How can I protect browser cached files to be accessed in a case of a stolen hard drive?

  • For the usual reasons we want to cache certain resources browser side, e.g. list of products bought in the past. Context is a web application, accessed via the internet.

    This list is confidential in my case, and I want to mitigate the case where an attacker get physical access to the (os password locked) machine or to the hard drive.

    Are there standard strategies/JS libs/browser support for such scenarios? It seems browsers in general will cache files in an unprotected way (not encrypted essentially).

    Full disk encryption or any os level strategy is not an option obviously - no control over who uses my web application. I still want to protect their data.

  • If you control the system

    Besides cached files that you see there can be other places where browser data can be found:

    • System swap file
    • Temporary files (this is not the same as cache)
    • Data in the deleted (some files can be restored after deletion)

    That's why, if you have some sensitive data in cached files, caring about cache files only is not sufficient.

    That's why consider using whole disk encryption. On Windows it can be BitLocker, on Linux some solution based on LUKS like dm-crypt.

    If the whole disk is encrypted, then you don't need to care about any temporary files and deleted files.

    If you don't control the system, e.g. cache on user device

    A solution depends on what threats you see.

    1. If disclosure of cached data means that user will loose let say 100'000 USD, then a very efficient solution is to inform users how they can encrypt their disks.

    2. If disclosure of cached data is less expensive: Generate a key pair. Send public key to the server. On the server encrypt data with public key. In browser, before displaying data, decrypt them with user private key. Such data in cache cannot be decrypted by anyone. To access private key user will be asked once for a password. If device is stolen, nobody will be able to use private key because this requires the password. If the password is random and long enough, it will be unbreakable. Separate data from code. Encryption of code makes no sense. Encrypt the data only. But: When browser decrypted data and displays them to the user, they are present in the plain form in the browser DOM. If the device swaps memory, such data can be written to the swap file in the plain form. Means, this approach is not as secure as the full disk encryption.

    3. If the data disclosure will not cost much, i.e. if the data disclosure does not give an attacker much benefits, then experienced attackers will not spend their time on retrieving such data. Then you protect against simple threats only, e.g. against advanced users that are aware of browser cache, but don't know much about technologies used in browser. Then obfuscation might be sufficient. Simple viewing of cached files will not give such unskilled "attackers" any info.

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2