PGP (GPG) Encryption for Small and Medium Enterprises

Total Page:16

File Type:pdf, Size:1020Kb

PGP (GPG) Encryption for Small and Medium Enterprises Masaryk University Faculty of Informatics PGP (GPG) encryption for small and medium enterprises Master’s Thesis Zuzana Melšová Brno, Fall 2016 Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Zuzana Melšová Advisor: prof. RNDr. Václav Matyáš, M.Sc., Ph.D. i Acknowledgement I would like to thank my supervisor, prof. RNDr. Václav Matyáš, M.Sc., Ph.D., for his valuable feedback on my writing. I would also like to thank Ing. Zbyněk Sopuch for his consultations on the practical part of this thesis. iii Abstract The aim of this thesis is to design and implement a prototype of end-to- end email encryption system for small and medium-sized enterprises which minimizes interaction with the end user, is easy to deploy, and is also able to connect with another enterprise. This thesis provides an overview of the current state of email encryption software area and an evaluation of its suitability for deployment in enterprises. After analyzing problems regarding usability, security, and deployment, an email encryption solution is presented, and a proof-of-concept implementation for Microsoft Outlook email client is provided. iv Keywords PGP, GPG, email encryption, usability, Microsoft Outlook, Active Di- rectory v Contents 1 Introduction ............................1 2 Email encryption overview ...................3 2.1 Email encryption standards ..................3 2.2 Email encryption software ..................6 3 Problem analysis and solution design ............. 13 3.1 Implementation goals ..................... 13 3.2 Solution design ........................ 14 4 Implementation .......................... 19 4.1 Outlook add-in ........................ 19 4.2 Active directory and key storage ............... 27 4.3 Administrator tool ...................... 29 4.4 Future work .......................... 29 5 Conclusion ............................. 37 Bibliography . 39 vii 1 Introduction Nowadays, when advanced security mechanisms exist to protect data, systems, and networks, emails are still surprisingly mostly sent un- encrypted. Since the email protocols that were designed many years ago without the security in mind are still in use, we have to use ad- ditional software to secure our emails. In spite of that a lot of email encryption software exists, it is not widely used because of its bad usability. The standards for email encryption employs a public-key cryptography, which needs the participants to exchange their public keys before they can communicate securely. These standards have not been designed with a focus on good usability for an average end user. Even though the software has a user-friendly interface for managing keys and encrypting messages, users still need to understand the con- cept of public-key cryptography to be able to exchange the right keys and verify whether the public key belongs to the person to which it is declared. This thesis focuses on bringing usable email encryption to small and medium-sized enterprises, where we can not count on large IT staff to be available to manage the system. Therefore the solution should be easily deployable and maintainable. We focus on mini- mizing user interaction with the system and automating as much as possible to take the responsibility to verify and use the correct keys from the user. On the other hand, we want the key management to be transparent for the enterprises. We aim to automatically encrypt all the internal communication and also make it possible to easily connect with another enterprise. This thesis provides an overview of the existing email encryption software. We have analyzed its usability, security, trust models and the suitability for the enterprise-wide deployment. Based on the analysis, we have designed a generic solution for automated key distribution and email encryption, and implemented a proof of concept as an add- in for Microsoft Outlook email client, using Active Directory to supply the internal infrastructure and to store the keys. The second chapter provides an overview of the current state of email encryption area. The third chapter consists of problem analy- sis with a focus on the deployment in enterprises and presents our 1 1. Introduction solution. It is followed by a chapter describing the proof-of-concept implementation for Outlook email client and proposing possible im- provements and extensions for the future. 2 2 Email encryption overview This chapter provides an overview of the present state of the area of end-to-end email encryption. First, a high-level description of two most widely used email encryption standards is provided, which is needed to understand limitations of the systems that employ these standards. Since these standards have many issues regarding usability and also security, a group of researchers recently designed an email protocol suite including end-to-end security which solves some of these problems. We briefly describe the idea behind this protocol asit could be the future of encrypted email. The second part of this chapter provides an overview of existing email encryption software with a focus on its usability, security, key management, and suitability for deployment in enterprises. 