Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Simple client-side encryption of personal information with Web Assembly

Marco Falda, Angela Grassi

TL;DR

The work addresses protecting personal information in cloud and intranet contexts by implementing client-side encryption through a WebAssembly module, ensuring plaintext never leaves the client. It introduces a prefix-based encoding scheme that allows limited, deterministic server-side searching on encrypted fields, while salting the suffix to reduce cryptanalytic risk; key derivation uses Argon2 from the user password to produce a robust encryption key. The API consists of two functions, encryptText and decryptText, with local password handling and straightforward integration into web forms, and check-words stored on the server verify key correctness. The paper discusses implementation in Rust for speed and security, practical integration via minimal browser code, and future directions such as hardening against reverse engineering and extending capabilities to support more data types or homomorphic analytics for on-server computations.

Abstract

The HTTPS protocol has enforced a higher level of robustness to several attacks; however, it is not easy to set up the required certificates on intranets, nor is it effective in the case the server confidentiality is not reliable, as in the case of cloud services, or it could be compromised. A simple method is proposed to encrypt the data on the client side, using Web Assembly. It never transfers data to the server as clear text. Searching fields in the server is made possible by an encoding scheme that ensures a stable prefix correspondence between ciphertext and plaintext. The method has been developed for a semantic medical database, and allows accessing personal data using an additional password while maintaining non-sensitive information in clear form. Web Assembly has been chosen to guarantee the fast and efficient execution of encrypting/decrypting operations and because of its characteristic of producing modules that are very robust against reverse engineering. The code is available at https://github.com/mfalda/client-encdec.

Simple client-side encryption of personal information with Web Assembly

TL;DR

The work addresses protecting personal information in cloud and intranet contexts by implementing client-side encryption through a WebAssembly module, ensuring plaintext never leaves the client. It introduces a prefix-based encoding scheme that allows limited, deterministic server-side searching on encrypted fields, while salting the suffix to reduce cryptanalytic risk; key derivation uses Argon2 from the user password to produce a robust encryption key. The API consists of two functions, encryptText and decryptText, with local password handling and straightforward integration into web forms, and check-words stored on the server verify key correctness. The paper discusses implementation in Rust for speed and security, practical integration via minimal browser code, and future directions such as hardening against reverse engineering and extending capabilities to support more data types or homomorphic analytics for on-server computations.

Abstract

The HTTPS protocol has enforced a higher level of robustness to several attacks; however, it is not easy to set up the required certificates on intranets, nor is it effective in the case the server confidentiality is not reliable, as in the case of cloud services, or it could be compromised. A simple method is proposed to encrypt the data on the client side, using Web Assembly. It never transfers data to the server as clear text. Searching fields in the server is made possible by an encoding scheme that ensures a stable prefix correspondence between ciphertext and plaintext. The method has been developed for a semantic medical database, and allows accessing personal data using an additional password while maintaining non-sensitive information in clear form. Web Assembly has been chosen to guarantee the fast and efficient execution of encrypting/decrypting operations and because of its characteristic of producing modules that are very robust against reverse engineering. The code is available at https://github.com/mfalda/client-encdec.
Paper Structure (7 sections, 3 figures)

This paper contains 7 sections, 3 figures.

Table of Contents

  1. Introduction
  2. Software description
  3. Software Architecture
  4. Software Functionalities
  5. Illustrative Examples
  6. Impact
  7. Conclusion

Figures (3)

  • Figure 1: Comparison between native JavaScript and Web Assembly implementation.
  • Figure 2: Reduction of the results sets by adding search terms prefixes.
  • Figure 3: Encryption schema.