SoK: Secure messaging

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2015-July, Issue , 2015, Pages 232-249

  Unger, Nik ^a   Dechand, Sergej ^b   Bonneau, Joseph ^c,d   Fahl, Sascha ^e   Perl, Henning ^e   Goldberg, Ian ^a   Smith, Matthew ^b  

^a UNIVERSITY OF WATERLOO   (Canada)

^b UNIVERSITY OF BONN   (Germany)

^c STANFORD UNIVERSITY   (United States)

^d Electronic Frontier Foundation   (United States)

^e FRAUNHOFER FKIE   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY OF DATA;

ACADEMIC LITERATURE; EVALUATION FRAMEWORK; HYBRID APPROACH; PERFORMANCE PENALTIES; SECURITY FEATURES; STRONG SECURITIES; TRUST ESTABLISHMENT; USER INVOLVEMENT;

ECONOMIC AND SOCIAL EFFECTS;

EID: 84945188762     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2015.22     Document Type: Conference Paper

References (102)

1. N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, "SoK: Secure Messaging," CACR, Tech. Rep. 2015-02, 2015. [Online]. Available: http://cacr.uwaterloo.ca/techreports/2015/cacr2015-02.pdf
2. A. Whitten and J. D. Tygar, "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0," in Security Symposium. USENIX, 1999.
3. S. L. Garfinkel and R. C. Miller, "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express," in Symposium on Usable Privacy and Security. ACM, 2005, pp. 13-24.
4. S. L. Garfinkel, D. Margrave, J. I. Schiller, E. Nordlander, and R. C. Miller, "How to Make Secure Email Easier To Use," in SIGCHI Conference on Human Factors in Computing Systems. ACM, 2005, pp. 701-710.
5. K. Renaud, M. Volkamer, and A. Renkema-Padmos, "Why Doesn't Jane Protect Her Privacy?" in Privacy Enhancing Technologies. Springer, 2014, pp. 244-262.
6. M. Madden. (2014, Nov) Public Perceptions of Privacy and Security in the Post-Snowden Era. [Online]. Available: http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/
7. GoldBug Project. GoldBug-Secure Instant Messenger. [Online]. Available: http://goldbug.sourceforge.net/
8. Telegram. Telegram Messenger. [Online]. Available: https://telegram. org/
9. Wickr. Wickr-Top Secret Messenger. [Online]. Available: https://wickr.com/
10. Confide. Confide-Your Off-the-Record Messenger. [Online]. Available: https://getconfide.com/
11. Electronic Frontier Foundation. Secure Messaging Scorecard. [Online]. Available: https://www.eff.org/secure-messaging-scorecard
12. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer, "The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies," in Symposium on Security and Privacy. IEEE, 2007, pp. 51-65.
13. R. Stedman, K. Yoshida, and I. Goldberg, "A User Study of Off-the-Record Messaging," in Symposium on Usable Privacy and Security. ACM, 2008, pp. 95-104.
14. S. Clark, T. Goodspeed, P. Metzger, Z. Wasserman, K. Xu, and M. Blaze, "Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-way Radio System," in Security Symposium. USENIX, 2011.
15. S. Fahl, M. Harbach, T. Muders, M. Smith, and U. Sander, "Helping Johnny 2.0 to Encrypt His Facebook Conversations," in Symposium on Usable Privacy and Security. ACM, 2012.
16. S. Ruoti, N. Kim, B. Burgon, T. van der Horst, and K. Seamons, "Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes," in Symposium on Usable Privacy and Security. ACM, 2013.
17. J. Nielsen, "Finding Usability Problems Through Heuristic Evaluation," in SIGCHI Conference on Human Factors in Computing Systems. ACM, 1992, pp. 373-380.
18. -, "Usability inspection methods," in Conference Companion on Human Factors in Computing Systems. ACM, 1994, pp. 413-414.
19. B. E. John and M. M. Mashyna, "Evaluating a Multimedia Authoring Tool with Cognitive Walkthrough and Think-Aloud User Studies," DTIC, Tech. Rep., 1995.
20. J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano, "The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes," in Symposium on Security and Privacy. IEEE, 2012. [Online]. Available: http://www.jbonneau.com/doc/BHOS12-IEEESP-quest-to-replace-passwords.pdf
21. J. Clark and P. C. van Oorschot, "SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements," in Symposium on Security and Privacy. IEEE, 2013, pp. 511-525.
22. D. Wendlandt, D. G. Andersen, and A. Perrig, "Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing," in Annual Technical Conference. USENIX, 2008, pp. 321-334.