2.1 Email encryption standards Two main standards are currently used for the end-to-end email en- cryption and signing: S/MIME [1] and OpenPGP [2]. The encryption schemes are very similar, and both of them use a combination of symmetric-key cryptography, public-key cryptography and hashing. The messages are encrypted by a symmetric algorithm with a key which is newly generated for each message. This symmetric key is then encrypted with the public key of the recipient and enclosed to the encrypted message. To also provide an integrity of the email, the sender uses his private key to sign a hash of the message and encloses it to the email before the encryption. Therefore, to be able to perform an encrypted communication, the users must first exchange their public keys. The main difference between the two standards is in the way the public keys are distributed and verified. While the S/MIME uses a cen- tralized trust model based on Certification Authorities, theOpenPGP was designed to use a decentralized trust model known as Web Of Trust. 3 2. Email encryption overview OpenPGP: The OpenPGP standard [2] was derived from the PGP (Pretty Good Privacy) encryption software released by Philip Zimmer- mann in 1991 [3]. The standard is implemented in various projects including GnuPG (GNU Privacy Guard, also known as GPG) [4], the most widespread open source implementation. The notation PGP is often used with the meaning of the standard OpenPGP, and so we use it in the rest of this thesis as well. PGP was designed to use the decentralized trust model for public key distribution known as Web Of Trust in which each participant can certify the other participant’s public key by adding a signature to the key. The user decides whether the key is valid or not based on the signatures on the key. The validity of the key can also be verified by checking its fingerprint. For the key distribution, PGP has the concept of key servers. The user can upload his public key to the key server and others can then download it to be able to send him encrypted messages. S/MIME: The S/MIME (Secure/Multipurpose Internet Mail Exten- sions) [1] standard fundamentally provides users with the same func- tionality as PGP, just with different formats of encryption. The only significant difference is in the key management. The S/MIME uses the X.509 format of certificates and employs the centralized trust model based on Certification Authorities (CA) where the user has first to obtain a certificate from the CA which verifies and certifies his identity and then exchange the certificates with others. Both of the trust models described above have many issues. The Web Of Trust does not scale well and nonexperienced users do not know which public key can be trusted or not. It brings a big complexity to the system and thus makes it insecure. In the centralized model, the verification of public keys is done automatically. However, it requires to place trust in a third party and there were many cases of compromised CAs. Moreover, obtaining the certificates is a burdensome process which brings additional costs. While both of these technologies bring authentication, confiden- tiality, non-repudiation, and integrity for the emails, they still do not provide enough privacy for the email users. All the metadata including 4 2. Email encryption overview subject, recipient, and sender are not encrypted so an eavesdropper would still be able to trace who communicate with whom, when, and even guess at what they are talking about from the unencrypted sub- ject header. This could be only solved by introducing a whole new email system with a built-in security. However, a group of researchers including the author of PGP recently proposed new email protocols and architecture with end- to-end security which minimizes exposure of the metadata to the stations along the path between the sender and the recipient. The project named Dark Internet Mail Environment (DIME) [5] aims to make the email secure by default and also make it more secure than the existing approaches. It also focuses on a good usability which requires an automation of the key management including generation, distribution, and validation of the keys. The messages are encrypted on multiple levels so that the particular handling station has access only to the information it needs to see. Regarding the trust model, the service providers still have a trusted position in this system. However, the user can choose among three trust levels (Trustful, Cautious and Paranoid) determining the server’s access to the user’s private keys.
