Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols

Abstract : Due to the increased deployment of secure messaging protocols , differences between what developers "believe" are the needs of their users and their actual needs can have real consequences. Based on 90 interviews with both high and low-risk users, as well as the developers of popular secure messaging applications, we mapped the design choices of the protocols made by developers to the relevance of these features to threat models of both high-risk and low-risk users. Client device seizures are considered more dangerous than compromised servers by high-risk users. Key verification was important to high-risk users, but they often did not engage in cryptographic key verification, instead using other "out of band" means for key verification. High-risk users, unlike low-risk users, needed pseudonyms and were heavily concerned over metadata collection. Developers tended to value open standards, open-source, and decentralization, but high-risk users found these aspects less urgent given their more pressing concerns.
Document type :
Documents associated with scientific events
Complete list of metadatas

Cited literature [9 references]  Display  Hide  Download

https://hal.inria.fr/hal-01966560
Contributor : Harry Halpin <>
Submitted on : Friday, December 28, 2018 - 3:53:44 PM
Last modification on : Friday, October 18, 2019 - 10:52:05 AM
Long-term archiving on : Friday, March 29, 2019 - 1:06:05 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01966560, version 1

Citation

Harry Halpin, Ksenia Ermoshina, Francesca Musiani. Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols. SSR 2018 - Security Standardisation Research Conference, Nov 2018, Darmstadt, Germany. ⟨hal-01966560⟩

Share

Metrics

Record views

143

Files downloads

683