Coniks: Bringing key transparency to end users

Marcela S. Melara; Aaron Blankstein; Joseph Bonneau; Edward W. Felten; Michael J. Freedman

Coniks: Bringing key transparency to end users

Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, Michael J. Freedman

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.

Original language	English (US)
Title of host publication	Proceedings of the 24th USENIX Security Symposium
Publisher	USENIX Association
Pages	383-398
Number of pages	16
ISBN (Electronic)	9781931971232
State	Published - 2015
Event	24th USENIX Security Symposium - Washington, United States Duration: Aug 12 2015 → Aug 14 2015

Publication series

Name	Proceedings of the 24th USENIX Security Symposium

Conference

Conference	24th USENIX Security Symposium
Country/Territory	United States
City	Washington
Period	8/12/15 → 8/14/15

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Cite this

@inproceedings{726f1bc8868f4c8194e8566f1c9d2ffd,

title = "Coniks: Bringing key transparency to end users",

abstract = "We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today{\textquoteright}s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.",

author = "Melara, {Marcela S.} and Aaron Blankstein and Joseph Bonneau and Felten, {Edward W.} and Freedman, {Michael J.}",

note = "Funding Information: We thank Gary Belvin, Yan Zhu, Arpit Gupta, Josh Kroll, David Gil, Ian Miers, Henry Corrigan-Gibbs, Trevor Per-rin, and the anonymous USENIX reviewers for their feedback. This research was supported by NSF Award TC-1111734. Joseph Bonneau is supported by a Secure Usability Fellowship from OTF and Simply Secure. Funding Information: We thank Gary Belvin, Yan Zhu, Arpit Gupta, Josh Kroll, David Gil, Ian Miers, Henry Corrigan-Gibbs, Trevor Perrin, and the anonymous USENIX reviewers for their feedback. This research was supported by NSF Award TC-1111734. Joseph Bonneau is supported by a Secure Usability Fellowship from OTF and Simply Secure. Publisher Copyright: {\textcopyright} 2015 Proceedings of the 24th USENIX Security Symposium. All rights reserved.; 24th USENIX Security Symposium ; Conference date: 12-08-2015 Through 14-08-2015",

year = "2015",

language = "English (US)",

series = "Proceedings of the 24th USENIX Security Symposium",

publisher = "USENIX Association",

pages = "383--398",

booktitle = "Proceedings of the 24th USENIX Security Symposium",

}

TY - GEN

T1 - Coniks

T2 - 24th USENIX Security Symposium

AU - Melara, Marcela S.

AU - Blankstein, Aaron

AU - Bonneau, Joseph

AU - Felten, Edward W.

AU - Freedman, Michael J.

N1 - Funding Information: We thank Gary Belvin, Yan Zhu, Arpit Gupta, Josh Kroll, David Gil, Ian Miers, Henry Corrigan-Gibbs, Trevor Per-rin, and the anonymous USENIX reviewers for their feedback. This research was supported by NSF Award TC-1111734. Joseph Bonneau is supported by a Secure Usability Fellowship from OTF and Simply Secure. Funding Information: We thank Gary Belvin, Yan Zhu, Arpit Gupta, Josh Kroll, David Gil, Ian Miers, Henry Corrigan-Gibbs, Trevor Perrin, and the anonymous USENIX reviewers for their feedback. This research was supported by NSF Award TC-1111734. Joseph Bonneau is supported by a Secure Usability Fellowship from OTF and Simply Secure. Publisher Copyright: © 2015 Proceedings of the 24th USENIX Security Symposium. All rights reserved.

PY - 2015

Y1 - 2015

N2 - We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.

AB - We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.

UR - http://www.scopus.com/inward/record.url?scp=85076303055&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076303055&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85076303055

T3 - Proceedings of the 24th USENIX Security Symposium

SP - 383

EP - 398

BT - Proceedings of the 24th USENIX Security Symposium

PB - USENIX Association

Y2 - 12 August 2015 through 14 August 2015

ER -

Coniks: Bringing key transparency to end users

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this