Off-the-record communication, or, why not to use PGP

@inproceedings{Borisov2004OfftherecordCO,
  title={Off-the-record communication, or, why not to use PGP},
  author={Nikita Borisov and Ian Goldberg and Eric A. Brewer},
  booktitle={WPES '04},
  year={2004}
}
Quite often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity. In this paper, we argue that most social communications online should have just the opposite of the above two properties; namely, they should have… 
Off-the-Record (OTR) Security Protocol Application in Cloud Environment
TLDR
The differences between OTR and some of the most used protocols in Internet of things (IoT) sector and why should IoT network use it are addressed.
Multi-party off-the-record messaging
TLDR
This paper identifies the properties of multi-party private meetings, the differences not only between the physical and electronic medium but also between two- and multi- party scenarios, which have important implications for the design of private chatrooms.
mpENC Multi-Party Encrypted Messaging Protocol design document
TLDR
This document is a technical overview and discussion of the work, a protocol for secure group messaging, which provides everything needed to run a messaging session between real users on top of a real transport protocol.
Improved group off-the-record messaging
TLDR
This work proposes an improved group OTR (GOTR) protocol that provides unconditional repudiability, and shows how to obtain data origin authentication given this level of repudiability.
Secure off-the-record messaging
TLDR
A security analysis of OTR is presented showing that, while the overall concept of the system is valid and attractive, the protocol suffers from security shortcomings due to the use of an insecure key-exchange protocol and other problematic design choices.
How to exchange email securely with Johnny who still can’t encrypt
TLDR
EKEmail is designed to specifically cater for the non-interactive email environment which is complicated by the possibilities that email messages may be lost, not read in the order received, or not replied to at all and allows users to enjoy secure email communications with minimal inconvenience.
Stronger Security and Constructions of Multi-designated Verifier Signatures
TLDR
Strong definitions for Multi-Designated Verifier Signatures are defined, source-hiding is strengthened to support any subset of corrupt verifiers, and the first formal definition of consistency is given.
On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees
TLDR
This work presents a design called Asynchronous Ratcheting Trees (ART), which uses tree-based Diffie-Hellman key exchange to allow a group of users to derive a shared symmetric key even if no two are ever online at the same time.
Stronger Notions and Constructions for Multi-Designated Verifier Signatures
TLDR
Strong definitions for Multi-Designated Verifier Signatures are defined, source-hiding is strengthened to support any subset of corrupt verifiers, and the first formal definition of consistency is given.
A Comparison of Secure Messaging Protocols and Implementations
TLDR
This thesis investigates protocols for end-to-end encrypted instant messaging, focusing on the existing implementations of one of the recent and popular such protocols, called Signal, and analyzing the most used secure messaging applications.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 35 REFERENCES
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
TLDR
A formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that allows for simple modular proofs of security is presented.
How to Leak a Secret
TLDR
A new construction of ring signatures is proposed, which is unconditionally signer-ambiguous, provably secure in the random oracle model, and exceptionally efficient: adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption.
SSH: secure login connections over the internet
SSH provides secure login, file transfer, X11, and TCP/IP connections over an untrusted network. It uses cryptographic authentication, automatic session encryption, and integrity protection for
A method for obtaining digital signatures and public-key cryptosystems
TLDR
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.
SKEME: a versatile secure key exchange mechanism for Internet
  • H. Krawczyk
  • Computer Science
    Proceedings of Internet Society Symposium on Network and Distributed Systems Security
  • 1996
TLDR
SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security models over Internet and provides clear tradeoffs between security and performance as required by the different scenarios without incurring in unnecessary system complexity.
The OAKLEY Key Determination Protocol
TLDR
The OAKLEY protocol supports Perfect Forward Secrecy, compatibility with the ISAKMP protocol for managing security associations, user-defined abstract group structures for use with the Diffie-Hellman algorithm, key updates, and incorporation of keys distributed via out-of-band mechanisms.
Efficient authentication and signing of multicast streams over lossy channels
TLDR
This work proposes two efficient schemes, TESLA and EMSS, for secure lossy multicast streams, and offers sender authentication, strong loss robustness, high scalability and minimal overhead at the cost of loose initial time synchronization and slightly delayed authentication.
How to Forget a Secret
TLDR
It is shown how to use a small erasable memory in order to transform a large non-erasable memory into a large and erasables memory, and how to turn any type of storage device into a storage device that can selectively forget.
Digital Signature Standard (DSS)
TLDR
This standard specifies a suite of algorithms, which can be used to generate a digital signature, that are used to detect unauthorized modifications to data and to authenticate the identity of the signatory.
HMAC: Keyed-Hashing for Message Authentication
This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in
...
1
2
3
4
...