Recommended publications
  • Mesačný Prehľad Kritických Zraniteľností Máj 2018
    Mesačný prehľad kritických zraniteľností Mesačný prehľad kritických zraniteľností Máj 2018 1. Operačné systémy Microsoft Windows V máji spoločnosť Microsoft opravila 4 kritické zraniteľnosti operačného systému Microsoft Windows. Zraniteľnosti CVE-2018-0959 a CVE-2018-0961 môžu spôsobiť vykonanie škodlivého kódu na diaľku. Prvá z nich je spôsobená nesprávnym overovaním vstupu Windows Hyper-V na serveri od autentifikovaného používateľa na hostiteľskom operačnom systéme. Druhá sa týka overovania paketových dát v SMB protokole systému Windows Hyper-V. Na zneužitie týchto zraniteľností musí útočník spustiť špeciálne vytvorenú aplikáciu, ktorá umožní zneužitie týchto zraniteľností. Úspešný útočník následne môže vykonať ľubovoľný kód pomocou Windows Hyper-V. Našli sa aj zraniteľnosti CVE-2018-8120 a CVE-2018-8174 taktiež umožňujúce vzdialené vykonávanie kódu či zvýšenie privilégií, ktoré sú bližšie popísané aj v našom varovaní. Zraniteľné systémy: Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems. Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows
    [Show full text]
  • MTA STS Improving Email Security.Pdf
    Improving Email Security with the MTA-STS Standard By Brian Godiksen An Email Best Practices Whitepaper CONTENTS Executive Overview 03 Why Does Email Need Encryption in Transit? 04 The Problem with “Opportunistic Encryption” 07 The Anatomy of a Man-in-the-Middle Attack 08 The Next Major Step with Email Encryption: MTA-STS 10 What Steps Should Senders Take to Adopt MTA-STS? 11 About SocketLabs 12 Brian Godiksen Brian has been helping organizations optimize email deliverability since joining SocketLabs in 2011. He currently manages a team of deliverability analysts that consult with customers on best infrastructure practices, including email authentication implementation, bounce processing, IP address warm-up, and email marketing list management. Brian leads the fight against spam and email abuse at SocketLabs by managing compliance across the platform. He is an active participant in key industry groups such as M3AAWG and the Email Experience Council. You can read more of Brian’s content here on the SocketLabs website. ©2019 SocketLabs 2 Executive The Edward Snowden leaks of 2013 opened many peoples’ eyes to the fact that mass surveillance was possible by Overview intercepting and spying on email transmissions. Today, compromised systems, database thefts, and technology breaches remain common fixtures in news feeds around the world. As a natural response, the technology industry is rabidly focused on improving the security and encryption of communications across all platforms. Since those early days of enlightenment, industry experts have discussed and attempted a variety of new strategies to combat “pervasive monitoring” of email channels. While pervasive monitoring assaults can take many forms, the most prominent forms of interference were man-in-the-middle (MitM) attacks.
    [Show full text]
  • Zix Wins 5-Vendor Email Encryption Shootout Email Encryption Has Come a Long Way Since Our Last Review
    Reprint THE CONNECTED ENTERPRISE MARCH 13, 2017 Zix wins 5-vendor email encryption shootout Email encryption has come a long way since our last review BY DAVID STROM, NETWORK WORLD terms of the flexibility of various encryption While these personal encryption products protocols used, along with DLP features that are improvements, there are also steps mail encryption products have are built-in along with a simple and single forward for the enterprise encryption email made major strides since we last pricing structure -- all things that Zix excels. user. Some products, such as Zix, hide the looked at them nearly two years All of these encryption products will cost encryption key process entirely from the ago. They have gotten easier you a few dollars a month per user. While user, so well that you might not even know to use and deploy, thanks to a that doesn’t sound like much, if you have that an encrypted message has passed from Ecombination of user interface and encryption an installation of several thousand users, sender to recipient. key management improvements, and are at the price tag could add up. However, the Others, such as Virtru and HPE/Voltage, the point where encryption can almost be alternative is having your email stream use identity-based encryption management called effortless on the part of the end user. available to anyone with a simple collection to verify a new recipient in their systems. Our biggest criticism in 2015 was that the of tools that even teens can master. Once a user new to these products products couldn’t cover multiple use cases, clicks on a confirmation email, they are such as when a user switches from reading Trends and bright spots forever allowed access, their emails are emails on their smartphone to moving to a In 2015, we said that gateways may have automatically decrypted, and there is no webmailer to composing messages on their fallen out of favor, but that trend has been need for any further effort to keep track of or Outlook desktop client.
