Attacks on MEGA Contact Relationships

None, None

Attacks on MEGA Contact Relationships

Master Thesis (2026)

Author(s)

K.J. Kiisa (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

K. Liang – Mentor (TU Delft - Cyber Security)

H. Chen – Mentor (TU Delft - Cyber Security)

Cyber security Data integrity Attacks Cloud storage

To reference this document use

https://resolver.tudelft.nl/uuid:a864a740-6424-40ba-95cc-39e08ff792c6

More Info

expand_more

Publication Year

2026

Language

English

Graduation Date

12-01-2026

Awarding Institution

Programme

Computer Science

Downloads counter

48

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

MEGA is a popular cloud storage provider in both commercial and consumer markets [2][1]. MEGA claims to provide secure storage, in a threat model where even the storage provider should be unable to tamper with a user’s data undetected [5]. Previous work by Backendal et. al., as well as other follow-up research works, discovered several attacks that an adversarial storage provider could perform to covertly read and write a user’s storage [7]. MEGA’s patches to the attacks solve the initial attacks that allow for the attack chain to take place, but did not solve the fundamental problems in the security architecture that enabled these attacks [6]. This work provides 5 attacks on user’s contact relationships and folder sharing, that even after the patches, allow for an adversarial storage provider to manipulate a user’s contact list, and forge data in their secure storage.

Files

Ken_J._Kiisa_Msc._Thesis_Attac... (pdf)

(pdf | 0.888 Mb)

- Embargo expired in 31-03-2026

License info not available