DOCSLIB.ORG

Authentication and Key Management Automation in Decentralized Secure Email and Messaging Via Low-Entropy Secrets

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Authentication and Key Management Automation in Decentralized Secure Email and Messaging Via Low-Entropy Secrets Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets Itzel Vazquez Sandoval1, Arash Atashpendar1;2 and Gabriele Lenzini1 1SnT, University of Luxembourg, Luxembourg 2itrust Consulting, Luxembourg Keywords: Authentication, Key Management, Secure Email and Messaging, Password-Authenticated Key Exchange. Abstract: We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low-entropy secrets, e.g., memorable words, without a public key infrastructure or a trusted third party, but it also paves the way for automation and a series of cryptographic enhancements; improves security by minimizing the impact of human error and potentially improves usability. First, we study a few vulnerabilities in voice-based out-of-band authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. Next, we propose solving the problem of secure equality test using PAKE to achieve entity authentication and to establish a shared high-entropy secret key. Our solution lends itself to offline settings, compatible with the inherently asynchronous nature of email and modern messaging systems. The suggested approach enables enhancements in key management such as automated key renewal and future key pair authentications, multi-device synchronization, secure secret storage and retrieval, and the possibility of post-quantum security as well as facilitating forward secrecy and deniability in a primarily symmetric-key setting. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols. 1 INTRODUCTION long time, e.g., see (Ruoti et al., 2018). Over the years, several methods have been estab- The use of email and instant messaging (IM) has be- lished to tackle authentication, and indirectly key man- come pervasive and entrenched in the fabric of modern agement: manual validation, web of trust, public key communication. Thanks to cryptography, modern mes- infrastructure (PKI) and hierarchical validation, pub- saging tools have reached a considerable degree of lic key directories as well as server-derived public sophistication (e.g., Signal) and offer advanced secu- keys such as identity-based encryption (IBE). The set rity features ranging from end-to-end encryption to of viable candidates becomes much smaller once we forward secrecy and deniability. For these reasons, consider a decentralized setting, i.e., without a PKI coupled with better usability, although email has a or a trusted third party (TTP). For this scenario, the long history and remains undeniably popular with hun- body of work on key authentication contains hundreds dreds of billions of emails exchanged on a daily basis of works focusing on methods based on the use of (Clark et al., 2018), secure messaging has often been out-of-band (OOB) channels and short authentication recommended by security experts as the go-to tool for string (SAS) comparisons, see Section 1.1. However, secure communication. Yet, secure messaging and when it comes to schemes that rely on low-entropy email share two long-standing challenges, namely en- shared secrets, which is what we address here, the only tity authentication and key management. work that to the best of our knowledge proposes a so- The primary concern is entity authentication, lution is by (Alexander and Goldberg, 2007). They which invariably involves a mechanism that associates use a modified solution to the socialist millionaires’ some cryptographic material with an identity, e.g., pub- problem (SMP) by (Boudot et al., 2001), also known lic key authentication. Key management, affecting as secure equality test, for authentication in the off-the- email more acutely, is intertwined with authentication record messaging (OTR) protocol. and the need for automating it has been known for a Due to the required user interaction in most of 167 Vazquez Sandoval, I., Atashpendar, A. and Lenzini, G. Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets. DOI: 10.5220/0009834001670179 In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications (ICETE 2020) - SECRYPT, pages 167-179 ISBN: 978-989-758-446-6 Copyright c 2020 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved SECRYPT 2020 - 17th International Conference on Security and Cryptography these approaches, e.g., for verifying the authenticity of with a cryptographic protocol is the impact of fail- an interlocutor’s public key, usability plays a key role ures occurring in methods highly-dependent on user in achieving authentication. Reducing the gap between behavior, which could completely jeopardize security. security and usability, by finding optimal trade-offs, Our motivation for using PAKE—a method that has been a central theme for decades with a plethora does not seem to have enjoyed enough recognition of