Skip to main content
SpringerLink
Log in

Ghost Trace on the Wire? Using Key Evidence for Informed Decisions

  • Conference paper
  • First Online:
Security Protocols XXVII (Security Protocols 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12287))

Included in the following conference series:

Abstract

Modern smartphone messaging apps now use end-to-end encryption to provide authenticity, integrity and confidentiality. Consequently, the preferred strategy for wiretapping such apps is to insert a ghost user by compromising the platform’s public key infrastructure. The use of warning messages alone is not a good defence against a ghost user attack since users change smartphones, and therefore keys, regularly, leading to a multitude of warning messages which are overwhelmingly false positives. Consequently, these false positives discourage users from viewing warning messages as evidence of a ghost user attack. To address this problem, we propose collecting evidence from a variety of sources, including direct communication between smartphones over local networks and CONIKS, to reduce the number of false positives and increase confidence in key validity. When there is enough confidence to suggest a ghost user attack has taken place, we can then supply the user with evidence to help them make a more informed decision.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Communication between client and key server occurs over TLS, with the key server usually authenticated with a certificate, so there is still some residual dependence on clocks in this case.

  2. 2.

    To avoid key changes, Signal allows the user to save a backup of the secret key on the old device, and restore it on the new device. However, this process is poorly documented and difficult to perform correctly. It requires the use of third-party apps to transfer and set up the backup before installing Signal on the new device.

References

  1. Acer, M.E., et al.: Where the wild warnings are: Root causes of Chrome HTTPS certificate errors. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1407–1420. CCS 2017. ACM (2017). https://doi.org/10.1145/3133956.3134007

  2. Akhawe, D., Amann, B., Vallentin, M., Sommer, R.: Here’s my cert, so trust me, maybe?: understanding TLS errors on the Web. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 59–70. WWW 2013. ACM (2013). https://doi.org/10.1145/2488388.2488395

  3. Apple Inc.: Apple reports first quarter results, February 2018. https://www.apple.com/newsroom/2018/02/apple-reports-first-quarter-results, https://perma.cc/M6WV-Q4HK

  4. Cheshire, S., Krochmal, M.: Multicast DNS. IETF RFC 6762, 11 (2013)

    Google Scholar 

  5. Clark, J., van Oorschot, P.C.: SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE Symposium on Security and Privacy, pp. 511–525 (2013). https://doi.org/10.1109/SP.2013.41

  6. De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear computational and bandwidth complexity. IACR Cryptology ePrint Archive 2009/491 (2009)

    Google Scholar 

  7. Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of Key Continuity Management with S/MIME and Outlook Express. In: Proceedings of the Symposium on Usable Privacy and Security, pp. 13–24. SOUPS 2005, ACM (2005). https://doi.org/10.1145/1073001.1073003

  8. Google Inc: Roughtime (2016). https://roughtime.googlesource.com/roughtime, https://perma.cc/C7TX-5ZK7

  9. Hao, F., Ryan, P.Y.A.: Password authenticated key exchange by juggling. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) Security Protocols 2008. LNCS, vol. 6615, pp. 159–171. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22137-8_23

    Chapter  Google Scholar 

  10. Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the New Security Paradigms Workshop, pp. 133–144. NSPW, ACM (2009).https://doi.org/10.1145/1719030.1719050

  11. Hurst, R., Belvin, G.: Security through transparency, January 2017. https://security.googleblog.com/2017/01/security-through-transparency.html, https://perma.cc/ZJ33-NHH9

  12. Laurie, B.: Certificate transparency. ACM Queue 12(8), 10 (2014). https://doi.org/10.1145/2668152.2668154

    Article  Google Scholar 

  13. Levy, I., Robinson, C.: Principles for a more informed exceptional access debate, November 2018. https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate, https://perma.cc/7RJK-FM32

  14. Melara, M.: Why making Johnny’s key management transparent is so challenging, March 2016). https://freedom-to-tinker.com/2016/03/31/why-making-johnnys-key-management-transparent-is-so-challenging/, https://perma.cc/RX2S-MZQH

  15. Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)

    Google Scholar 

  16. Roberts, J.J., Rapp, N.: Nearly 4 million Bitcoins lost forever, new study says , November 2017. http://fortune.com/2017/11/25/lost-bitcoins/

  17. Ruoti, S., Andersen, J., Zappala, D., Seamons, K.: Why Johnny still, still can’t encrypt: evaluating the usability of a modern PGP client. arXiv (2015). http://arxiv.org/abs/1510.08555

  18. Ruoti, S., Kim, N., Burgon, B., van der Horst, T., Seamons, K.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 5:1–5:12. ACM (2013). https://doi.org/10.1145/2501604.2501609

  19. Sheng, S., Broderick, L., Hyland, J.J., Koranda, C.A.: Why Johnny still can’t encrypt: evaluating the usability of email encryption software. In: Symposium On Usable Privacy and Security (SOUPS), pp. 3–4 (2006)

    Google Scholar 

  20. Sleevi, R.: Sustaining digital certificate security, October 2015. https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html, https://perma.cc/DV9F-8GUD

  21. WhatsApp Inc.: Connecting one billion users every day, July 2017. https://blog.whatsapp.com/10000631/Connecting-One-Billion-Users-Every-Day, https://perma.cc/8WZJ-Y5UT

  22. Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, pp. 169–184 (1999)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the Boeing Company and the Engineering and Physical Sciences Research Council (EPSRC) [grant numbers EP/M020320/1 and EP/M508007/1].

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, University of Cambridge, Cambridge, UK

    Diana A. Vasile, Martin Kleppmann, Daniel R. Thomas & Alastair R. Beresford

Authors
  1. Diana A. Vasile
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Kleppmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel R. Thomas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alastair R. Beresford
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Diana A. Vasile .

Editor information

Editors and Affiliations

  1. Memorial University, St. John's, NL, Canada

    Jonathan Anderson

  2. Computer Laboratory, University of Cambridge, Cambridge, UK

    Frank Stajano

  3. University of Hertfordshire, Hatfield, UK

    Bruce Christianson

  4. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vasile, D.A., Kleppmann, M., Thomas, D.R., Beresford, A.R. (2020). Ghost Trace on the Wire? Using Key Evidence for Informed Decisions. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-57043-9_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57042-2

  • Online ISBN: 978-3-030-57043-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation