Ghost Trace on the Wire? Using Key Evidence for Informed Decisions

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12287)


Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform’s public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.


Trust establishment Public key evidence End-to-end encryption Secure messaging Security usability Informed consent 



This work was supported by the Boeing Company and the Engineering and Physical Sciences Research Council (EPSRC) [grant numbers EP/M020320/1 and EP/M508007/1].


  1. 1.
    Acer, M.E., et al.: Where the wild warnings are: Root causes of Chrome HTTPS certificate errors. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1407–1420. CCS 2017. ACM (2017).
  2. 2.
    Akhawe, D., Amann, B., Vallentin, M., Sommer, R.: Here’s my cert, so trust me, maybe?: understanding TLS errors on the Web. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 59–70. WWW 2013. ACM (2013).
  3. 3.
  4. 4.
    Cheshire, S., Krochmal, M.: Multicast DNS. IETF RFC 6762, 11 (2013)Google Scholar
  5. 5.
    Clark, J., van Oorschot, P.C.: SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE Symposium on Security and Privacy, pp. 511–525 (2013).
  6. 6.
    De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear computational and bandwidth complexity. IACR Cryptology ePrint Archive 2009/491 (2009)Google Scholar
  7. 7.
    Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of Key Continuity Management with S/MIME and Outlook Express. In: Proceedings of the Symposium on Usable Privacy and Security, pp. 13–24. SOUPS 2005, ACM (2005).
  8. 8.
  9. 9.
    Hao, F., Ryan, P.Y.A.: Password authenticated key exchange by juggling. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) Security Protocols 2008. LNCS, vol. 6615, pp. 159–171. Springer, Heidelberg (2011). Scholar
  10. 10.
    Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the New Security Paradigms Workshop, pp. 133–144. NSPW, ACM (2009).
  11. 11.
    Hurst, R., Belvin, G.: Security through transparency, January 2017.,
  12. 12.
    Laurie, B.: Certificate transparency. ACM Queue 12(8), 10 (2014). Scholar
  13. 13.
    Levy, I., Robinson, C.: Principles for a more informed exceptional access debate, November 2018.,
  14. 14.
    Melara, M.: Why making Johnny’s key management transparent is so challenging, March 2016).,
  15. 15.
    Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)Google Scholar
  16. 16.
    Roberts, J.J., Rapp, N.: Nearly 4 million Bitcoins lost forever, new study says , November 2017.
  17. 17.
    Ruoti, S., Andersen, J., Zappala, D., Seamons, K.: Why Johnny still, still can’t encrypt: evaluating the usability of a modern PGP client. arXiv (2015).
  18. 18.
    Ruoti, S., Kim, N., Burgon, B., van der Horst, T., Seamons, K.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 5:1–5:12. ACM (2013).
  19. 19.
    Sheng, S., Broderick, L., Hyland, J.J., Koranda, C.A.: Why Johnny still can’t encrypt: evaluating the usability of email encryption software. In: Symposium On Usable Privacy and Security (SOUPS), pp. 3–4 (2006)Google Scholar
  20. 20.
  21. 21.
    WhatsApp Inc.: Connecting one billion users every day, July 2017.,
  22. 22.
    Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, pp. 169–184 (1999)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer Science and TechnologyUniversity of CambridgeCambridgeUK

Personalised recommendations