SoK: Secure messaging

Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Motivated by recent revelations of widespread state surveillance of personal communication, many solutions now claim to offer secure and private messaging. This includes both a large number of new projects and many widely adopted tools that have added security features. The intense pressure in the past two years to deliver solutions quickly has resulted in varying threat models, incomplete objectives, dubious security claims, and a lack of broad perspective on the existing cryptographic literature on secure communication. In this paper, we evaluate and systematize current secure messaging solutions and propose an evaluation framework for their security, usability, and ease-of-adoption properties. We consider solutions from academia, but also identify innovative and promising approaches used 'in-the-wild' that are not considered by the academic literature. We identify three key challenges and map the design landscape for each: trust establishment, conversation security, and transport privacy. Trust establishment approaches offering strong security and privacy features perform poorly from a usability and adoption perspective, whereas some hybrid approaches that have not been well studied in the academic literature might provide better trade-offs in practice. In contrast, once trust is established, conversation security can be achieved without any user involvement in most two-party conversations, though conversations between larger groups still lack a good solution. Finally, transport privacy appears to be the most difficult problem to solve without paying significant performance penalties.

Original languageEnglish (US)
Title of host publicationProceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages232-249
Number of pages18
ISBN (Electronic)9781467369497
DOIs
StatePublished - Jul 17 2015
Event36th IEEE Symposium on Security and Privacy, SP 2015 - San Jose, United States
Duration: May 18 2015May 20 2015

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2015-July
ISSN (Print)1081-6011

Other

Other36th IEEE Symposium on Security and Privacy, SP 2015
Country/TerritoryUnited States
CitySan Jose
Period5/18/155/20/15

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'SoK: Secure messaging'. Together they form a unique fingerprint.

Cite this