Download presentation
Presentation is loading. Please wait.
1
Systematization of Knowledge
Secure Messaging Systematization of Knowledge Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith
2
Increasing demand for secure messaging1
Motivation Increasing demand for secure messaging1 1Public Perceptions of S&P in the Post-Snowden Era (Pew Internet Research)
3
Which messenger should I use?
4
Messaging specific research challenges
Relevant for Academia? Academia vs. practice EFF Scorecard (>100 tools) Individual threat models and features Messaging specific research challenges Academic work often ignored in practice In-the-wild approaches unknown in academia Sparsely covered in academia but various tools in the wild
5
Evaluation criteria (academic concepts)
Our Goal Overview Evaluation criteria (academic concepts) Security Usability Adoption Highlight research challenges & perspectives
6
Conversation Security Transport Privacy
Problem Areas Trust Establishment Long-term key verification Conversation Security Crypto stuff Transport Privacy Meta-data protection
7
Conversation Security Transport Privacy
Problem Areas Trust Establishment Long-term key verification Conversation Security Crypto stuff Transport Privacy Meta-data protection
9
State of the art in Practice
“Trusted” third parties Key directories Manual verification Mostly optional
10
Manual Verification
11
Optional Verification
12
Transparency (Academic)
“Certificate Transparency for user keys” Practical issues (Inattentive) end users Key changes Multi-device management Privacy preservation Key change detected The server has published an unexpected key for you. If you haven’t re-installed this app recently, this may mean somebody is trying to intercept your communications. Check list of devices and keys
13
Alternative Solutions
Keybase OneName Namecoin …
14
Conversation Security Transport Privacy
Problem Areas Trust Establishment Long-term key verification Conversation Security Crypto stuff Transport Privacy Meta-data protection
15
Conversation Security
Security on message level Confidentiality, Integrity, Authentication Forward / Backward Secrecy … Asynchronous Users go offline Unreliable connections Without user interaction
16
Forward / Backward Secrecy
Easy in the web Most tools in practice Without PFS Require synchronicity Limited forward secrecy with key derivation Axolotl allows asynchronous PFS Needs more academic review
17
But wait!?
18
Async. Forward Secrecy Academic approaches
Hierarchical IBE (Canetti et al. 2003) not considered in practice Puncturable encryption (Green, Miers S&P 2015)
19
Remaining Challenges
20
Conversation Security Transport Privacy
Problem Areas Trust Establishment Long-term key verification Conversation Security Crypto stuff Transport Privacy Meta-data protection
21
Little progress in practice Usability and adoption implications
Transport Privacy Hide metadata Little progress in practice Few tools adopted (mostly Tor) Usability and adoption implications Delays Scalability issues SPAM / Flood abuse (dealt in Pond) Private contact discovery
22
Survey + Systematization Unconsidered approaches in both worlds
Takeaways Survey + Systematization Unconsidered approaches in both worlds Appeal for academic analysis Similar to SSL and Android research Security analyses Reach out to developers Security proofs are not enough
23
Acknowledgements Trevor Perrin Henry Corrigan-Gibbs
24
Credits Special thanks to all the people who made and released these awesome resources for free: Presentation template by SlidesCarnival Photographs by Unsplash & Death to the Stock Photo (license)
25
CSecurity is hard Source: GPG for Journalists - Windows edition (Edward Snowden)
26
Idea: publicly verifiable logs No user action for verification
Transparency Logs Idea: publicly verifiable logs No user action for verification Certificate Transparency Privacy issues Deployment issues End-user behaviour Gossiping not specified CONIKs3 Blockchain solutions
27
Table 2 all sovled
28
Table 3
29
Asynchronous Forward Secrecy
✗ ✗ ✗ ✗ ✗ ✗ ✗ ✗ ✗ ✗ ✗ ✗ ✗
30
Axolotl (in-the-wild)
Diffie-Hellman ratcheting Symmetric ratchet Symmetric ratchet Diffie-Hellman ratcheting
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.