Incidental Incremental In-Band Fingerprint Verification: a Novel Authentication Ceremony for End-to-End Encrypted Messaging

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

End-to-end encryption in popular messaging applications relies on centralized key servers. To keep these honest, users are supposed to meet in person and compare "fingerprints"of their public keys. Very few people do this, despite attempts to make this process more usable, making trust in the systems tenuous. To encourage broader adoption of verification behaviors, this paper proposes a new type of authentication ceremony, incidental incremental in-band fingerprint verification (I3FV), in which users periodically share with their friends photos or videos of themselves responding to simple visual or behavioral prompts ("challenges"). This strategy allows verification to be performed incidentally to normal user activities, incrementally over time, and in-band within the messaging application. By replacing a dedicated security task with a fun, already-widespread activity, I3FV has the potential to vastly increase the number of people verifying keys and therefore strengthen trust in encrypted messaging.

Original languageEnglish (US)
Title of host publicationProceedings of the 2022 New Security Paradigms Workshop, NSPW 2022
PublisherAssociation for Computing Machinery
Pages104-116
Number of pages13
ISBN (Electronic)9781450398671
DOIs
StatePublished - Oct 24 2022
Externally publishedYes
Event2022 New Security Paradigms Workshop, NSPW 2022 - North Conway, United States
Duration: Oct 24 2022Oct 27 2022

Publication series

NameACM International Conference Proceeding Series

Conference

Conference2022 New Security Paradigms Workshop, NSPW 2022
Country/TerritoryUnited States
CityNorth Conway
Period10/24/2210/27/22

All Science Journal Classification (ASJC) codes

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Fingerprint

Dive into the research topics of 'Incidental Incremental In-Band Fingerprint Verification: a Novel Authentication Ceremony for End-to-End Encrypted Messaging'. Together they form a unique fingerprint.

Cite this