Client Side Encryption for HTML Form Fields

David Moskowitz

Doctoral Student

Nova Southeastern University

Winter 2011

 Abstract

Cloud based applications are a growing trend, offering businesses and users the advantages of lower costs,  lessened maintenance concerns, and increased scalability. However, such application architectures open up additional security risks. Arguably, the most significant of these risks is the ability of service provider to view private data of which they are entrusted. Storing data in the cloud also opens up that data to potential hackers. This paper addresses these security concerns and proposes a solution using client side encryption. In this approach, data stored on the server that is not needed for server side processing is encrypted prior to submission. A symmetric encryption algorithm is used. The secret key is not shared with the service provider nor transmitted across the network. A prototype JavaScript application implementing these principles is presented. The prototype addresses a primary implementations issue- the maintenance of the client side encryption key. This paper also includes a proposal to incorporate this type of encryption into the HTML standard.

View the attached PDF Client Side Encryption for HTML Form Fields