Title :
Some potential issues with the security of HTML5 indexedDB
Author :
Kimak, Stefan ; Ellman, Jeremy ; Laing, Christopher
Author_Institution :
Fac. of Eng. & Environ, Northumbria Univ., Newcastle upon Tyne, UK
Abstract :
The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and Web attacks. One of these security risks lies with the HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken using Firefox and Chrome Web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential issues and security risks, and recommend ways to store data securely on local file systems.
Keywords :
application program interfaces; client-server systems; data privacy; database indexing; digital forensics; hypermedia markup languages; online front-ends; public key cryptography; Chrome Web browser; Encase computer forensic tool; Firefox Web browser; HTML5 IndexedDB security risks; HTML5 client-side database; HTML5 standard; Web attacks; client local file systems; client resource access; data retrieval; data storage; exposure risk; local data storage; unencrypted data; user location; user privacy; Component web security; Encase; Forensic Test; IndexedDB; Security;
Conference_Titel :
System Safety and Cyber Security (2014), ??????9th IET International Conference on
Print_ISBN :
978-1-84919-940-7
