26 May 2021 - Melissa Chase Speaker Melissa Chase Title Identity in E2E encrypted messaging: "My messages are encrypted, but who am I talking to?" Abstract In end-to-end (E2E) encrypted messaging, a user's messages are encrypted on their device with a key not known to the service provider and not decrypted until they arrive at the recipient's device. This is considered to provide strong privacy guarantees, even against a corrupt or compromised service provider. There has been a successful line of work looking at how best to allow the two users to derive the keys used to encrypt these messages. However, most works assume that the parties begin with one another's public key and omit the question of how the users obtain and verify these keys. Note that this is crucially important - if a corrupt service provider can replace each user's public key with one for which it knows the secret key, it can undetectably man-in-the middle all of the communication between the two parties. In this talk I will first survey the current state of identity in these messaging services and then present two recent results. The first result shows how the service provider can host a privacy preserving and transparent public key directory which allows the user (or more accurately their device) to verify that correct keys are given out on their behalf. The second result considers the group setting and shows how groups of users can view and manage the list of group members without the service provider learning which (if any) groups any user belongs to. May 26 2021 17.00 - 18.00 26 May 2021 - Melissa Chase Security, Privacy & Trust Seminar by Melissa Chase Join Zoom Meeting https://ed-ac-uk.zoom.us/j/82923771077 Meeting ID: 829 2377 1077 Passcode: 2NEgu0mz Video recording of seminar by Melissa Chase
26 May 2021 - Melissa Chase Speaker Melissa Chase Title Identity in E2E encrypted messaging: "My messages are encrypted, but who am I talking to?" Abstract In end-to-end (E2E) encrypted messaging, a user's messages are encrypted on their device with a key not known to the service provider and not decrypted until they arrive at the recipient's device. This is considered to provide strong privacy guarantees, even against a corrupt or compromised service provider. There has been a successful line of work looking at how best to allow the two users to derive the keys used to encrypt these messages. However, most works assume that the parties begin with one another's public key and omit the question of how the users obtain and verify these keys. Note that this is crucially important - if a corrupt service provider can replace each user's public key with one for which it knows the secret key, it can undetectably man-in-the middle all of the communication between the two parties. In this talk I will first survey the current state of identity in these messaging services and then present two recent results. The first result shows how the service provider can host a privacy preserving and transparent public key directory which allows the user (or more accurately their device) to verify that correct keys are given out on their behalf. The second result considers the group setting and shows how groups of users can view and manage the list of group members without the service provider learning which (if any) groups any user belongs to. May 26 2021 17.00 - 18.00 26 May 2021 - Melissa Chase Security, Privacy & Trust Seminar by Melissa Chase Join Zoom Meeting https://ed-ac-uk.zoom.us/j/82923771077 Meeting ID: 829 2377 1077 Passcode: 2NEgu0mz Video recording of seminar by Melissa Chase
May 26 2021 17.00 - 18.00 26 May 2021 - Melissa Chase Security, Privacy & Trust Seminar by Melissa Chase