Ghost trace on the wire? Using key evidence for informed decisions

Diana A. Vasile, Martin Kleppmann, Daniel R. Thomas, Alastair R. Beresford

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform's public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.
LanguageEnglish
Title of host publication27th International Workshop on Security Protocols
Place of PublicationCambridge
Number of pages12
DOIs
Publication statusPublished - 24 Jun 2019
Event27th International Workshop on Security Protocols - Trinity College, Cambridge, United Kingdom
Duration: 10 Apr 201912 Apr 2019
https://www.cl.cam.ac.uk/events/spw/2019/

Conference

Conference27th International Workshop on Security Protocols
Abbreviated titleSPW
CountryUnited Kingdom
CityCambridge
Period10/04/1912/04/19
Internet address

Fingerprint

Smartphones
Wire
Application programs
Cryptography
Communication

Keywords

  • trust establishment
  • public key evidence
  • end-to-end encryption
  • secure messaging
  • security usability
  • informed consent

Cite this

Vasile, D. A., Kleppmann, M., Thomas, D. R., & Beresford, A. R. (2019). Ghost trace on the wire? Using key evidence for informed decisions. In 27th International Workshop on Security Protocols Cambridge. https://doi.org/10.17863/cam.41061
Vasile, Diana A. ; Kleppmann, Martin ; Thomas, Daniel R. ; Beresford, Alastair R. / Ghost trace on the wire? Using key evidence for informed decisions. 27th International Workshop on Security Protocols. Cambridge, 2019.
@inproceedings{9b4f20e743834ecbb90af9cff487931e,
title = "Ghost trace on the wire? Using key evidence for informed decisions",
abstract = "Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform's public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.",
keywords = "trust establishment, public key evidence, end-to-end encryption, secure messaging, security usability, informed consent",
author = "Vasile, {Diana A.} and Martin Kleppmann and Thomas, {Daniel R.} and Beresford, {Alastair R.}",
year = "2019",
month = "6",
day = "24",
doi = "10.17863/cam.41061",
language = "English",
booktitle = "27th International Workshop on Security Protocols",

}

Vasile, DA, Kleppmann, M, Thomas, DR & Beresford, AR 2019, Ghost trace on the wire? Using key evidence for informed decisions. in 27th International Workshop on Security Protocols. Cambridge, 27th International Workshop on Security Protocols, Cambridge, United Kingdom, 10/04/19. https://doi.org/10.17863/cam.41061

Ghost trace on the wire? Using key evidence for informed decisions. / Vasile, Diana A.; Kleppmann, Martin; Thomas, Daniel R.; Beresford, Alastair R.

27th International Workshop on Security Protocols. Cambridge, 2019.

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Ghost trace on the wire? Using key evidence for informed decisions

AU - Vasile, Diana A.

AU - Kleppmann, Martin

AU - Thomas, Daniel R.

AU - Beresford, Alastair R.

PY - 2019/6/24

Y1 - 2019/6/24

N2 - Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform's public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.

AB - Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform's public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.

KW - trust establishment

KW - public key evidence

KW - end-to-end encryption

KW - secure messaging

KW - security usability

KW - informed consent

U2 - 10.17863/cam.41061

DO - 10.17863/cam.41061

M3 - Conference contribution book

BT - 27th International Workshop on Security Protocols

CY - Cambridge

ER -

Vasile DA, Kleppmann M, Thomas DR, Beresford AR. Ghost trace on the wire? Using key evidence for informed decisions. In 27th International Workshop on Security Protocols. Cambridge. 2019 https://doi.org/10.17863/cam.41061