Some Potential Issues with the Security of HTML5 IndexedDB

Kimak, Stefan, Ellman, Jeremy and Laing, Christopher (2014) Some Potential Issues with the Security of HTML5 IndexedDB. In: System Safety and Cyber Security 2014 (IET Conference), 14-16th October 2014, The Midland Hotel, Manchester, UK.

[img]
Preview
PDF
IETSS2014_0029_final.pdf
Available under License Creative Commons Attribution.

Download (1MB) | Preview
Official URL: http://conferences.theiet.org/system-safety/-docum...

Abstract

The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and web attacks. One of these security risks lies with the HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken using Firefox and Chrome web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential issues and security risks, and recommend ways to store data securely on local file systems.

Item Type: Conference or Workshop Item (Paper)
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer Science and Digital Technologies
Depositing User: Jeremy Ellman
Date Deposited: 28 Nov 2014 09:16
Last Modified: 09 May 2017 14:57
URI: http://nrl.northumbria.ac.uk/id/eprint/18302

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics


Policies: NRL Policies | NRL University Deposit Policy | NRL Deposit Licence