SoK: Secure Messaging

Link to the paper: http://cacr.uwaterloo.ca/techreports/2015/cacr2015-02.pdf

Summary:

As kind of a precursor I was really interested in the topic so on top of reading the paper I actually looked up the presentation the team gave at the symposium: SoK: Secure Messaging.

This paper goes through a lot of the personal communication systems out in the world today and tries to dig in to whether or not they deliver on the privacy solutions that a lot of consumers have heard hyped up in a post Snowden world. The point of this paper was to go through and create a rubric of what a good secure private messaging system should have and really look at private messaging systems from a broad standpoint - a little too broad I think for one paper. They specifically look at issues such as security, usability, and ease of adoption through 3 different "orthogonal" lenses: trust establishment, conversation security, and transport privacy.

What I liked:

  1. The really good part about this paper is that it doesn't talk about privacy in an abstract way like a lot of other academic papers do - but instead takes a hands on approach which is different from others in the field.

  2. The paper hammers in the fact that everyone builds different privacy tools but no one really digs into whether or not these privacy tools really work

  3. The data visualization of the different methods and tools in the report.

  4. I also liked the fact that the Electronic Frontier Foundation played a role in this paper - I personally consider them to be the gold standard in privacy

  5. The Paper considers a wide variety of threat models from 3 different types of adversaries ie local adversaries, global adversaries, and service providers

What I didn’t like:

  1. The author of the paper in the video acknowledges how secure messaging features like deniability and transcript consistency still have a lot of work needed before they can be deployed in a group chat setting - Multiparty OTR still lacking - so the paper is trying to evaluate some technology that hasn't really been created yet

  2. The paper never really considers how implementation is handled ie if you have a lot of great theoretical methods for keeping secure how do you evaluate the privacy system for failures in implementation

  3. I'm not sure how this paper is much more difficult than the EFF secure messaging scorecard, the only major difference that I can see is the addition of end to end encryption in the evaluation system

  4. The paper isn't really focused and extremely broad. I would have preferred they stuck to one of the 3 issues they pointed out in the beginning of their paper and really dug into how that can be improved and evaluated all the different schemes from that aspect. I feel like they cover a lot but don't go into enough depth on some of the really interest aspects.

  5. I don't think that block chains should necessarily be in the purview of this paper. Public distributed ledgers are the opposite of a private messaging system.

 Points for further discussion:

  1. Is it better to have a secure messaging system tailored to a specific use case or a 1 size fit all method standardization?

  2. Can this paper be used as a framework for how to evaluate future privacy projects

  3. Why hasn't there been a standardization of terms in the cybersecurity world when it comes to secure messaging - the paper keeps needing to define terms about the different features a protocol offers

  4. Something that came up in the symposium QandA was the demand for people using End to End encryption. The study cites that a high amount of Americans would like more privacy but how many would trade convenience for that privacy?

  5. Why has their not been a prior review of "out in the wild" approaches? 

New Ideas:

  1. "ScatterShot" encryption for messaging applications? Essentially each packet of information is randomly sent to servers at a set rate - anyone can intercept these packets. But to read them you need to have a specific private key that has been predetermined by a different scheme. The rate continues until you run out of new messages to relay - at which point we just keep looping through past messages.

  2. Study usability in privacy among different populations ie general public vs journalists vs dissidents vs whistleblowers - how complex is too complicated

  3. Can hashes of the messages which are published out in the open be used to create transcript finality? IE everytime some message is sent and opened the encrypted message is hashed and published --> then upon decryption we know when it is sent

  4. At the end of the symposium presentation the author makes the point that security proofs are not enough and the developers are the ones who make the privacy happen? How can academia which usually focuses on the proofs make more of a focus on developers?

  5. Possibly add an early adoption metric - as in how painful or risky is it for the first person to join the network - because of what we learned in atom we saw that as the network gets bigger it usually becomes safer for all users.