Advertisement

From Secure Messaging to Secure Collaboration

  • Martin Kleppmann
  • Stephan A. Kollmann
  • Diana A. Vasile
  • Alastair R. Beresford
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11286)

Abstract

We examine the security of collaboration systems, where several users access and contribute to some shared resource, document, or database. To protect such systems against malicious servers, we can build upon existing secure messaging protocols that provide end-to-end security. However, if we want to ensure the consistency of the shared data in the presence of malicious users, we require features that are not available in existing messaging protocols. We investigate the protocol failures that may arise when a new collaborator is added to a group, and discuss approaches for enforcing the integrity of the shared data.

Keywords

Group communication Collaborative editing Secure messaging 

References

  1. 1.
    Benaloh, J., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_24CrossRefGoogle Scholar
  2. 2.
    Castro, M., Liskov, B.H.: Practical Byzantine fault tolerance. In: 3rd USENIX Symposium on Operating Systems Design and Implementation (OSDI), February 1999Google Scholar
  3. 3.
    Chacon, S., Straub, B.: Pro Git, 2nd edn. Apress, New York (2014). https://git-scm.com/book/en/v2CrossRefGoogle Scholar
  4. 4.
    Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. Technical report, 2017/666, IACR Cryptology ePrint, July 2017. https://eprint.iacr.org/2017/666
  5. 5.
    Correia, M., Veronese, G.S., Neves, N.F., Verissimo, P.: Byzantine consensus in asynchronous message-passing systems: a survey. Int. J. Crit. Comput.-Based Syst. 2(2), 141–161 (2011).  https://doi.org/10.1504/IJCCBS.2011.041257CrossRefGoogle Scholar
  6. 6.
    Gomes, V.B.F., Kleppmann, M., Mulligan, D.P., Beresford, A.R.: Verifying strong eventual consistency in distributed systems. In: Proceedings of the ACM on Programming Languages (PACMPL), vol. 1, no. (OOPSLA), October 2017.  https://doi.org/10.1145/3133933CrossRefGoogle Scholar
  7. 7.
    Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: Dupuy, M., Paradinas, P. (eds.) SEC 2001. IIFIP, vol. 65, pp. 229–244. Springer, Boston, MA (2002).  https://doi.org/10.1007/0-306-46998-7_16CrossRefGoogle Scholar
  8. 8.
    Kleppmann, M., Beresford, A.R.: A conflict-free replicated JSON datatype. IEEE Trans. Parallel Distrib. Syst. 28(10), 2733–2746 (2017).  https://doi.org/10.1109/TPDS.2017.2697382CrossRefGoogle Scholar
  9. 9.
    Laurie, B., Langley, A., Kasper, E.: RFC 6962: certificate transparency. IETF, June 2013. https://tools.ietf.org/html/rfc6962
  10. 10.
    Lerner, A., Zeng, E., Roesner, F.: Confidante: usable encrypted email: a case study with lawyers and journalists. In: 2nd IEEE European Symposium on Security and Privacy, pp. 385–400, April 2017.  https://doi.org/10.1109/EuroSP.2017.41
  11. 11.
    McGregor, S.E., Charters, P., Holliday, T., Roesner, F.: Investigating the computer security practices and needs of journalists. In: 24th USENIX Security Symposium, August 2015Google Scholar
  12. 12.
    McGregor, S.E., Watkins, E.A., Al-Ameen, M.N., Caine, K., Roesner, F.: When the weakest link is strong: secure collaboration in the case of the panama papers. In: 26th USENIX Security Symposium, August 2017Google Scholar
  13. 13.
    Rösler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in signal, WhatsApp, and Threema. Technical report, 2017/713, IACR Cryptology ePrint, January 2018. https://eprint.iacr.org/2017/713
  14. 14.
    Shapiro, M., Preguiça, N., Baquero, C., Zawirski, M.: Conflict-free replicated data types. In: Défago, X., Petit, F., Villain, V. (eds.) SSS 2011. LNCS, vol. 6976, pp. 386–400. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24550-3_29CrossRefzbMATHGoogle Scholar
  15. 15.
    Unger, N., et al.: SoK: secure messaging. In: IEEE Symposium on Security and Privacy, pp. 232–249, May 2015.  https://doi.org/10.1109/SP.2015.22
  16. 16.
    WhatsApp Inc.: Connecting one billion users every day, July 2017. https://blog.whatsapp.com/10000631/Connecting-One-Billion-Users-Every-Day

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Martin Kleppmann
    • 1
  • Stephan A. Kollmann
    • 1
  • Diana A. Vasile
    • 1
  • Alastair R. Beresford
    • 1
  1. 1.Department of Computer Science and TechnologyUniversity of CambridgeCambridgeUK

Personalised recommendations