When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging

Schrder, Svenja; Huber, Markus Q.; Wind, David Kofoed; Rottermanner, Christoph

doi:10.14722/eurousec.2016.23012

Cited by 42 publications

(27 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…High-risk users tend to be in areas where information security is important due to political instability, although wellknown activists and persecuted minorities in "stable" countries would count as high-risk users. Most usability studies over PGP, OTR, and Signal are still done with low-risk users such as college students, despite the use of secure messaging being considered to be important to high-risk users [22], [20], [19]. We would hypothesize that high-risk users have different threat models and so different requirements for privacy and secure messaging.…”

Section: Problem Statementmentioning

confidence: 99%

“…Encrypted messaging applications like WhatsApp, Telegram, and Signal are now the default encrypted messaging application for users that consider themselves to be high-risk. Usability studies have shown that although Signal (similar to OTR) is easy to setup and use, even highly-skilled users fail to use verification correctly [19]. Currently, the Signal Protocol is centralized, as a single server mediates the setup of the protocol in most widespread deployments (Signal, WhatsApp, Google Allo, Facebook Messenger, Wire).…”

Section: The Signal Protocol and Beyondmentioning

confidence: 99%

See 1 more Smart Citation

Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols

Ermoshina¹,

Halpin²,

Musiani³

2017

Proceedings 2nd European Workshop on Usable Security

View full text Add to dashboard Cite

As secure messaging protocols face increasingly widespread deployment, differences between what developers "believe" about user needs and the actual needs of real-existing users could have an impact on the design of future technologies. In the domain of secure messaging, the sometimes subtle choices made by protocol designers tend to elude the understanding of users, including high-risk activists. We'll overview some common protocol design questions facing developers of secure messaging protocols and test the competing understandings of these questions using STS-inspired interviews with the designers of popular secure messaging protocols ranging from older protocols like PGP and XMPP+OTR to newer unstandardized protocols used in Signal and Briar. Far from taking users as a homogeneous and undifferentiated mass, we distinguish between the low-risk users that appear in most usability studies (such as university students in the USA and Europe) and high-risk activist userbases in countries such as Ukraine and Egypt where securing messages can be a matter of life or death. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

Section: Problem Statementmentioning

confidence: 99%

Section: The Signal Protocol and Beyondmentioning

confidence: 99%

Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols

Ermoshina¹,

Halpin²,

Musiani³

2017

Proceedings 2nd European Workshop on Usable Security

View full text Add to dashboard Cite

show abstract

“…Developers do tend to verify keys, and it seems to be related to habits gained in software development. As shown by previous work, key verification is hard to both understand and use [6].…”

Section: Security Propertiesmentioning

confidence: 96%

“…A wellknown argument in favor of centralization and against standards was published by Moxie Marlinspike (Signal core developer) in his blog. 6 This blog-post, called "The eco-system is moving," has attracted considerable attention and is widely quoted by developers as a reason not to use standards, as centralization offers better control while federation can be "dangerous" in terms of security (D11), as it is hard to audit all the different implementations of the protocol and ensure correct updates. Developers from PGP, XMPP, and other protocols (Briar, Ricochet, etc.)…”

Section: Standardizationmentioning

confidence: 99%

Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols

Halpin

Ermoshina

Musiani

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Due to the increased deployment of secure messaging protocols, differences between what developers "believe" are the needs of their users and their actual needs can have real consequences. Based on 90 interviews with both high and low-risk users, as well as the developers of popular secure messaging applications, we mapped the design choices of the protocols made by developers to the relevance of these features to threat models of both high-risk and low-risk users. Client device seizures are considered more dangerous than compromised servers by high-risk users. Key verification was important to high-risk users, but they often did not engage in cryptographic key verification, instead using other "out of band" means for key verification. High-risk users, unlike low-risk users, needed pseudonyms and were heavily concerned over metadata collection. Developers tended to value open standards, open-source, and decentralization, but high-risk users found these aspects less urgent given their more pressing concerns.

show abstract

“…However, it is not always the case that security breaches are due to technical problems, but may also be due to users' lack of security awareness. Schröder et al [24] presented a study on the Signal IM application and its end-to-end encryption, and showed that the majority of the tested users were not able to identify a MitM attack taking place on the application, even with alerts popping up. The users selected for the research were computer science students and, even with the expected security background, had their privacy exposed.…”

Section: Related Workmentioning

confidence: 99%

Securing Instant Messages With Hardware-Based Cryptography and Authentication in Browser Extension

et al. 2020

View full text Add to dashboard Cite

Instant Messaging (IM) provides near-real-time communication between users, which has shown to be a valuable tool for internal communication in companies and for general-purpose interaction among people. IM systems and supporting protocols, however, must consider security aspects to guarantee the messages' authenticity, confidentiality, and integrity. In this paper, we present a solution for integrating hardware-based public key cryptography into Converse.js, an open-source IM client for browsers enabled with the Extensible Messaging and Presence Protocol (XMPP). The proposal is developed as a plugin for Converse.js, thus overriding the original functions of the client; and a browser extension that is triggered by the plugin and is responsible for calling the encryption and decryption services for each sent and received message. This integrated artifact allowed the experimental validation of the proposal providing authenticity of IM users with digital certificates and protection of IM messages with hardware-based cryptography. Results also shows the proposed systems is resistent to adversarial attacks against confidentiality and integrity and it is secure when considering cryptrographic tests like the Hamming distance and the NIST SP800-22.

show abstract

When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging

Cited by 42 publications

References 9 publications

Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols

Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols

Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols

Securing Instant Messages With Hardware-Based Cryptography and Authentication in Browser Extension

Contact Info

Product

Resources

About