Skip navigation
Please use this identifier to cite or link to this item:
Title: The Limitations of Web Privacy: Cracking ShadowCrypt
Authors: Freyberger, Michael
Advisors: Mittal, Prateek
Contributors: Cuff, Paul
Department: Electrical Engineering
Class Year: 2016
Abstract: In web settings it is very difficult to assure users their data is being kept private. Recent work has been done to develop a browser extension that can make text based web applications private without trusting any part of the application itself. The name of this project is ShadowCrypt and is available in the Chrome Extension store. This extension fails to address a serious user interface attack which will be described in detail. The effectiveness of this attack was measured through a user study administered through Amazon Mechanical Turk, in which only 5.4% of participants noticed the attack. In addition to a demonstration of the effectiveness of the user interface attack, I created multiple fundamental attacks against ShadowCrypt, exposing the privacy weaknesses of ShadowDOM. Finally, a framework for possible countermeasures is pre- sented in order to provide clear guidelines on how to design a secure input and output system within internet browsers.
Extent: 43 pages
Type of Material: Princeton University Senior Theses
Language: en_US
Appears in Collections:Electrical Engineering, 1932-2017

Files in This Item:
File SizeFormat 
freyberger_michael_thesis.pdf1.24 MBAdobe PDF    Request a copy

Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.