long-standing open problems, e.g., see (Unger et al., due to a lack of mature implementations, reluctance 2015; Clark et al., 2018). towards client side crypto, patent-encumbered designs Here we revisit the problem of authenticating pub- and perhaps even unawareness of its usefulness—is lic keys in a decentralized setting and propose a grounded not only in its independence from a PKI or user-friendly and robust approach based on password- a TTP, but also in its provision of a zero-knowledge authenticated key exchange (PAKE) to solve SMP via (ZK) solution for the secure equality test problem us- low-entropy secrets. These secrets are not expected to ing a low number of rounds, compatible with asyn- be sampled from a large, uniformly distributed space, chronous settings, and in the fact that it enables addi- but rather from a small set of values, e.g., typical tional cryptographic enhancements. human-memorable passwords or pin numbers. The We were also motivated by two open problems task of SMP boils down to two parties verifying equal- stressed by (Unger et al., 2015; Clark et al., 2018): ity of their inputs pA and pB in a zero-knowledge bridging the gap between known theoretical results manner such that by the end they learn nothing but the and real-world solutions, and the need for more robust boolean result of the test. By solving SMP via PAKE, authentication methods that also improve the trade- we also establish a shared cryptographically strong se- off between security and usability in secure solutions. cret key, making further cryptographic enhancements Finally, the need for addressing common challenges possible. Furthermore, this approach would not require such as key management automation and device syn- any understanding of cryptographic concepts from the chronization also spurred us on. user, e.g., knowing about public-keys and fingerprints. We also show how the suggested approach would Contributions and Structure. After a brief review not only work naturally in the context of secure mes- of the state-of-the-art in Section 1.1, we cover back- saging, but also in the inherently asynchronous set- ground concepts in Section 2. In Section 3, we focus ting of email. Apart from offering improved usability on a few vulnerabilities in the use of OOB channels properties and eliminating a host of vulnerabilities for authentication, including a partial preimage attack present in OOB-based protocols, as discussed in Sec- aimed at lazy users, which we analyze in the context of tion 3, we show how the PAKE-generated secret key the p≡p secure email solution. In Section 4, we present can be used to pave the path towards providing a se- an efficient PAKE-based solution for authentication in ries of enhancements in secure email and messaging. secure messaging and email via low-entropy secrets, These include inattentive user resistance, automated which enables further cryptographic enhancements. key renewal, automated future key pair authentication We provide a concrete illustrative scheme along with and multi-device synchronization, along with security an analysis of various PAKE constructions and proper- properties such as deniability, forward secrecy, post- ties relevant for our work. We show how our proposal quantum security, auditability for detecting guess and can be used to achieve additional cryptographic tasks abort attacks, secure secret storage and retrieval with and properties such as automation in key management applications in email and secure messaging. and key renewal, forward secrecy in a symmetric-key By applying PAKE to this problem, we advance setting, deniability, post-quantum security, secure se- the state-of-the-art in the use of shared low-entropy cret retrieval, and auditability for mitigating a certain secrets for entity authentication, an idea considered class of online guess and abort attacks. We briefly only in (Alexander and Goldberg, 2007). Also note analyze network transport mechanisms and security. that while SMP is a subproblem solved naturally by Section 5 concludes with remarks on future work. PAKE, the latter has not been applied to the problem of authenticating public keys in decentralized settings. 1.1 Related Work Motivation. Entity authentication in decentralized, The works of (Unger et al., 2015) and (Clark et al., non-PKI environments is generally brushed aside. So- 2018) provide extensive systematic surveys on se- lutions that do consider this problem typically rely on cure messaging and email covering numerous aspects. users correctly executing a manual comparison and We limit ourselves to the decentralized setting with- even tend to keep this feature rather hidden, e.g., Sig- out elaborating on the drawbacks of web of trust ap- nal. Our incentive for replacing OOB authentication proaches covered in the above mentioned works. 168 Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets The literature contains a sizeable body of work on cret keys, see (Krawczyk, 2010) for details.