    [Show full text]
  • Nutzung Von Openpgp in Webanwendungen Mit Hilfe Von Erweiterungen Für Die Webbrowser Mozilla Firefox Und Google Chrome Autoren
    Nutzung von OpenPGP in Webanwendungen mit Hilfe von Erweiterungen für die Webbrowser Mozilla Firefox und Google Chrome Autoren Oskar Hahn (Rechtsanwalt) Anwälte am Oberen Tor Obere Straße 30 78050 Villingen-Schwenningen http://anwaelte-am-oberen-tor.de Thomas Oberndörfer Mailvelope GmbH Schröderstr. 30/1 69120 Heidelberg https://www.mailvelope.com Unter Mitwirkung von: Bernhard Reiter Emanuel Schütze Intevation GmbH Neuer Graben 17 49074 Osnabrück https://intevation.de Werner Koch g10 code GmbH Hüttenstr. 61 40699 Erkrath https://g10code.com Dieses Werk ist unter der Lizenz „Creative Commons Namensnennung-Weitergabe unter gleichen Bedingungen Deutschland“ in Version 3.0 (abgekürzt „CC-by-sa 3.0/de“) veröffentlicht. Den rechtsverbindlichen Lizenzvertrag finden Sie unter http://creativecommons.org/licenses/by-sa/3.0/de/legalcode. Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Tel.: +49 22899 9582-0 E-Mail: [email protected] Internet: https://www.bsi.bund.de © Bundesamt für Sicherheit in der Informationstechnik 2016 Änderungshistorie Version Datum Name Beschreibung 1.0 11.5.2016 siehe Autoren Initiale Version für die Veröffentlichung Inhaltsverzeichnis Inhaltsverzeichnis 1 Einleitung............................................................................................................................................................................................... 7 1.1 Ziel der Studie................................................................................................................7 1.2
    [Show full text]
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage
    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
    [Show full text]
  • Pentest-Report Mailvelope 12.2012 - 02.2013 Cure53, Dr.-Ing
    Pentest-Report Mailvelope 12.2012 - 02.2013 Cure53, Dr.-Ing. Mario Heiderich / Krzysztof Kotowicz Index Introduction Test Chronicle Methodology Vulnerabilities MV -01-001 Insufficient Output Filtering enables Frame Hijacking Attacks ( High ) MV -01-002 Arbitrary JavaScript execution in decrypted mail contents ( High ) MV -01-003 Usage of external CSS loaded via HTTP in privileged context ( Medium ) MV -01-004 UI Spoof via z - indexed positioned DOM Elements ( Medium ) MV -01-005 Predictable GET Parameter Usage for Connection Identifiers ( Medium ) MV -01-006 Rich Text Editor transfers unsanitized HTML content ( High ) MV -01-007 Features in showModalDialog Branch expose M ailer to XSS ( Medium ) MV -01-008 Arbitrary File Download with RTE editor filter bypass ( Low ) MV -01-009 Lack of HTML Sanitization when using Plaintext Editor ( Medium ) Miscellaneous Issues Conclusion Introduction “Mailvelope uses the OpenPGP encryption standard which makes it compatible to existing mail encryption solutions. Installation of Mailvelope from the Chrome Web Store ensures that the installation package is signed and therefore its origin and integrity can be verified. Mailvelope integrates directly into the Webmail user interface, it's elements are unintrusive and easy to use in your normal workflow. It comes preconfigured for major web mail provider. Mailvelope can be customized to work with any Webmail.”1 1 http :// www . mailvelope . com /about Test Chronicle • 2012/12/20 - XSS vectors in common input fields (Mailvelope options etc.) • 2012/12/20 -
    [Show full text]
  • State of End to End Encryption
    What is it about Systems Reading the coee grounds State of End To End Encryption Werner Koch FSCONS 15 Gothenburg November 7, 2015 What is it about Systems Reading the coee grounds Outline What is it about Systems Reading the coee grounds What is it about Systems Reading the coee grounds What is end to end encryption I Wikipedia needs 100 words to explain E2EE. I Shorter: All data exchange between the user operated devices is encrypted and optionally integrity protected. I Needed for: Mail Chat Phone What is it about Systems Reading the coee grounds Why do we want to have this I All encryption requires a private key. I A (private) key must be protected. I Servers are other people's machines. I Servers are not trustworthy as a middleman. Solution: I Keys on a device under sole control of the user: Desktop/laptop/phone memory. Smartcard, What is it about Systems Reading the coee grounds Why do we want to have this I All encryption requires a private key. I A (private) key must be protected. I Servers are other people's machines. I Servers are not trustworthy as a middleman. Solution: I Keys on a device under sole control of the user: Desktop/laptop/phone memory. Smartcard, What is it about Systems Reading the coee grounds Why do we want to have this I All encryption requires a private key. I A (private) key must be protected. I Servers are other people's machines. I Servers are not trustworthy as a middleman. Solution: I Keys on a device under sole control of the user: Desktop/laptop/phone memory.
