webinos secure storage: a cross-platform dilemma.

Encrypted storage for sensitive data and credentials is an obvious requirement for any system with pretences towards being secure. As part of the webinos project, we have been thinking about solutions to this problem which work across multiple platforms.

As a brief recap: the webinos project aims to design and deliver an open source web runtime for four types of device: smartphones, media centres, PCs and in-car computers.  It will provide a set of standard JavaScript APIs for accessing device features from web applications, as well as synchronising data and providing a “seamless” end user experience.  We’re working on it with over 20 other companies and are primarily researching the security and privacy aspects of the system.  More details are available on our website: http://www.cs.ox.ac.uk/projects/webinos/

In webinos we think we have (at least) the following data to protect:

Continue reading