[en] Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, and how to comply with comparable system requirements. Assuming a scenario where servers may not be trusted, we review and analyze a list of threats specifically against message delivering, archiving, and contact synchronization. We also describe a list of requirements intended for whom undertakes the task of implementing secure and private messaging. The cryptographic solutions available to mitigate the threats and to comply with the requirements may differ, as the two applications are built on different assumptions and technologies.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
SYMEONIDIS, Iraklis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant messaging
Date de publication/diffusion :
février 2020
Nom de la manifestation :
6th International Conference on Information Systems Security and Privacy
Date de la manifestation :
from 25-02-2020 to 27-02-2020
Manifestation à portée :
International
Titre de l'ouvrage principal :
International Conference on Information Systems Security and Privacy, Malta 25-27 February 2020
Biczók, G. and Chia, P. H. (2013). Interdependent privacy: Let me share your data. In Financial Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers, pages 338-353.
Bini, O. and Celi, S. (2018). No evidence of communication and implementing a protocol: Off-the-record protocol version 4. Hotpets.
Borisov, N., Goldberg, I., and Brewer, E. A. (2004). Off-the-record communication, or, why not to use PGP. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES 2004, Washington, DC, USA, October 28, 2004, pages 77-84.
Camenisch, J. and Lysyanskaya, A. (2004). Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology - CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 56-72.
Clark, J., van Oorschot, P. C., Ruoti, S., Seamons, K. E., and Zappala, D. (2018). Securing email. CoRR, abs/1804.07706.
Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and Smith, R. (2013). Privacy Considerations for Internet Protocols. RFC 6973.
Council of Europe: European Court of Human Rights (2016). Guide on Article 8 of the European Convention on Human Rights - Right to respect for private and family life. https://www.echr.coe.int/Documents/GuideArt8ENG.pdf. Accessed December, 2019.
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J., Métayer, D. L., Tirtea, R., and Schiffner, S. (2015). Privacy and data protection by design - from policy to engineering. CoRR, abs/1501.03726.
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., and Joosen, W. (2011). A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1):3-32.
Díaz, C., Seys, S., Claessens, J., and Preneel, B. (2002). Towards measuring anonymity. In Privacy Enhancing Technologies, Second International Workshop, PET 2002, San Francisco, CA, USA, April 14-15, 2002, Revised Papers, pages 54-68.
Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Trans. Information Theory, 22(6):644-654.
Ermoshina, K., Musiani, F., and Halpin, H. (2016). End-to-end encrypted messaging protocols: An overview. In Internet Science - Third International Conference, INSCI 2016, Florence, Italy, September 12-14, 2016, Proceedings, pages 244-254.
European Commission. Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is "likely to result in a high risk" for the purposes of Regulation 2016/679 (17/EN WP 248). http://ec.europa.eu/newsroom/document.cfm?docid=44137. Accessed May, 2018.
European Parliament and the European Council (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L119, 4.5.2016. 59:1-87.
Finney, H., Donnerhacke, L., Callas, J., Thayer, R. L., and Shaw, D. (2007). OpenPGP Message Format. RFC 4880.
Garfinkel, S. (1995). PGP - pretty good privacy: encryption for everyone (2. ed.). O'Reilly.
Hoffman, P. (2002). SMTP Service Extension for Secure SMTP over Transport Layer Security. RFC 3207.
Howard, M. and Lipner, S. (2009). The security development lifecycle. O'Reilly Media, Incorporated.
Hu, H. and Wang, G. (2018). End-to-end measurements of email spoofing attacks. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018., pages 1095-1112.
Klensin, J. (2008). Simple Mail Transfer Protocol. RFC 5321.
Levine, B., Reiter, M., Wang, C., and Wright, M. (2004). Timing attacks in low-latency mix systems (extended abstract). In Financial Cryptography, 8th International Conference, FC 2004, Key West, FL, USA, February 9-12, 2004. Revised Papers, pages 251-265.
Marotta, D. J. and Russell, M. (2013). Support for The Right to Privacy of Correspondence. http://www.marottaonmoney.com/support-for-the-right-to-privacy-of-correspondence/. Accessed December, 2019.
Marques, H., Luck, C., and Hoeneisen, B. (2019). pretty Easy privacy (pEp): Privacy by Default. Internet-Draft draft-birk-pep-04, Internet Engineering Task Force. Work in Progress.
Menezes, A., Oorschot, P., and Vanstone, S. (1996). Handbook of Applied Cryptography. CRC Press.
Microsoft (2010). Improving Web Application Security: Threats and Countermeasures. Accessed May, 2016.
Murdoch, S. J. and Danezis, G. (2005). Low-cost traffic analysis of tor. In 2005 IEEE Symposium on Security and Privacy (S & P 2005), 8-11 May 2005, Oakland, CA, USA, pages 183-195.
Newman, C. (1999). Using TLS with IMAP, POP3 and ACAP. RFC 2595.
Pfitzmann, A. and Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobserv-ability, pseudonymity, and identity management.
Resnick, P. (2008). Internet Message Format. RFC 5322.
Rijhansen (2019). SKS Keyserver Network Under Attack. https://gist.github.com/rjhansen. Accessed December, 2019.
Rivest, R. L., Shamir, A., and Tauman, Y. (2001). How to leak a secret. In Advances in Cryptology - ASI-ACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, December 9-13, 2001, Proceedings, pages 552-565.
Roger Clarke (2016). Introduction to Dataveillance and Information Privacy, and Definitions of Terms (1997) (revised in 1999, 2005, 2006). http://www.rogerclarke.com/DV/Intro.html. Accessed October, 2019.
Saint-Andre, P. (2004). Extensible Messaging and Presence Protocol (XMPP): Core. RFC 3920.
Saint-Andre, P. (2011). Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. RFC 6121.
Shirazi, F., Simeonovski, M., Asghar, M. R., Backes, M., and Díaz, C. (2018). A survey on routing in anonymous communication protocols. ACM Comput. Surv., 51(3):51:1-51:39.
Signal (2013). Forward secrecy for asynchronous messages. https://signal.org/blog/asynchronous-security. Accessed July, 2019.
Stanger, A. (2019). Whistleblowers: Honesty in America from Washington to Trump. Yale Univ. Press.
Symeonidis, I. (2018). Analysis and Design of Privacy-Enhancing Information Sharing Systems. PhD thesis, ESAT, imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001 Leuven, Belgium. http://hdl.handle.net/10993/37607.
Symeonidis, I., Aly, A., Mustafa, M. A., Mennink, B., Dhooghe, S., and Preneel, B. (2017). Sepcar: A secure and privacy-enhancing protocol for car access provision. In Computer Security - ESORICS 2017-22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II, pages 475-493.
Symeonidis, I. and Hoeneisen, B. (2019). Privacy and Security Threat Analysis and Requirements for Private Messaging. Internet-Draft draft-symeonidis-medup-requirements-00, Internet Engineering Task Force. Work in Progress.
Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H., Goldberg, I., and Smith, M. (2015). Sok: Secure messaging. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 232-249.
Zhou, J. and Gollmann, D. (1997). Evidence and non-repudiation. J. Netw. Comput. Appl., 20(3):267-281.
Zhu, Y., Fu, X., Graham, B., Bettati, R., and Zhao, W. (2010). Correlation-based traffic analysis attacks on anonymity networks. IEEE Trans. Parallel Distrib. Syst., 21(7):954-967.
