Security of Microsoft OneDrive
Abstract
Cloud storage allows users to access and manage their data from any place in the world. One of the biggest cloud storage providers is Microsoft with its product OneDrive, which serves millions of users around the globe. While Microsoft provides different cloud solutions, this thesis is focused solely on OneDrive for personal use with a basic plan.
OneDrive provides users with various features and benefits, though security of users' data is naturally the most vital feature. By storing data in a cloud, users risk that it will be stolen or leaked. Therefore, if the data is not sufficiently protected, OneDrive as a cloud platform becomes worthless.
The thesis investigates the security of OneDrive from different perspectives. It reveals that users give Microsoft permission to access their data if they think that doing so is necessary. Moreover, the data are stored in a readable form. In order to avoid data leakage, users have to encrypt data themselves. While a communication channel between users and OneDrive servers is protected with TLS, the servers establish a connection even via older and vulnerable versions of the protocol. Also, adversaries may use cipher suite downgrade to weaken data traffic security. Microsoft mitigates this by establishing TLS connection only if algorithms used in cipher suites meet certain security parameters. Lack of mutual authentication, session resumption and weak password protection are other topics covered in the thesis. The thesis also shows how to decrypt HTTPS traffic by creating a system variable. Several attacks such as Man-in-the-Middle, Man-in-the-Cloud, ransomware or phishing attacks are discussed throughout the thesis. The thesis presents a phishing website and discusses the consequences of illegal data access. Finally, the thesis compares the biggest competitors in the market, Google and DropBox, and describes that unlike OneDrive, they both provide encryption of data at rest and differential sync.