Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols

Abstract : Due to the increased deployment of secure messaging protocols , differences between what developers "believe" are the needs of their users and their actual needs can have real consequences. Based on 90 interviews with both high and low-risk users, as well as the developers of popular secure messaging applications, we mapped the design choices of the protocols made by developers to the relevance of these features to threat models of both high-risk and low-risk users. Client device seizures are considered more dangerous than compromised servers by high-risk users. Key verification was important to high-risk users, but they often did not engage in cryptographic key verification, instead using other "out of band" means for key verification. High-risk users, unlike low-risk users, needed pseudonyms and were heavily concerned over metadata collection. Developers tended to value open standards, open-source, and decentralization, but high-risk users found these aspects less urgent given their more pressing concerns.
Type de document :
Document associé à des manifestations scientifiques
SSR 2018 - Security Standardisation Research Conference, Nov 2018, Darmstadt, Germany
Liste complète des métadonnées

https://hal.inria.fr/hal-01966560
Contributeur : Harry Halpin <>
Soumis le : vendredi 28 décembre 2018 - 15:53:44
Dernière modification le : samedi 5 janvier 2019 - 01:12:58

Fichier

main.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01966560, version 1

Collections

Citation

Harry Halpin, Ksenia Ermoshina, Francesca Musiani. Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols. SSR 2018 - Security Standardisation Research Conference, Nov 2018, Darmstadt, Germany. 〈hal-01966560〉

Partager

Métriques

Consultations de la notice

50

Téléchargements de fichiers

24