Private Notes: Encrypted XML Notes Synchronization and Sharing with Untrusted Web Services


Personal notes, even when shared with others, often contain highly sensitive information. From a security and privacy point of view, currently available (web) services that upload such personal notes to potentially untrusted third party servers are therefore problematic and we suggest to encrypt all notes before transferring them from the user’s personal device. However, synchronization and sharing of encrypted data is a non-trivial issue, because conflict resolution and merging algorithms need to be applied to plain-text content. With emphPrivate Notes, we propose an architecture for client-side encryption, merge, and conflict handling of personal notes stored in XML format. We adopt the OpenPGP standard for symmetric and asymmetric encryption and WebDAV for synchronizing and sharing notes on arbitrary web servers. Specific implementations in the form of a plug-in for the Tomboy desktop note taking application and the Android and iOS mobile platforms demonstrate the ease of use of encrypted notes sharing.

Proc. iiWAS2011: 13th International Conference on Information Integration and Web-based Applications & Services