TeamUSEC

SoK: Secure Messaging

Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg and Matthew Smith.
2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015
PDF Abstract Cite DOI

Abstract

Motivated by recent revelations of widespread state surveillance of personal communication, many products now claim to offer secure and private messaging. This includes both a large number of new projects and many widely adopted tools that have added security features. The intense pressure in the past two years to deliver solutions quickly has resulted in varying threat models, incomplete objectives, dubious security claims, and a lack of broad perspective on the existing cryptographic literature on secure communication.

In this paper, we evaluate and systematize current secure messaging solutions and propose an evaluation framework for their security, usability, and ease-of-adoption properties. We consider solutions from academia, but also identify innovative and promising approaches used “in the wild” that are not considered by the academic literature. We identify three key challenges and map the design landscape for each: trust establishment, conversation security, and transport privacy. Trust establishment approaches offering strong security and privacy features perform poorly from a usability and adoption perspective, whereas some hybrid approaches that have not been well studied in the academic literature might provide better trade-offs in practice. In contrast, once trust is established, conversation security can be achieved without any user involvement in most two-party conversations, though conversations between larger groups still lack a good solution. Finally, transport privacy appears to be the most difficult problem to solve without paying significant performance penalties.

Reference

@inproceedings{DBLP:conf/sp/UngerDBFPG015,
 author = {Nik Unger and
Sergej Dechand and
Joseph Bonneau and
Sascha Fahl and
Henning Perl and
Ian Goldberg and
Matthew Smith},
 bibsource = {dblp computer science bibliography, https://dblp.org},
 biburl = {https://dblp.org/rec/conf/sp/UngerDBFPG015.bib},
 booktitle = {2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose,
CA, USA, May 17-21, 2015},
 doi = {10.1109/SP.2015.22},
 pages = {232--249},
 publisher = {IEEE Computer Society},
 title = {SoK: Secure Messaging},
 url = {https://doi.org/10.1109/SP.2015.22},
 year = {2015}
}