Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications

Amir Herzberg; Hemi Leibowitz

doi:10.1145/3046055.3046059

Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications

Amir Herzberg, Hemi Leibowitz

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

31 Scopus citations

Abstract

Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in the seminal paper, 'Why Johnny Can't Encrypt'? Our work evaluates the implementation of end-to-end encryption in popular IM applications: WhatsApp, Viber, Telegram, and Signal, against established usable-security principles, and in quantitative and qualitative usability experiments. Unfortunately, although participants expressed interest in confidentiality, even against a rogue operator, our results show that current mechanisms are impractical to use, leaving users with only the illusion of security. Hope is not lost. We conclude with directions which may allow usable end-to-end encryption for IM applications.

Original language	English
Title of host publication	Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC)
Editors	Giampaolo Bella, Gabriele Lenzini
Publisher	Association for Computing Machinery
Pages	17-28
Number of pages	12
ISBN (Electronic)	9781450348263
DOIs	https://doi.org/10.1145/3046055.3046059
State	Published - 5 Dec 2016
Event	6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016 - Los Angeles, United States Duration: 5 Dec 2016 → …

Publication series

Name	ACM International Conference Proceeding Series
Volume	Part F130652

Conference

Conference	6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016
Country/Territory	United States
City	Los Angeles
Period	5/12/16 → …

Bibliographical note

Publisher Copyright:
© 2016 Association for Computing Machinery.

Funding

Thanks to Markus Jakobsson, Michael Farb, Simson Garfinkel, Ruba Abu-Salma, and STAST paper shepherd for their comments. This research was supported by grants from the Israeli Ministry of Science and Technology.

Funders	Funder number
Israeli ministry of science and technology

Access to Document

10.1145/3046055.3046059

Cite this

Herzberg, A., & Leibowitz, H. (2016). Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications. In G. Bella, & G. Lenzini (Eds.), Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC) (pp. 17-28). (ACM International Conference Proceeding Series; Vol. Part F130652). Association for Computing Machinery. https://doi.org/10.1145/3046055.3046059

Herzberg, Amir ; Leibowitz, Hemi. / Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications. Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC). editor / Giampaolo Bella ; