-
Automatic Detection of Fake Key Attacks in Secure Messaging
Authors:
Tarun Kumar Yadav,
Devashish Gosain,
Amir Herzberg,
Daniel Zappala,
Kent Seamons
Abstract:
Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to p…
▽ More
Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. While typical secure messaging applications provide a manual method for users to detect these attacks, this burdens users, and studies show it is ineffective in practice. This paper presents KTACA, a completely automated approach for key verification that is oblivious to users and easy to deploy. We motivate KTACA by designing two approaches to automatic key verification. One approach uses client auditing (KTCA) and the second uses anonymous key monitoring (AKM). Both have relatively inferior security properties, leading to KTACA, which combines these approaches to provide the best of both worlds. We provide a security analysis of each defense, identifying which attacks they can automatically detect. We implement the active attacks to demonstrate they are possible, and we also create a prototype implementation of all the defenses to measure their performance and confirm their feasibility. Finally, we discuss the strengths and weaknesses of each defense, the overhead on clients and service providers, and deployment considerations.
△ Less
Submitted 18 October, 2022;
originally announced October 2022.
-
SoK: Securing Email -- A Stakeholder-Based Analysis (Extended Version)
Authors:
Jeremy Clark,
P. C. van Oorschot,
Scott Ruoti,
Kent Seamons,
Daniel Zappala
Abstract:
While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This situation motivates our research. We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts t…
▽ More
While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This situation motivates our research. We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions. We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers. We also evaluate the building blocks of secure email -- cryptographic primitives, key management schemes, and system designs -- to identify their support for stakeholder properties. From our analysis, we conclude that a one-size-fits-all solution is unlikely. Furthermore, we highlight that vulnerable users are not well served by current solutions, account for the failure of PGP, and argue that secure messaging, while complementary, is not a fully substitutable technology.
△ Less
Submitted 22 October, 2021; v1 submitted 20 April, 2018;
originally announced April 2018.
-
TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication
Authors:
Mark O'Neill,
Scott Heidbrink,
Jordan Whitehead,
Scott Ruoti,
Dan Bunker,
Kent Seamons,
Daniel Zappala
Abstract:
We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system.…
▽ More
We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. We design and evaluate a prototype implementation of TrustBase on Linux, evaluate its security, and demonstrate that it has negligible overhead and universal compatibility with applications. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.
△ Less
Submitted 26 October, 2016;
originally announced October 2016.
-
MessageGuard: A Browser-based Platform for Usable, Content-Based Encryption Research
Authors:
Scott Ruoti,
Jeff Andersen,
Tyler Monson,
Daniel Zappala,
Kent Seamons
Abstract:
This paper describes MessageGuard, a browser-based platform for research into usable content-based encryption. MessageGuard is designed to enable collaboration between security and usability researchers on long-standing research questions in this area. It significantly simplifies the effort required to work in this space and provides a place for research results to be shared, replicated, and compa…
▽ More
This paper describes MessageGuard, a browser-based platform for research into usable content-based encryption. MessageGuard is designed to enable collaboration between security and usability researchers on long-standing research questions in this area. It significantly simplifies the effort required to work in this space and provides a place for research results to be shared, replicated, and compared with minimal confounding factors. MessageGuard provides ubiquitous encryption and secure cryptographic operations, enabling research on any existing web application, with realistic usability studies on a secure platform. We validate MessageGuard's compatibility and performance, and we illustrate its utility with case studies for Gmail and Facebook Chat.
△ Less
Submitted 16 May, 2016; v1 submitted 29 October, 2015;
originally announced October 2015.
-
Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client
Authors:
Scott Ruoti,
Jeff Andersen,
Daniel Zappala,
Kent Seamons
Abstract:
This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after \textit{Why Johnny Can't Encrypt}, modern PGP tools are still unusa…
▽ More
This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after \textit{Why Johnny Can't Encrypt}, modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.
△ Less
Submitted 13 January, 2016; v1 submitted 28 October, 2015;
originally announced October 2015.
