Abstract
Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform’s public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Communication between client and key server occurs over TLS, with the key server usually authenticated with a certificate, so there is still some residual dependence on clocks in this case.
- 2.
To avoid key changes, Signal allows the user to save a backup of the secret key on the old device, and restore it on the new device. However, this process is poorly documented and difficult to perform correctly. It requires the use of third-party apps to transfer and set up the backup before installing Signal on the new device.
References
Acer, M.E., et al.: Where the wild warnings are: Root causes of Chrome HTTPS certificate errors. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1407–1420. CCS 2017. ACM (2017). https://doi.org/10.1145/3133956.3134007
Akhawe, D., Amann, B., Vallentin, M., Sommer, R.: Here’s my cert, so trust me, maybe?: understanding TLS errors on the Web. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 59–70. WWW 2013. ACM (2013). https://doi.org/10.1145/2488388.2488395
Apple Inc.: Apple reports first quarter results, February 2018. https://www.apple.com/newsroom/2018/02/apple-reports-first-quarter-results, https://perma.cc/M6WV-Q4HK
Cheshire, S., Krochmal, M.: Multicast DNS. IETF RFC 6762, 11 (2013)
Clark, J., van Oorschot, P.C.: SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE Symposium on Security and Privacy, pp. 511–525 (2013). https://doi.org/10.1109/SP.2013.41
De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear computational and bandwidth complexity. IACR Cryptology ePrint Archive 2009/491 (2009)
Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of Key Continuity Management with S/MIME and Outlook Express. In: Proceedings of the Symposium on Usable Privacy and Security, pp. 13–24. SOUPS 2005, ACM (2005). https://doi.org/10.1145/1073001.1073003
Google Inc: Roughtime (2016). https://roughtime.googlesource.com/roughtime, https://perma.cc/C7TX-5ZK7
Hao, F., Ryan, P.Y.A.: Password authenticated key exchange by juggling. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) Security Protocols 2008. LNCS, vol. 6615, pp. 159–171. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22137-8_23
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the New Security Paradigms Workshop, pp. 133–144. NSPW, ACM (2009).https://doi.org/10.1145/1719030.1719050
Hurst, R., Belvin, G.: Security through transparency, January 2017. https://security.googleblog.com/2017/01/security-through-transparency.html, https://perma.cc/ZJ33-NHH9
Laurie, B.: Certificate transparency. ACM Queue 12(8), 10 (2014). https://doi.org/10.1145/2668152.2668154
Levy, I., Robinson, C.: Principles for a more informed exceptional access debate, November 2018. https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate, https://perma.cc/7RJK-FM32
Melara, M.: Why making Johnny’s key management transparent is so challenging, March 2016). https://freedom-to-tinker.com/2016/03/31/why-making-johnnys-key-management-transparent-is-so-challenging/, https://perma.cc/RX2S-MZQH
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)
Roberts, J.J., Rapp, N.: Nearly 4 million Bitcoins lost forever, new study says , November 2017. http://fortune.com/2017/11/25/lost-bitcoins/
Ruoti, S., Andersen, J., Zappala, D., Seamons, K.: Why Johnny still, still can’t encrypt: evaluating the usability of a modern PGP client. arXiv (2015). http://arxiv.org/abs/1510.08555
Ruoti, S., Kim, N., Burgon, B., van der Horst, T., Seamons, K.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 5:1–5:12. ACM (2013). https://doi.org/10.1145/2501604.2501609
Sheng, S., Broderick, L., Hyland, J.J., Koranda, C.A.: Why Johnny still can’t encrypt: evaluating the usability of email encryption software. In: Symposium On Usable Privacy and Security (SOUPS), pp. 3–4 (2006)
Sleevi, R.: Sustaining digital certificate security, October 2015. https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html, https://perma.cc/DV9F-8GUD
WhatsApp Inc.: Connecting one billion users every day, July 2017. https://blog.whatsapp.com/10000631/Connecting-One-Billion-Users-Every-Day, https://perma.cc/8WZJ-Y5UT
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, pp. 169–184 (1999)
Acknowledgements
This work was supported by the Boeing Company and the Engineering and Physical Sciences Research Council (EPSRC) [grant numbers EP/M020320/1 and EP/M508007/1].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Vasile, D.A., Kleppmann, M., Thomas, D.R., Beresford, A.R. (2020). Ghost Trace on the Wire? Using Key Evidence for Informed Decisions. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-57043-9_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57042-2
Online ISBN: 978-3-030-57043-9
eBook Packages: Computer ScienceComputer Science (R0)