    [Show full text]
  • PGP) and GNU Privacy Guard (GPG): Just Enough Training to Make You Dangerous
    Pre$y Good Privacy (PGP) And GNU Privacy Guard (GPG): Just Enough Training to Make You Dangerous Joe St Sauver, Ph.D. M3AAWG Senior Technical Advisor Scien<st Farsight Security, Inc. M3AAWG 36, San Francisco, California Monday, Feb 15th, 2016, 12:30-14:30 hLps://www.stsauver.com/joe/pgp-tutorial-sfo/ 0. IntroducDon Obligatory Screen: Eligibility For Strong EncrypDon • This is not legal advice (for that, please contact your aorney), however please note that some people are NOT ALLOWED to use strong encryp<on under prevailing laws. • By connuing with this training, you cerDfy that you are NOT: -- a ci<zen, naonal, or resident of a country barred from access to strong encryp<on by the U.S. or other countries, including but not limited to persons from the Crimea region of the Ukraine, Cuba, Iran, North Korea, Sudan, or Syria; -- nor are you a "Specially Designated Naonal" (see hp://www.treasury.gov/resource-center/sanc<ons/SDN-List/ Pages/default.aspx ), nor a person (or representave of a company) that is subject to any other US or other sanc<ons program or restric<on. • If you are subject to any such prohibi<on or restric<on, you must NOT par<cipate in today's encryp<on training. 3 Disclaimer • While all due care was used in preparing the content of this training, we cannot ensure that you will not inadvertently make a mistake, or encounter a vulnerability while using PGP/GPG. • Given that you cannot "unring the bell once it has been rung," and given that some poten<al "losses of confiden<ality" may have grave or even catastrophic consequences, please remember that: -- you should not use PGP/GPG for "life/safety-cri<cal" purposes -- today's training is provided on a "best efforts," as-is, where-is basis, with all evident and/or latent faults/flaws -- should you decide to use and rely on PGP/GPG, the decision to do so is your own and at your own risk; we disclaim all responsibility for any impacts associated with the use, misuse, or abuse of PGP/GPG by anyone here today or using this talk.
    [Show full text]
  • Efail: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels
    Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak and Christian Dresen, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Fabian Ising and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, NXP Semiconductors, Belgium; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-931971-46-1 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak1, Christian Dresen1, Jens Muller¨ 2, Fabian Ising1, Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, and Jorg¨ Schwenk2 1Munster¨ University of Applied Sciences 2Ruhr University Bochum 3NXP Semiconductors, Belgium Abstract is designed to protect user data in such scenarios. With end-to-end encryption, the email infrastructure becomes OpenPGP and S/MIME are the two prime standards merely a transportation service for opaque email data and for providing end-to-end security for emails. We de- no compromise – aside from the endpoints of sender or scribe novel attacks built upon a technique we call mal- receiver – should affect the security of an end-to-end en- leability gadgets to reveal the plaintext of encrypted crypted email. emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails. These snippets S/MIME and OpenPGP. The two most prominent stan- abuse existing and standard conforming backchannels to dards offering end-to-end encryption for email, S/MIME exfiltrate the full plaintext after decryption.