-
"We're on the Same Page": A Usability Study of Secure Email Using Pairs of Novice Users
Authors:
Scott Ruoti,
Jeff Andersen,
Scott Heidbrink,
Mark O'Neil,
Elham Vaziripour,
Justin Wu,
Daniel Zappala,
Kent Seamons
Abstract:
Secure email is increasingly being touted as usable by novice users, with a push for adoption based on recent concerns about government surveillance. To determine whether secure email is for grassroots adoption, we employ a laboratory user study that recruits pairs of novice to install and use several of the latest systems to exchange secure messages. We present quantitative and qualitative result…
▽ More
Secure email is increasingly being touted as usable by novice users, with a push for adoption based on recent concerns about government surveillance. To determine whether secure email is for grassroots adoption, we employ a laboratory user study that recruits pairs of novice to install and use several of the latest systems to exchange secure messages. We present quantitative and qualitative results from 25 pairs of novice users as they use Pwm, Tutanota, and Virtru. Participants report being more at ease with this type of study and better able to cope with mistakes since both participants are "on the same page". We find that users prefer integrated solutions over depot-based solutions, and that tutorials are important in hel** first-time users. Hiding the details of how a secure email system provides security can lead to a lack of trust in the system. Participants expressed a desire to use secure email, but few wanted to use it regularly and most were unsure of when they might use it.
△ Less
Submitted 11 January, 2016; v1 submitted 28 October, 2015;
originally announced October 2015.
-
Private Webmail 2.0: Simple and Easy-to-Use Secure Email
Authors:
Scott Ruoti,
Jeff Andersen,
Travis Hendershot,
Daniel Zappala,
Kent Seamons
Abstract:
Private Webmail 2.0 (Pwm 2.0) improves upon the current state of the art by increasing the usability and practical security of secure email for ordinary users. More users are able to send and receive encrypted emails without mistakenly revealing sensitive information. In this paper we describe user interface traits that positively affect the usability and security of Pwm 2.0: (1) an artificial del…
▽ More
Private Webmail 2.0 (Pwm 2.0) improves upon the current state of the art by increasing the usability and practical security of secure email for ordinary users. More users are able to send and receive encrypted emails without mistakenly revealing sensitive information. In this paper we describe user interface traits that positively affect the usability and security of Pwm 2.0: (1) an artificial delay to encryption that enhances user confidence in Pwm 2.0 while simultaneously instructing users on who can read their encrypted messages; (2) a modified composition interface that helps protect users from mistakenly sending sensitive information in the clear; (3) an annotated secure email composition interface that instructs users on how to correctly use secure email; and (4) inline, context-sensitive tutorials, which improved view rates for tutorials from less than 10% in earlier systems to over 90% for Pwm 2.0. In a user study involving 51 participants we validate these interface modifications, and also show that the use of manual encryption has no effect on usability or security.
△ Less
Submitted 8 August, 2016; v1 submitted 28 October, 2015;
originally announced October 2015.
-
User Attitudes Toward the Inspection of Encrypted Traffic
Authors:
Scott Ruoti,
Mark O'Neil,
Daniel Zappala,
Kent Seamons
Abstract:
This paper reports the results of a survey of 1,976 individuals regarding their opinions on TLS inspection, a controversial technique that can be used for both benevolent and malicious purposes. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or gover…
▽ More
This paper reports the results of a survey of 1,976 individuals regarding their opinions on TLS inspection, a controversial technique that can be used for both benevolent and malicious purposes. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that there are a small but significant number of participants who are jaded by the current state of affairs and have no expectation of privacy.
△ Less
Submitted 10 June, 2016; v1 submitted 16 October, 2015;
originally announced October 2015.
-
TLS Proxies: Friend or Foe?
Authors:
Mark O'Neill,
Scott Ruoti,
Kent Seamons,
Daniel Zappala
Abstract:
The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless government surveillance. To understand the prevalence and uses of these proxies, we build a TLS proxy measurement tool and deploy it via Google AdWords campaign…
▽ More
The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless government surveillance. To understand the prevalence and uses of these proxies, we build a TLS proxy measurement tool and deploy it via Google AdWords campaigns. We generate 15.2 million certificate tests across two large-scale measurement studies. We find that 1 in 250 TLS connections are TLS-proxied. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find numerous instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness.
△ Less
Submitted 28 May, 2015; v1 submitted 26 July, 2014;
originally announced July 2014.