23. P. Zimmermann, A. Johnston, and J. Callas, "ZRTP: Media Path Key Agreement for Unicast Secure RTP," RFC 6189 (Informational), Internet Engineering Task Force, 2011. [Online]. Available: http://www.ietf. org/rfc/rfc6189.txt
24. E. A. Blossom, "The VP1 Protocol for Voice Privacy Devices Version 1.2," Communication Security Corporation, 1999.
25. P. Gupta and V Shmatikov, "Security Analysis of Voice-over-IP Protocols," in Computer Security Foundations Symposium. IEEE, 2007, pp. 49-63.
26. M. Petraschek, T. Hoeher, O. Jung, H. Hlavacs, and W. N. Gansterer, "Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP," Journal of Universal Computer Science, vol. 14, no. 5, pp. 673-692, 2008.
27. M. Shirvanian and N. Saxena, "Wiretapping via Mimicry: Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones," in Conference on Computer and Communications Security. ACM, 2014, pp. 868-879.
28. M. Jakobsson and M. Yung, "Proving Without Knowing: On Oblivious, Agnostic and Blindfolded Provers," in Advances in Cryptology-CRYPTO. Springer, 1996, pp. 186-200.
29. C. Alexander and I. Goldberg, "Improved User Authentication in Off-The-Record Messaging," in Workshop on Privacy in the Electronic Society. ACM, 2007, pp. 41-47.
30. F. Boudot, B. Schoenmakers, and J. Traoré, "A fair and efficient solution to the socialist millionaires' problem," Discrete Applied Mathematics, vol. 111, no. 1, pp. 23-36, 2001.
31. M. Farb, Y.-H. Lin, T. H.-J. Kim, J. McCune, and A. Perrig, "SafeS-linger: Easy-to-Use and Secure Public-Key Exchange," in International Conference on Mobile Computing & Networking. ACM, 2013, pp. 417-428.
32. M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V Shmatikov, "The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software," in Conference on Computer and Communications Security. ACM, 2012, pp. 38-49.
33. M. Marlinspike, "More tricks for defeating SSL in practice," in Black Hat USA, 2009.
34. VASCO. (2011, Sep) DigiNotar reports security incident. [Online]. Available: https://www.vasco.com/company/about-vasco/press-room/news-archive/2011/news-diginotar-reports-security-incident.aspx
35. A. Langley. (2013) Enhancing digital certificate security. [Online]. Available: http://googleonlinesecurity.blogspot.de/2013/01/enhancing-digital-certificate-security.html
36. B. Laurie, A. Langley, and E. Kasper, "Certificate Transparency," RFC 6962 (Experimental), Internet Engineering Task Force, 2013. [Online]. Available: http://tools.ietf.org/rfc/rfc6962.txt
37. Google. End-To-End. [Online]. Available: https://github.com/google/end-to-end
38. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor, "Crying Wolf: An Empirical Study of SSL Warning Effectiveness," in Security Symposium. USENIX, 2009, pp. 399-416.
39. M. D. Ryan, "Enhanced Certificate Transparency and End-to-end Encrypted Mail," in Network and Distributed System Security Symposium. Internet Society, 2014.
40. M. S. Melara, A. Blankstein, J. Bonneau, M. J. Freedman, and E. W. Felten, "CONIKS: A Privacy-Preserving Consistent Key Service for Secure End-to-End Communication," Cryptology ePrint Archive Report 2014/1004, 2014. [Online]. Available: https://eprint.iacr.org/2014/1004
41. S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," 2008, self-published.
42. N. Project. Namecoin. [Online]. Available: https://namecoin.info/
43. O. W. Systems. Advanced cryptographic ratcheting. [Online]. Available: https://whispersystems.org/blog/advanced-ratcheting/
44. W. Diffie, P. C. van Oorschot, and M. J. Wiener, "Authentication and Authenticated Key Exchanges," Designs, Codes and Cryptography, vol. 2, no. 2, pp. 107-125, 1992.
45. R. Anderson, "Two Remarks on Public Key Cryptology," 1997, available from https://www.cl.cam.ac.uk/users/rja14.
46. R. Shirey, "Internet Security Glossary," RFC 2828 (Informational), Internet Engineering Task Force, 2000, obsoleted by RFC 4949. [Online]. Available: http://tools.ietf.org/rfc/rfc2828.txt
47. P. Saint-Andre, "Extensible Messaging and Presence Protocol (XMPP): Core," RFC 6120 (Proposed Standard), Internet Engineering Task Force, 2011. [Online]. Available: http://tools.ietf.org/rfc/rfc6120.txt