Load more

Recommended publications
  • Copyrighted Material
    Stichwortverzeichnis A B Abstreitbarkeit 167 Bequemlichkeit 30 Adblocker 96 Bitcoin 110 – Adblock Plus 96 Blackberry 215 – Disconnect 96 Bookmarks siehe Favoriten – Ghostery 96 Browser 68, 75 – Privacy Badger 96 – Add-on 87, 90 – uBlock 97 – Apple Safari 77 Add-on – Cache 88 – Browser 87, 90 – Chromium 78 – E-Mail-Client 126 – Chronik 87 – Enigmail siehe Enigmail – Fingerprinting 85, 98 – GpgOL 137 – Google Chrome 77 – Mailvelope 130, 132 – HTML-Engine 80 – Thunderbird 139 – Hygiene 88 Adium 170 – Iceweasel 78 Advanced Programming Interface (API) 90, – Inkognito-Modus 86 182 – integrierte Suche 84 Android – Internet Explorer 77 – Android Privacy Guard (App) 156 – Konqueror 78 – K9 Mail (E-Mail-Client) 156 – Microsoft Edge 92 – OpenKeychain (App) 156 – Midori 78 – PGP 156 – Mosaic 68 – R2Mail2 (E-Mail-Client) 158 – Mozilla Firefox 68, 76 – S/MIME 156 – Netscape Navigator 68 Anonymität 206 COPYRIGHTED– Opera 77MATERIAL AOL Instant Messenger (AIM) 164 – Plug-in 87 Apple Mail – Prole (Identitäten) 87 – PGP 145 – Synchronisation von Einstellungen – S/MIME 155 86 Authentizierung 167, 169, 176, 179 – Web (Epiphany) 78 – Adium 172 Buffer Overow 82 – Multifaktor- 201 Bugs 82 – Pidgin 169 Bundesamt für Sicherheit in der Informations- Authentizität 29, 54, 56 technik (BSI) 215 233 Stichwortverzeichnis C – E-Mail-Adresse 119 Caesar-Chiffre 36 – Header 121 Certicate Authority siehe Zertizierungsstelle – Provider 129, 131, 139 Chain of Trust siehe Web of Trust – Server 122 Chaos Computer Club (CCC) 133 Eingangsverschüsselung 125 Chat 161 Electronic
    [Show full text]
  • Authentication and Key Management Automation In
    Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets Itzel Vazquez Sandoval∗, Arash Atashpendar∗†, Gabriele Lenzini∗ ∗SnT, University of Luxembourg †itrust consulting, Luxembourg Email: {itzel.vazquezsandoval,gabriele.lenzini}@uni.lu, [email protected] Abstract—We revisit the problem of entity authentication in management, affecting email more acutely, is intertwined with decentralized end-to-end encrypted email and secure messaging authentication and the need for automating it has been known to propose a practical and self-sustaining cryptographic solution for a long time, e.g., see (Ruoti et al., 2018). based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low- Over the years, several methods have been established to entropy secrets, e.g., memorable words, without a public key tackle authentication, and indirectly key management: man- infrastructure or a trusted third party, but it also paves the ual validation, web of trust, public key infrastructure (PKI) way for automation and a series of cryptographic enhancements; and hierarchical validation, public key directories as well as improves security by minimizing the impact of human error and server-derived public keys such as identity-based encryption potentially improves usability. First, we study a few vulnera- bilities in voice-based out-of-band authentication, in particular (IBE). The set of viable candidates becomes much smaller a combinatorial attack against lazy users, which we analyze in once we consider a decentralized setting, i.e., without a PKI the context of a secure email solution. Next, we propose solving or a trusted third party (TTP).
    [Show full text]
  • Secure Email - a Usability Study
    Secure Email - A Usability Study Adrian Reuter1, Karima Boudaoud2, Marco Winckler2 , Ahmed Abdelmaksoud2, Wadie Lemrazzeq2 1 Technische Universität München, Arcisstraße 21, 80333 München, Germany 2 Polytech Nice Sophia, 930 route des Colles, 06903 Sophia Antipolis, France Abstract. Several end-to-end encryption technologies for emails such as PGP and S/MIME exist since decades. However, end-to-end encryption is barely ap- plied. To understand why users hesitate to secure their email communication and which usability issues they face with PGP, S/MIME as well as with pEp (Pretty Easy Privacy), a fairly new technology, we conducted an online survey and user testing. We found that more than 60% of e-mail users are unaware of the existence of such encryption technologies and never tried to use one. We observed that above all, users are overwhelmed with the management of public keys and struggle with the setup of encryption technology in their mail soft- ware. Even though users struggle to put email encryption into practice, we ex- perienced roughly the same number of users being aware of the importance of email encryption. Particularly, we found that users are very concerned about identity theft, as 78% want to make sure that no other person is able to write email in their name. Keywords: mail encryption, user study, usability, PGP, S/MIME, pEp. 1 INTRODUCTION To prevent cyber-crime and to protect user privacy, almost all services running on the Internet critically depend on cyber security measures. Most dominantly, transport layer security (TLS) is used for securing a variety of communication protocols.
