Open Access

Vulnerability Analysis of MEGA Encryption Mechanism

Qingbing Ji^1,2,*, Zhihong Rao^1,2, Lvlin Ni², Wei Zhao², Jing Fu³

1 School of Cybersecurity, Northwestern Polytechnical University, Xi’an, 710072, China
2 No.30 Institute of CETC, Chengdu, 610041, China
3 Eberly College of Science, Pennsylvania State University-University Park, PA, 16802, USA

* Corresponding Author: Qingbing Ji. Email:

Computers, Materials & Continua 2022, 73(1), 817-829. https://doi.org/10.32604/cmc.2022.026949

Received 07 January 2022; Accepted 23 March 2022; Issue published 18 May 2022

Abstract

MEGA is an end-to-end encrypted cloud storage platform controlled by users. Moreover, the communication between MEGA client and server is carried out under the protection of Transport Layer Security (TLS) encryption, it is difficult to intercept the key data packets in the process of MEGA registration, login, file data upload, and download. These characteristics of MEGA have brought great difficulties to its forensics. This paper presents a method to attack MEGA to provide an effective method for MEGA’s forensics. By debugging the open-source code of MEGA and analyzing the security white paper published, this paper first clarifies the encryption mechanism of MEGA, including the detailed process of registration, login, and file encryption, studies the encryption mechanism of MEGA from the perspective of protocol analysis, and finds out the vulnerability of MEGA encryption mechanism. On this basis, a method to attack MEGA is proposed, and the secret data stored in the MEGA server can be accessed or downloaded; Finally, the efficiency of the attack method is analyzed, and some suggestions to resist this attack method are put forward.

---

Keywords

---