48. S. Schrittwieser, P. Frühwirt, P. Kieseberg, M. Leithner, M. Mulazzani, M. Huber, and E. R. Weippl, "Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications," in Network and Distributed System Security Symposium. Internet Society, 2012.
49. Microsoft. (2014) Does Skype use encryption? [Online]. Available: https://support.skype.com/en/faq/FA31/does-skype-use-encryption
50. Google. (2014) Google Hangouts-Video Conferencing & Meeting for Business. [Online]. Available: https://www.google.com/work/apps/business/products/hangouts/
51. Facebook. (2014) Facebook Help Center. [Online]. Available: https://www.facebook.com/help/
52. J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer, "OpenPGP Message Format," RFC 4880 (Proposed Standard), Internet Engineering Task Force, 1999, updated by RFC 5581. [Online]. Available: http://tools.ietf.org/rfc/rfc4880.txt
53. B. Ramsdell and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification," RFC 5751 (Proposed Standard), Internet Engineering Task Force, 2010. [Online]. Available: http://tools.ietf.org/rfc/rfc5751.txt
54. D. Fomin and Y Leboulanger. Gajim, a Jabber/XMPP client. [Online]. Available: https://gajim.org/
55. D. Davis, "Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML," in Annual Technical Conference, General Track. USENIX, 2001, pp. 65-78.
56. I. Brown, A. Back, and B. Laurie, "Forward Secrecy Extensions for OpenPGP," Draft, Internet Engineering Task Force, 2002. [Online]. Available: https://tools.ietf.org/id/draft-brown-pgp-pfs-03.txt
57. R. Canetti, S. Halevi, and J. Katz, "A Forward-Secure Public-Key Encryption Scheme," in Advances in Cryptology-EUROCRYPT. Springer, 2003, pp. 255-271.
58. M. Green and I. Miers, "Forward Secure Asynchronous Messaging from Puncturable Encryption," in Symposium on Security and Privacy. IEEE, 2015.
59. N. Borisov, I. Goldberg, and E. Brewer, "Off-the-Record Communication, or, Why Not To Use PGP," in Workshop on Privacy in the Electronic Society. ACM, 2004, pp. 77-84.
60. V. Moscaritolo, G. Belvin, and P. Zimmermann, Silent Circle Instant Messaging Protocol Protocol Specification, 2012.
61. T. Perrin. (2013) Axolotl Ratchet. [Online]. Available: https://github. com/trevp/axolotl/wiki
62. C. Kudla and K. G. Paterson, "Modular Security Proofs for Key Agreement Protocols," in Advances in Cryptology-ASIACRYPT. Springer, 2005, pp. 549-565.
63. O. W. Systems. Open WhisperS y stems. [Online]. Available: https://whispersystems.org/
64. T. Frosch, C. Mainka, C. Bader, F. Bergsma, J. Schwenk, and T. Holz, "How Secure is TextSecure?" Cryptology ePrint Archive Report 2014/904, 2014. [Online]. Available: https://eprint.iacr.org/2014/904
65. O. W. Systems. Open Whisper Systems partners with WhatsApp to provide end-to-end encryption. [Online]. Available: https://whispersystems.org/blog/whatsapp/
66. -. Private Group Messaging. [Online]. Available: https://whispersystems.org/blog/private-groups/
67. I. Goldberg, B. Ustaoglu, M. D. Van Gundy, and H. Chen, "Multiparty Off-the-Record Messaging," in Conference on Computer and Communications Security. ACM, 2009, pp. 358-368.
68. M. Van Gundy, "Improved Deniable Signature Key Exchange for mpOTR," 2013, available from http://matt.singlethink.net/projects/mpotr/improved-dske.pdf.
69. H. Liu, E. Y. Vasserman, and N. Hopper, "Improved Group Off-the-Record Messaging," in Workshop on Privacy in the Electronic Society. ACM, 2013, pp. 249-254.
70. M. Mannan and P. C. van Oorschot, "A Protocol for Secure Public Instant Messaging," in Financial Cryptography and Data Security. Springer, 2006, pp. 20-35.
71. C.-H. Yang and T.-Y Kuo, "The Design and Implementation of a Secure Instant Messaging Key Exchange Protocol," 2007, available from http://crypto.nknu.edu.tw/psnl/publications/2007Technology-SIMPP.pdf.
72. C.-H. Yang, T.-Y. Kuo, T. Ahn, and C.-P Lee, "Design and Implementation of a Secure Instant Messaging Service based on Elliptic-Curve Cryptography," Journal of Computers, vol. 18, no. 4, pp. 31-38, 2008.
73. C.-P. Lee and C.-H. Yang, "Design and Implement of a Secure Instant Messaging Service with IC Card," 2009, available from http://crypto. nknu.edu.tw/psnl/publications/2009CPU-SIMICCard. pdf.
74. J. A. Cooley, R. I. Khazan, B. W. Fuller, and G. E. Pickard, "GROK: A Practical System for Securing Group Communications," in International Symposium on Network Computing and Applications. IEEE, 2010, pp. 100-107.