    [Show full text]
  • Signal Telegram Surespot Threema Whatsapp Freie Software Ja Teils Ja Nein Nein
    „Ich möchte nicht in einer Welt leben, in der alles, was ich sage, alles, was ich tue, jedes Gespräch, jeder Ausdruck von Kreativität, Liebe oder Freundschaft aufgezeichnet wird. Das ist nichts, was ich bereit bin zu unterstützen. Das ist nichts, das ich bereit bin mit aufzubauen. Das ist nichts, unter dem ich zu leben bereit bin. Ich denke, jeder, der eine solche Welt ablehnt, hat die Verpflichtung, im Rahmen seiner Möglichkeiten zu handeln.“ - Edward Snowden Was ist eine CryptoParty? ● Workshop zur digitalen Selbstverteidigung • "Tupperware-Party zum Lernen von Kryptographie" (Cory Doctorow) ● Einsteigerfreundlich ● Öffentlich & unkommerziell ● Fokus auf Freier Software ● Von Anwendern für Anwender -> Gelerntes weitertragen 3 / 49 Agenda ● Inputvortrag zu: • Sichere Passwörter • Verschlüsselung von E-Mails (PGP) • Tracking beim Browsen vermeiden • Dateiverschlüsselung (VeraCrypt) • Smartphones ● Praxis 4 / 49 Sichere Passwörter Wie werden Passwörter geknackt? ● Brute Force • Alle möglichen Kombinationen ausprobieren ● Listen / Wörterbuch-Angriffe • Alle Wörter einer Liste ausprobieren ● Social Engineering • Phishing, Person austricksen um PW zu erfahren 5 / 49 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) 6 / 49 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) ● Listen / Wörterbuch-Angriffe => Kein einzelnes
    [Show full text]
  • Security Analysis of Subject Access Request Procedures How To
    Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data Coline Boniface, Imane Fouad, Nataliia Bielova, Cédric Lauradoux, Cristiana Santos To cite this version: Coline Boniface, Imane Fouad, Nataliia Bielova, Cédric Lauradoux, Cristiana Santos. Security Analy- sis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data. APF 2019 - Annual Privacy Forum, Jun 2019, Rome, Italy. pp.1-20. hal-02072302 HAL Id: hal-02072302 https://hal.inria.fr/hal-02072302 Submitted on 19 Mar 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data Coline Boniface2, Imane Fouad1, Nataliia Bielova1, C´edricLauradoux2, and Cristiana Santos3 1 Univ. Grenoble Alpes, Inria, France fcedric.lauradoux,[email protected] 2 Universit´eC^oted'Azur, Inria, France fnataliia.bielova,[email protected] 3 School of Law, University Toulouse 1 Capitole, SIRIUS Chair [email protected] Abstract. With the GDPR in force in the EU since May 2018, companies and administrations need to be vigilant about the personal data they process.
    [Show full text]
  • Massenüberwachung Mittels Computerlinguistik Und Sprachtechnologie Im Lichte Der Snowden-Enthüllungen
    Masterarbeit zur Erlangung des akademischen Grades Master of Arts UZH der Philosophischen Fakultät der Universität Zürich im Rahmen des fakultätsübergreifenden Master-Studiengangs Computerlinguistik und Sprachtechnologie Massenüberwachung mittels Computerlinguistik und Sprachtechnologie im Lichte der Snowden-Enthüllungen Recherchen zum Stand der Technik und kritisch-illustratives Datenprojekt zur automatischen Generierung von Selektoren für verdachtsunabhängige Massenüberwachung von Datenströmen mit manueller Evaluation resultierender Treffer Verfasser: Hernâni Marques Madeira {[email protected],hernani@ccc-ch}.ch 7FE5 71F9 3B0C AE18 8424 C7C2 7B83 6E41 F7AB 9CE5 [email protected] (OTR-verschlüsselt) Referent: Prof. Dr. Martin Volk Betreuer: Dr. Noah Bubenhofer Institut für Computerlinguistik Abgabedatum: 30.11.2015 PUBLIC//V1.14//20160902 V1.14: EDITION NDG-ABSTIMMUNG1 1Formal sind diese Bilder und der Aufruf natürlich nicht Teil der offiziellen Abgabe. 2 An Schweizer Stimmberechtigte: Am 25. September NEIN zum NDG! https://www.stopndb.ch/ 3 Abstract The master thesis gives an overview of the state-of-the-art in mass surveillance methods and practices following the Snowden relevations and scientific papers with a focus on NLP methods. For the practical part of this work, genesis and the nature of search terms (content or soft selectors) used in finding text material by the needle-in-a-haystock methodology are researched, implemented, evaluated and critically dicscussed. Quantitatively and technically, as expected, it is found that false
    [Show full text]
  • Technological Sovereignty: Missing the Point?
