Abstract
Due to increased government surveillance as well as data breaches, end-to-end encryption has recently received an increasing attention as a way to protect against such threats. End-to-end (E2E) encryption preserve the confidentiality of data on the wire as well as from service providers by performing encryption/decryption at clients keeping the keys strictly within client devices. There are many variants of end-to-end encryption schemes for different communication patterns. In this paper, we systematically analyze the security of these different variants against three types of passive adversaries and one type of active adversaries. We show that the security of some of these systems are broken under these threat models and what can be done to ensure confidentiality in such systems. We also analyze the existing products in the market and show what level of security they provide. Our study shows that most of the E2E encrypted systems are secure against only the weakest passive adversaries. Further, these systems are broken not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions. Specifically we identify that unencrypted metadata and access patterns make these systems susceptible to inference attacks. We conclude with general design guidelines to securely build such systems.
Original language | English |
---|---|
Title of host publication | Proceedings - 2017 IEEE 1st International Conference on Edge Computing, EDGE 2017 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 252-259 |
Number of pages | 8 |
ISBN (Electronic) | 9781538620175 |
DOIs | |
Publication status | Published - 7 Sep 2017 |
Event | 1st IEEE International Conference on Edge Computing, EDGE 2017 - Honolulu, United States Duration: 25 Jun 2017 → 30 Jun 2017 |
Other
Other | 1st IEEE International Conference on Edge Computing, EDGE 2017 |
---|---|
Country | United States |
City | Honolulu |
Period | 25/6/17 → 30/6/17 |
Fingerprint
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture
Cite this
The Many Faces of End-to-End Encryption and Their Security Analysis. / Nabeel, Mohamed.
Proceedings - 2017 IEEE 1st International Conference on Edge Computing, EDGE 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 252-259 8029288.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - The Many Faces of End-to-End Encryption and Their Security Analysis
AU - Nabeel, Mohamed
PY - 2017/9/7
Y1 - 2017/9/7
N2 - Due to increased government surveillance as well as data breaches, end-to-end encryption has recently received an increasing attention as a way to protect against such threats. End-to-end (E2E) encryption preserve the confidentiality of data on the wire as well as from service providers by performing encryption/decryption at clients keeping the keys strictly within client devices. There are many variants of end-to-end encryption schemes for different communication patterns. In this paper, we systematically analyze the security of these different variants against three types of passive adversaries and one type of active adversaries. We show that the security of some of these systems are broken under these threat models and what can be done to ensure confidentiality in such systems. We also analyze the existing products in the market and show what level of security they provide. Our study shows that most of the E2E encrypted systems are secure against only the weakest passive adversaries. Further, these systems are broken not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions. Specifically we identify that unencrypted metadata and access patterns make these systems susceptible to inference attacks. We conclude with general design guidelines to securely build such systems.
AB - Due to increased government surveillance as well as data breaches, end-to-end encryption has recently received an increasing attention as a way to protect against such threats. End-to-end (E2E) encryption preserve the confidentiality of data on the wire as well as from service providers by performing encryption/decryption at clients keeping the keys strictly within client devices. There are many variants of end-to-end encryption schemes for different communication patterns. In this paper, we systematically analyze the security of these different variants against three types of passive adversaries and one type of active adversaries. We show that the security of some of these systems are broken under these threat models and what can be done to ensure confidentiality in such systems. We also analyze the existing products in the market and show what level of security they provide. Our study shows that most of the E2E encrypted systems are secure against only the weakest passive adversaries. Further, these systems are broken not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions. Specifically we identify that unencrypted metadata and access patterns make these systems susceptible to inference attacks. We conclude with general design guidelines to securely build such systems.
UR - http://www.scopus.com/inward/record.url?scp=85032258813&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85032258813&partnerID=8YFLogxK
U2 - 10.1109/IEEE.EDGE.2017.47
DO - 10.1109/IEEE.EDGE.2017.47
M3 - Conference contribution
AN - SCOPUS:85032258813
SP - 252
EP - 259
BT - Proceedings - 2017 IEEE 1st International Conference on Edge Computing, EDGE 2017
PB - Institute of Electrical and Electronics Engineers Inc.
ER -