75. H. Kikuchi, M. Tada, and S. Nakanishi, "Secure Instant Messaging Protocol Preserving Confidentiality against Administrator," in International Conference on Advanced Information Networking and Applications. IEEE, 2004, pp. 27-30.
76. M. D. Van Gundy and H. Chen, "OldBlue: Causal Broadcast In A Mutually Suspicious Environment (Working Draft)," 2012, available from http://matt.singlethink.net/projects/mpotr/oldblue-draft.pdf.
77. J. Reardon, A. Kligman, B. Agala, and I. Goldberg, "KleeQ: Asynchronous Key Management for Dynamic Ad-Hoc Networks," University of Waterloo, Tech. Rep., 2007.
78. J. Bian, R. Seker, and U. Topaloglu, "Off-the-Record Instant Messaging for Group Conversation," in International Conference on Information Reuse and Integration. IEEE, 2007, pp. 79-84.
79. (2015) (n+1)sec. [Online]. Available: learn.equalit.ie/wiki/Np1sec
80. R. Kainda, I. Flechais, and A. W. Roscoe, "Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols," in Symposium on Usable Privacy and Security. ACM, 2009.
81. B. Warner. (2014) Pairing Problems. [Online]. Available: https://blog. mozilla. org/warner/2014/04/02/pairing-problems/
82. M. G. Reed, P. F. Syverson, and D. M. Goldschlag, "Anonymous Connections and Onion Routing," Selected Areas in Communications, vol. 16, no. 4, pp. 482-494, 1998.
83. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," DTIC, Tech. Rep., 2004.
84. G. Danezis, R. Dingledine, and N. Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," in Symposium on Security and Privacy. IEEE, 2003, pp. 2-15.
85. A. Langley. Pond. [Online]. Available: https://pond.imperialviolet.org/
86. D. Boneh, X. Boyen, and H. Shacham, "Short Group Signatures," in Advances in Cryptology-CRYPTO. Springer, 2004, pp. 41-55.
87. C. C. Head, "Anonycaster: Simple, Efficient Anonymous Group Communication," 2012, available from https://blogs.ubc.ca/computersecurity/files/2012/04/anonycaster.pdf.
88. H. Corrigan-Gibbs and B. Ford, "Dissent: Accountable Anonymous Group Messaging," in Conference on Computer and Communications Security. ACM, 2010, pp. 340-350.
89. D. I. Wolinsky, H. Corrigan-Gibbs, B. Ford, and A. Johnson, "Dissent in Numbers: Making Strong Anonymity Scale," in Conference on Operating Systems Design and Implementation. USENIX, 2012, pp. 179-182.
90. E. Syta, H. Corrigan-Gibbs, S.-C. Weng, D. Wolinsky, B. Ford, and A. Johnson, "Security Analysis of Accountable Anonymity in Dissent," Transactions on Information and System Security, vol. 17, no. 1, p. 4, 2014.
91. H. Corrigan-Gibbs, D. I. Wolinsky, and B. Ford, "Proactively Accountable Anonymous Messaging in Verdict," arXiv e-prints, Tech. Rep. arXiv:1209.4819, 2012.
92. B. Project. Bitmessage. [Online]. Available: https://bitmessage.org/
93. L. Sassaman, B. Cohen, and N. Mathewson, "The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval," in Workshop on Privacy in the Electronic Society. ACM, 2005, pp. 1-9.
94. R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky, "Deniable Encryption," in Advances in Cryptology-CRYPTO. Springer, 1997, pp. 90-104.
95. Y. Dodis, J. Katz, A. Smith, and S. Walfish, "Composability and On-Line Deniability of Authentication," in Theory of Cryptography. Springer, 2009, pp. 146-162.
96. A. Ulrich, R. Holz, P. Hauck, and G. Carle, "Investigating the OpenPGP We b o f Tr u s t," i n Computer Security-ESORICS. Springer, 2011, pp. 489-507.
97. R. L. Rivest and B. Lampson, "SDSI-A Simple Distributed Security Infrastructure," 1996, manuscript.
98. C. M. Ellison, "Establishing Identity Without Certification Authorities," in Security Symposium. USENIX, 1996, pp. 67-76.
99. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, "SPKI Certificate Theory," RFC 2693 (Experimental), Internet Engineering Task Force, 1999. [Online]. Available: http://tools.ietf.org/rfc/rfc2693.txt
100. M. Wachs, M. Schanzenbach, and C. Grothoff, "A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System," in Cryptology and Network Security. Springer, 2014, pp. 127-142.
101. -, "On the Feasibility of a Censorship Resistant Decentralized Name System," in Foundations and Practice of Security. Springer, 2014, pp. 19-30.
102. Keybase. Keybase-understanding tracking. [Online]. Available: https://keybase.io/docs/tracking