Improved user authentication in off-the-record messaging

@inproceedings{Alexander2007ImprovedUA,
  title={Improved user authentication in off-the-record messaging},
  author={Chris Alexander and Ian Goldberg},
  booktitle={WPES '07},
  year={2007}
}
Instant Messaging software is now used in homes and businesses by a wide variety of people. Many of these users would benefit from additional privacy, but do not have enough specialized knowledge to use existing privacy-enhancing software. There is a need for privacy software to be easy to understand, with complicated cryptographic concepts hidden from the user. We look at improving the usability of Off-the-Record Messaging, a popular privacy plugin for instant messaging software. By using a… Expand
A user study of off-the-record messaging
TLDR
A user study of the OTR plugin for the Pidgin instant messaging client using the think aloud method finds a variety of usability flaws remaining in the design of OTR and discusses how these errors can be repaired, as well as identifies an area that requires further research to improve its usability. Expand
(In-)Secure messaging with the Silent Circle instant messaging protocol
TLDR
Many of the security properties of SCimp version 1 are found to be secure, however many of the extensions contain vulnerabilities and the implementation contains bugs that affect the overall security. Expand
ON END-TO-END ENCRYPTION FOR CLOUD-BASED SERVICES
TLDR
The hope in proposing Keyfob with a symmetric-key approach is to highlight challenges in such a lesser-explored mechanism, and attract researchers towards the long-standing problem of enabling end-to-end encryption in a cloud-dominated environment. Expand
End-to-End Secure and Privacy Preserving Mobile Chat Application
TLDR
A basic framework for an End-to-End (E2E) security and privacy-preserving mobile chat service and associated requirements is put forward and the proposal to provide proof-of-concept and evaluate the technical difficulty of satisfying the stipulatedSecurity and privacy requirements is implemented. Expand
The Snowden Phone: A Comparative Survey of Secure Instant Messaging Mobile Applications (authors' version)
TLDR
This survey compares the existing implementations of end-to-end encrypted messaging protocols called Signal to identify which types of security and usability properties each application provides, and gives proposals for improving each application w.r.t. security, privacy, and usability. Expand
Secure Browser-Based Instant Messaging
TLDR
This work presents a prototype implementation of the secure messaging overlays and the results of two user studies–the first study focusing on user interest in secure chat and the second being a usability study of the prototype. Expand
SoK: Secure Messaging
TLDR
This paper evaluates and systematize current secure messaging solutions and proposes an evaluation framework for their security, usability, and ease-of-adoption properties, and identifies three key challenges and map the design landscape for each: trust establishment, conversation security, and transport privacy. Expand
Multi-party off-the-record messaging
TLDR
This paper identifies the properties of multi-party private meetings, the differences not only between the physical and electronic medium but also between two- and multi- party scenarios, which have important implications for the design of private chatrooms. Expand
Private Facebook Chat
TLDR
The design of PFC (Private Facebook Chat), a system providing convenient, secure instant messaging within Facebook Chat, which offers end-to-end encryption in order to thwart any eavesdropper, including Facebook itself is presented. Expand
Keeping data secret under full compromise using porter devices
TLDR
This work addresses the problem of confidentiality in scenarios where the attacker is not only able to observe the communication between principals, but can also fully compromise the communicating parties after the confidential data has been exchanged and proposes two new solutions that provide confidentiality after the full compromise of devices and user passwords. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 23 REFERENCES
Secure off-the-record messaging
TLDR
A security analysis of OTR is presented showing that, while the overall concept of the system is valid and attractive, the protocol suffers from security shortcomings due to the use of an insecure key-exchange protocol and other problematic design choices. Expand
Off-the-record communication, or, why not to use PGP
TLDR
This paper presents a protocol for secure online communication, called "off-the-record messaging", which has properties better-suited for casual conversation than do systems like PGP or S/MIME. Expand
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0
TLDR
It is concluded that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting the hypothesis that user interface design for effective security remains an open problem. Expand
Wallet Databases with Observers
TLDR
This article argues that a particular combination of these two kinds of mechanism can overcome the limitations of each alone, providing both security and correctness for organizations as well as privacy and even anonymity for individuals. Expand
SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols
TLDR
The SIGMA protocols provide perfect forward secrecy via a Diffie-Hellman exchange authenticated with digital signatures, and are specifically designed to ensure sound cryptographic key exchange while providing a variety of features and trade-offs required in practical scenarios. Expand
Authentication and authenticated key exchanges
TLDR
A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols. Expand
HMAC: Keyed-Hashing for Message Authentication
This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, inExpand
Efficient signature generation by smart cards
  • C. Schnorr
  • Mathematics, Computer Science
  • Journal of Cryptology
  • 2004
TLDR
An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures. Expand
Protocols for secure computations
  • A. Yao
  • Computer Science
  • FOCS 1982
  • 1982
TLDR
This paper describes three ways of solving the millionaires’ problem by use of one-way functions (i.e., functions which are easy to evaluate but hard to invert) and discusses the complexity question “How many bits need to be exchanged for the computation”. Expand
New directions in cryptography
TLDR
This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing. Expand
...
1
2
3
...