    2015 7th International Conference on Cyber Conflict: Permission to make digital or hard copies of this publication for internal use within Architectures in Cyberspace NATO and for personal or educational use when for non-profit or non-commercial purposes is granted providing that copies bear this notice and a full citation on the M.Maybaum, A.-M.Osula, L.Lindström (Eds.) first page. Any other reproduction or transmission requires prior written permission 2015 © NATO CCD COE Publications, Tallinn by NATO CCD COE. Technological Sovereignty: Missing the Point? Tim Maurer Isabel Skierka Open Technology Institute Global Public Policy Institute New America Berlin, Germany Washington, DC, USA [email protected] [email protected] Mirko Hohmann Robert Morgus Global Public Policy Institute Open Technology Institute Berlin, Germany New America [email protected] Washington, DC, USA [email protected] Abstract: Following reports of foreign government surveillance starting in June 2013, senior officials and public figures in Europe have promoted proposals to achieve “technological sovereignty”. This paper provides a comprehensive mapping and impact assessment of these proposals, ranging from technical ones, such as new undersea cables, encryption, and localized data storage, to non-technical ones, such as domestic industry support, international codes of conduct, and data protection laws. The analysis focused on the technical proposals reveals that most will not effectively protect against foreign surveillance. Ultimately, the security of data depends primarily not on where it is stored and sent but how it is stored and transmitted. In addition, some proposals could negatively affect the open and free Internet or lead to inefficient allocation of resources.
    [Show full text]
  • Parldigi 2014-11-24 Pretty Easy Privacy
    Parldigi 2014-11-24 pretty Easy privacy The World is threatened… …our privacy and security is gone! Google, Facebook, WhatsApp,… are all reading, selling and using our data for their benefit. Snowden has proven that governments record all internet traffic, have built back-doors and access into software, hardware and cloud solutions. Citizens lost their privacy. Democracy is undermined. SMBs and Enterprises face Industrial Espionage. p≡p – pretty Easy privacy Protection is compromised The common protection technology TLS (based on X.509) is compromised if: • one single Certification Authority (CA) is taken (hacked, undermined, infiltrated) … • … like the NSA in the most probable case… • … then all communication – using software which is trusting this CA – is compromised. p≡p – pretty Easy privacy Metadata alone reveals a lot E-mail, even encrypted, leaves header metadata (to: - from: position and subject:) in clear text available for spooks to see. Metadata alone allows to draw interesting conclusions, like Leon’s relationships illustrated by 12 months of metadata. Organisations like the NSA can do a lot more with our metadata. p≡p – pretty Easy privacy Metadata alone reveals a lot p≡p – pretty Easy privacy p≡p is contributing to change. The Network is 0wned by the Five Eyes already. Probably it’s a lost case for now. We urgently need Free Hardware to trust in! Open Source Hardware projects are working on it. We need secure Free Software. Support Free Software now! And we need peer-to-peer communication in between: p≡p. Landscape of Messaging Solutions Voltage Datamotion Echoworx Symantec Peanut Totemo TrendMicro Zixcorp SMS LuxSci Privato Enigmail Email Agari Mailpile Textsecure Virtru Darkmail Neocertified p≡p Edgeware Cryptzone Encryptomatic BBM Mysecureemail Walnut Heml.is Threema myEnigma Kaitenmail iPGmail K9mail Messaging Sophos IronPort Barracuda Proofpoint Wickr Telegram Seecrypt Surespot Silentcircle Tigertext Chatsecure HoccerXO Kontalk iMessage p≡p.