    [Show full text]
  • LAB :: PGP (Pretty Good Privacy)
    LAB :: PGP (Pretty Good Privacy) GnuPG : GnuPG forms the heart of Gpg4win – the actual encryption software. Kleopatra : The central certificate administration of Gpg4win, which ensures uniform user navigation for all cryptographic operations. Download Gpg4win (GNU Privacy Guard for Windows) from https://www.gpg4win.org/index.html Install GnuPG & Related application 1. The installation assistant will start and you will see this welcome dialog: 2. Close all programs that are running on your computer and click on [ Next ] 3. The next page displays the licensing agreement – it is only important if you wish to modify or forward Gpg4win. If you only want to use the software, you can do this right away – without reading the license. Click on [ Next ] 4. On the page that contains the selection of components you can decide which programs you want to install. A default selection has already been made for you. You can also install individual components at a later time. Moving your mouse cursor over a component will display a brief description. Another useful feature is the display of required hard drive space for all selected components. Bellow are the application and there fucntion: a. GnuPG: Gnu Privacy Guard b. Kleopatra: Keymanager for OpenPGP c. GPA: GNU Privacy Assistant d. GpgOL: GnuPG for Outlook e. GpgEX: GnuPG Shell Extension f. Claws-Mail: Claws Mail user client g. Gpg4win Compedium: The Gpg4Win documentation Click on [ Next ] 5. The system will suggest a folder for the installation, e.g.: C:\Programme Files (x86)\GNU\GnuPG You can accept the suggestion or select a different folder for installing Gpg4win.
    [Show full text]
  • Obstacles to the Adoption of Secure Communication Tools
    Obstacles to the Adoption of Secure Communication Tools Ruba Abu-Salma M. Angela Sasse Joseph Bonneau University College London, UK University College London, UK Stanford University & EFF, USA Anastasia Danilova Alena Naiakshina Matthew Smith University of Bonn, Germany University of Bonn, Germany University of Bonn, Germany Abstract—The computer security community has advocated Recent mobile phone-based secure communication tools widespread adoption of secure communication tools to counter have often been designed to hide security from the user com- mass surveillance. Several popular personal communication tools pletely (albeit at some security cost [1]). WhatsApp famously (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched deployed E2E encryption to approximately a billion users with security as a key selling point. However it remains unclear through a code update to its application for messages, voice if users understand what protection these tools offer, and if they calls and video communications [18], with only negligible value that protection. In this study, we interviewed 60 partici- changes to the user experience. Some other communication pants about their experience with different communication tools tools (e.g., Signal, Threema) have launched with security and their perceptions of the tools’ security properties. We found that the adoption of secure communication tools is hindered by as an explicit selling point, but they also hide nearly all fragmented user bases and incompatible tools. Furthermore, the cryptographic details. vast majority of participants did not understand the essential There are key differences in the security model of dif- concept of end-to-end encryption, limiting their motivation to ferent E2E-encrypted tools, in addition to a large gap in adopt secure tools.
    [Show full text]
  • Messageguard: Retrofitting the Web with User-To-User Encryption
    MessageGuard: Retrofitting the Web with User-to-user Encryption Scott Ruoti, Daniel Zappala, Kent Seamons Brigham Young University Provo Utah, USA [email protected], [email protected], [email protected] ABSTRACT third-party libraries [34], compromise of the website's back Users today share a great deal of private information on the end, poor protocol design and implementation [12], and co- Web. While HTTPS protects this data during transmission, erced information disclosure by governments. it does not protect data at rest, nor does it protect user data This state of affairs motivates the need for user-to-user from the websites which store or transmit that data. These encryption, an approach in which data is encrypted and de- issues can be addressed with user-to-user encryption, an ap- crypted at each user's computer and is opaque to the web- proach where data is encrypted and decrypted at the user's sites that store or transmit this data. There are many use computer and is opaque to websites. In this paper we present cases for user-to-user encryption. For example, two users MessageGuard, the first system that retrofits the Web with can encrypt their email, preventing either of their email user-to-user encryption and is designed to work with all web- providers from accessing its contents. Similarly, users may sites, in all browsers, on all platforms. We demonstrate that want to encrypt sensitive files shared through DropBox or MessageGuard operates out-of-the-box on 47 of the Alexa Google Drive. In some cases, a user may wish to be the only top 50 sites, has minimal performance overhead, and is rated endpoint, such as when storing private items in a Web-based as highly usable by study participants.
    [Show full text]