to more than 400000.

        The combination of the above two measures will greatly reduce the efficiency of password guessing,effectively resist password attacks and enhance the security of MEGA’s password protected public links.

        6 Conclusion

        MEGA is an end-to-end encrypted cloud storage platform controlled by users.The content data stored on MEGA are encrypted on the user’s client before the user uploads them to the MEGA platform.The encryption key of the data will not be directly saved on the platform.Therefore,the access to the data stored on Mega is controlled by the user,not the platform.Even the platform cannot access the data.MEGA not only has a good security mechanism of its own but all communication between the client and the server is protected by TLS encryption.So,MEGA’s forensics were very difficult.This paper clarifies the encryption mechanism of MEGA and finds out the vulnerability of the MEGA encryption mechanism.A method to attack MEGA is presented,and the secret data stored in the MEGA server can be accessed or downloaded.Finally,two examples are given to verify the correctness of the method.Therefore,the result of this paper provides an effective method for MEGA’s forensics.

        Funding Statement:This work was supported by the Key Laboratory of confidential communication Fund Project(No.6142103190308).

        Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

        特黄特色的大片观看免费视频| 偷拍偷窥在线精品视频| 久久96日本精品久久久| 亚洲av无码久久精品色欲| 又爆又大又粗又硬又黄的a片| 不卡a v无码在线| 中文字幕人妻互换激情| 午夜不卡无码中文字幕影院| 国内老熟妇对白xxxxhd| 在线国产视频精品视频| 久久av一区二区三区黑人| 帅小伙自慰videogay男男| 成人免费毛片内射美女-百度| 亚洲片在线视频| 男女性行为免费视频网站| 久久久无码精品亚洲日韩蜜臀浪潮| 亚洲人成无码网www| 亚洲av五月天天堂网| 国产精品高潮呻吟av久久黄| 99热这里有精品| 在线视频 亚洲精品| 国产精品二区三区在线观看| 亚洲av色香蕉一区二区三区| 日本又黄又爽gif动态图| 久久精品中文字幕久久| 国产午夜精品视频在线观看| 国产美女做爰免费视频| 午夜AV地址发布| 精品亚洲视频免费观看网站| 国产精品一区二区日本| 国产无遮挡无码视频免费软件| 日本口爆吞精在线视频| 男女啪啪啪的高清视频| 人人爽人人爽人人片av| 中文字幕在线免费 | 麻豆人妻无码性色AV专区| 久久本道久久综合伊人| 亚洲裸男gv网站| 中国老熟女重囗味hdxx| 91手机视频在线| 日本高清在线一区二区|