    [Show full text]
  • Ich Möchte Nicht in Einer Welt Leben, in Der Alles, Was
    „Ich möchte nicht in einer Welt leben, in der alles, was ich sage, alles, was ich tue, jedes Gespräch, jeder Ausdruck von Kreativität, Liebe oder Freundschaft aufgezeichnet wird. Das ist nichts, was ich bereit bin zu unterstützen. Das ist nichts, das ich bereit bin mit aufzubauen. Das ist nichts, unter dem ich zu leben bereit bin. Ich denke, jeder, der eine solche Welt ablehnt, hat die Verpflichtung, im Rahmen seiner Möglichkeiten zu handeln.“ - Edward Snowden Was ist eine CryptoParty? ● Workshop zur digitalen Selbstverteidigung • "Tupperware-Party zum Lernen von Kryptographie" (Cory Doctorow) ● Einsteigerfreundlich ● Öffentlich & unkommerziell ● Fokus auf Freier Software ● Von Anwendern für Anwender -> Gelerntes weitertragen 3 / 39 Agenda ● Inputvortrag zu: • Sichere Passwörter • Verschlüsselung von E-Mails (PGP) • Tracking beim Browsen vermeiden • Dateiverschlüsselung (VeraCrypt) • Verschlüsselung von Chats (Pidgin-OTR) ● Praxis 4 / 39 Sichere Passwörter Wie werden Passwörter geknackt? ● Brute Force • Alle möglichen Kombinationen ausprobieren ● Listen / Wörterbuch-Angriffe • Alle Wörter einer Liste ausprobieren ● Social Engineering • Phishing, Person austricksen um PW zu erfahren 5 / 39 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) 6 / 39 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) ● Listen / Wörterbuch-Angriffe
    [Show full text]
  • Evaluating Ambiguity of Privacy Indicators in a Secure Email App
    Evaluating ambiguity of privacy indicators in a secure email app Borce Stojkovski and Gabriele Lenzini1 Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg [email protected] Abstract Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead of helping users, fail to convey clear and unambiguous messages. Even in well established and studied applications, like email clients providing end-to-end encryption, the problem seems far from being solved. Motivated to verify this claim, we studied the communication qualities of four privacy icons (in the form of coloured shapes) in conveying specific security messages, relevant for a particular secure emailing system called p≡p. We questioned 42 users in three different sessions, where we showed them 10 privacy ratings, along with their explanations, and asked them to match the rating and explanation with the four privacy icons. We compared the participants' associations to those made by the p≡p developers. The results, still preliminary, are not encouraging. Except for the two most extreme cases, Secure and trusted and Under attack, users almost entirely missed to get the in- dicators' intended messages. In particular, they did not grasp certain concepts such as Unsecure email and Secure email, which in turn were fundamental for the engineers. Our work has certain limitations and further investigation is required, but already at this stage our research calls for a closer collaboration between app engineers and icon designers.
    [Show full text]
  • Technological Sovereignty: Missing the Point?
    Technological Sovereignty: Missing the Point? An Analysis of European Proposals after June 5, 2013 by TIM MAURER, ROBERT MORGUS, ISABEL SKIERKA, MIRKO HOHMANN Following reports of foreign government surveillance starting in June 2013, senior officials and public figures in Europe have promoted proposals to achieve “technological sovereignty”. This paper provides a comprehensive mapping and impact assessment of these proposals, ranging from technical ones, such as new undersea cables, encryption, and localized data storage, to non-technical ones, such as domestic industry support, international codes of conduct, and data protection laws. This analysis shows that most technical proposals will not effectively protect against foreign surveillance. In addition, some proposals could negatively affect the open and free Internet or lead to inefficient allocation of resources. Finally, proposals tend to focus on the transatlantic dimension, neglecting the broader challenge of foreign surveillance and promising ideas like the expansion of encryption tools. Ultimately, the security of data depends primarily not on where it is stored and sent but how it is stored and transmitted. This paper is part of a joint project by New America's Open Technology Institute and the Global Public Policy Institute (GPPi) called "Transatlantic Dialogues on Security and Freedom in the Digital Age". For more: www.digitaldebates.org November 2014 Acknowledgements OPEN NEW TECHNOLOGY AMERICA INSTITUTE The authors would like to thank the members of the Steering Committee for the project Transatlantic Dialogues on Security and Freedom in the Digital Age (go to www.digitaldebates.org for more) as well as the participants of our workshop hosted in Washington, DC, on September 18, 2014, for their valuable input and feedback (see Annex 4).
    [Show full text]
  • Network Working Group V. Birk Internet-Draft H
    Network Working Group V. Birk Internet-Draft H. Marques Intended status: Standards Track Shelburn Expires: July 13, 2018 pEp Foundation S. Koechli pEp Security January 09, 2018 pretty Easy privacy (pEp): Privacy by Default draft-birk-pep-01 Abstract Building on already available security formats and message transports (like PGP/MIME for email), and with the intention to stay interoperable to systems widespreadly deployed, pretty Easy privacy (pEp) describes protocols to automatize operations (key management, key discovery, private key handling including peer-to-peer synchronization of private keys and other user data across devices) that have been seen to be barriers to deployment of end-to-end secure interpersonal messaging. pEp also introduces "Trustwords" (instead of fingerprints) to verify communication peers and proposes a trust rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. In this document, the general design choices and principles of pEp are outlined. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 13, 2018.
    [Show full text]