This paper addresses an interesting data security and privacy issue on online sharing platforms. The authors propose a carefully designed system with strong user-side encryption. A notable feature of this system is that the ciphertext that is transmitted is invisible to unauthorized parties. Their idea is inspired by techniques from social steganography.

The system needs an online sharing platform, as well as a storage service and a hash map directory. Using the paper’s example, assume that Alice and Bob want to exchange protected messages on a sharing platform. Once they have exchanged cryptographic keys, Alice encrypts the intended message and stores the ciphertext c in the storage service. What Alice posts on the sharing platform is actually dummy data d that looks like a genuine file. Bob computes a keyed hash value of d and uses it as an index to fetch the (encrypted) address of c in the storage service from the hash map directory. With this address, Bob can get c and recover Alice’s message by decryption.

The paper provides a key management and security analysis, and addresses issues of semantics and mining attacks. A proof-of-concept implementation of the system is publicly available as a Firefox plug-in.