TY - GEN
T1 - Incidental Incremental In-Band Fingerprint Verification
T2 - 2022 New Security Paradigms Workshop, NSPW 2022
AU - Malkin, Nathan
N1 - Publisher Copyright:
© 2022 Owner/Author.
PY - 2022/10/24
Y1 - 2022/10/24
N2 - End-to-end encryption in popular messaging applications relies on centralized key servers. To keep these honest, users are supposed to meet in person and compare "fingerprints"of their public keys. Very few people do this, despite attempts to make this process more usable, making trust in the systems tenuous. To encourage broader adoption of verification behaviors, this paper proposes a new type of authentication ceremony, incidental incremental in-band fingerprint verification (I3FV), in which users periodically share with their friends photos or videos of themselves responding to simple visual or behavioral prompts ("challenges"). This strategy allows verification to be performed incidentally to normal user activities, incrementally over time, and in-band within the messaging application. By replacing a dedicated security task with a fun, already-widespread activity, I3FV has the potential to vastly increase the number of people verifying keys and therefore strengthen trust in encrypted messaging.
AB - End-to-end encryption in popular messaging applications relies on centralized key servers. To keep these honest, users are supposed to meet in person and compare "fingerprints"of their public keys. Very few people do this, despite attempts to make this process more usable, making trust in the systems tenuous. To encourage broader adoption of verification behaviors, this paper proposes a new type of authentication ceremony, incidental incremental in-band fingerprint verification (I3FV), in which users periodically share with their friends photos or videos of themselves responding to simple visual or behavioral prompts ("challenges"). This strategy allows verification to be performed incidentally to normal user activities, incrementally over time, and in-band within the messaging application. By replacing a dedicated security task with a fun, already-widespread activity, I3FV has the potential to vastly increase the number of people verifying keys and therefore strengthen trust in encrypted messaging.
UR - http://www.scopus.com/inward/record.url?scp=85165758844&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85165758844&partnerID=8YFLogxK
U2 - 10.1145/3584318.3584326
DO - 10.1145/3584318.3584326
M3 - Conference contribution
AN - SCOPUS:85165758844
T3 - ACM International Conference Proceeding Series
SP - 104
EP - 116
BT - Proceedings of the 2022 New Security Paradigms Workshop, NSPW 2022
PB - Association for Computing Machinery
Y2 - 24 October 2022 through 27 October 2022
ER -