SoK: Secure Messaging

Unger, Nik; Dechand, Sergej; Bonneau, Joseph; Fahl, Sascha; Perl, Henning; Goldberg, Ian; Smith, Matthew

doi:10.1109/sp.2015.22

Cited by 140 publications

(148 citation statements)

References 38 publications

Supporting

Mentioning

143

Contrasting

Unclassified

Order By: Relevance

“…For a detailed review of the literature on secure communication tools, we refer the reader to Unger et al [1]. Secure communication tools became widely available with the release of PGP in 1991 [22], which was followed by the creation of a large ecosystem of PGP tools [13], [23], [24].…”

Section: A Secure Communicationsmentioning

confidence: 99%

“…The main UI challenge for E2E-encrypted communication tools is believed to be providing assurance that a user is truly communicating with the intended party (called trust establishment by Unger et al [1]). This is often reduced to verifying ownership of cryptographic keys in some fashion.…”

Section: A Secure Communicationsmentioning

confidence: 99%

“…The majority of web traffic between clients and servers is now encrypted via TLS, however, the majority of communications between users are not yet end-to-end (E2E) encrypted [1], [2]. Whenever plaintext is processed or stored by remote servers, users are vulnerable to mass surveillance [3] or hackers.…”

Section: Introductionmentioning

confidence: 99%

“…Recent mobile phone-based secure communication tools have often been designed to hide security from the user completely (albeit at some security cost [1]). WhatsApp famously deployed E2E encryption to approximately a billion users through a code update to its application for messages, voice calls and video communications [18], with only negligible changes to the user experience.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Obstacles to the Adoption of Secure Communication Tools

Abu-Salma

Sasse

Bonneau

et al. 2017

2017 IEEE Symposium on Security and Privacy (SP)

Self Cite

117

View full text Add to dashboard Cite

Abstract-The computer security community has advocated widespread adoption of secure communication tools to counter mass surveillance. Several popular personal communication tools (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched with security as a key selling point. However it remains unclear if users understand what protection these tools offer, and if they value that protection. In this study, we interviewed 60 participants about their experience with different communication tools and their perceptions of the tools' security properties. We found that the adoption of secure communication tools is hindered by fragmented user bases and incompatible tools. Furthermore, the vast majority of participants did not understand the essential concept of end-to-end encryption, limiting their motivation to adopt secure tools. We identified a number of incorrect mental models that underpinned these beliefs.

show abstract

Section: A Secure Communicationsmentioning

confidence: 99%

Section: A Secure Communicationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Obstacles to the Adoption of Secure Communication Tools

Abu-Salma

Sasse

Bonneau

et al. 2017

2017 IEEE Symposium on Security and Privacy (SP)

Self Cite

117

View full text Add to dashboard Cite

show abstract

“…While these systems are for two-way communication, there are several similarities, such as dedicated servers for storing encrypted messages. Both Pond and Signal use the Signal protocol (previously known as Axolotl) [20]. The Signal protocol is inspired by the Off-the-Record (OTR) Messaging protocol [5] and provides among other things forward secrecy.…”

Section: Related Workmentioning

confidence: 99%

Insynd: Improved Privacy-Preserving Transparency Logging

Peeters

Pulls

2016

Computer Security – ESORICS 2016

View full text Add to dashboard Cite

Abstract. Service providers collect and process more user data then ever, while users of these services remain oblivious to the actual processing and utility of the processed data to the service providers. This leads users to put less trust in service providers and be more reluctant to share data. Transparency logging is about service providers continuously logging descriptions of the data processing on their users' data, where each description is intended for a particular user. We propose Insynd, a new cryptographic scheme for privacy-preserving transparency logging. Insynd improves on prior work by (1) increasing the utility of all data sent through the scheme thanks to our publicly verifiable proofs: one can disclose selected events without having to disclose any long term secrets; and (2) enabling a stronger adversarial model: Inysnd can deal with an untrusted server (such as commodity cloud services) through the use of an authenticated data structure named Balloon. Finally, our publicly available prototype implementation shows greatly improved performance with respect to related work and competitive performance for more data-intensive settings like secure logging.

show abstract

Multipath TCP security over different attacks

Chaturvedi

Chand

2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Due to the increasing demand for bandwidth and availability of multi‐homed devices, the Multipath TCP (MPTCP) is an emerging protocol that uses multiple paths simultaneously to transfer the data, seamlessly utilizing their bandwidth. The security is an important issue in a system especially the communication network system. Since there are multiple paths in MPTCP, it has many doors open to an adversary especially at the time of connection initiation. These attacks include the man‐in‐the‐middle attack (MM), denial‐of‐service (DOS) attack, and SYN flooding attack. This article proposes a new opportunistic security protocol, named as secure connection multipath TCP (SCMTCP), that uses the elliptic curve cryptography to generate the secret key. It also uses a third‐party certificate authority to ensure the authenticity of public keys exchanged between the communicating parties. The SCMTCP generates a session key at the time of initial handshake (with MP_CAPABLE option) and protects the MPTCP from the man‐in‐the‐middle attack. It generates a unique authentication key for each new subflow within the host using the session key to authenticate them and protects the MPTCP from DoS and SYN flooding attacks. This article analyzes the security complexity of the SCMTCP using the random oracle model and shows that it is not possible for an attacker to get any security key and breaks the MPTCP security.

show abstract

SoK: Secure Messaging

Cited by 140 publications

References 38 publications

Obstacles to the Adoption of Secure Communication Tools

Obstacles to the Adoption of Secure Communication Tools

Insynd: Improved Privacy-Preserving Transparency Logging

Multipath TCP security over different attacks

Contact Info

Product

Resources

About