From Secure Messaging to Secure Collaboration

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11286)


We examine the security of collaboration systems, where several users access and contribute to some shared resource, document, or database. To protect such systems against malicious servers, we can build upon existing secure messaging protocols that provide end-to-end security. However, if we want to ensure the consistency of the shared data in the presence of malicious users, we require features that are not available in existing messaging protocols. We investigate the protocol failures that may arise when a new collaborator is added to a group, and discuss approaches for enforcing the integrity of the shared data.


Group communication Collaborative editing Secure messaging 


  1. 1.
    Benaloh, J., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994). Scholar
  2. 2.
    Castro, M., Liskov, B.H.: Practical Byzantine fault tolerance. In: 3rd USENIX Symposium on Operating Systems Design and Implementation (OSDI), February 1999Google Scholar
  3. 3.
    Chacon, S., Straub, B.: Pro Git, 2nd edn. Apress, New York (2014). Scholar
  4. 4.
    Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. Technical report, 2017/666, IACR Cryptology ePrint, July 2017.
  5. 5.
    Correia, M., Veronese, G.S., Neves, N.F., Verissimo, P.: Byzantine consensus in asynchronous message-passing systems: a survey. Int. J. Crit. Comput.-Based Syst. 2(2), 141–161 (2011). Scholar
  6. 6.
    Gomes, V.B.F., Kleppmann, M., Mulligan, D.P., Beresford, A.R.: Verifying strong eventual consistency in distributed systems. In: Proceedings of the ACM on Programming Languages (PACMPL), vol. 1, no. (OOPSLA), October 2017. Scholar
  7. 7.
    Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: Dupuy, M., Paradinas, P. (eds.) SEC 2001. IIFIP, vol. 65, pp. 229–244. Springer, Boston, MA (2002). Scholar
  8. 8.
    Kleppmann, M., Beresford, A.R.: A conflict-free replicated JSON datatype. IEEE Trans. Parallel Distrib. Syst. 28(10), 2733–2746 (2017). Scholar
  9. 9.
    Laurie, B., Langley, A., Kasper, E.: RFC 6962: certificate transparency. IETF, June 2013.
  10. 10.
    Lerner, A., Zeng, E., Roesner, F.: Confidante: usable encrypted email: a case study with lawyers and journalists. In: 2nd IEEE European Symposium on Security and Privacy, pp. 385–400, April 2017.
  11. 11.
    McGregor, S.E., Charters, P., Holliday, T., Roesner, F.: Investigating the computer security practices and needs of journalists. In: 24th USENIX Security Symposium, August 2015Google Scholar
  12. 12.
    McGregor, S.E., Watkins, E.A., Al-Ameen, M.N., Caine, K., Roesner, F.: When the weakest link is strong: secure collaboration in the case of the panama papers. In: 26th USENIX Security Symposium, August 2017Google Scholar
  13. 13.
    Rösler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in signal, WhatsApp, and Threema. Technical report, 2017/713, IACR Cryptology ePrint, January 2018.
  14. 14.
    Shapiro, M., Preguiça, N., Baquero, C., Zawirski, M.: Conflict-free replicated data types. In: Défago, X., Petit, F., Villain, V. (eds.) SSS 2011. LNCS, vol. 6976, pp. 386–400. Springer, Heidelberg (2011). Scholar
  15. 15.
    Unger, N., et al.: SoK: secure messaging. In: IEEE Symposium on Security and Privacy, pp. 232–249, May 2015.
  16. 16.
    WhatsApp Inc.: Connecting one billion users every day, July 2017.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Department of Computer Science and TechnologyUniversity of CambridgeCambridgeUK

Personalised recommendations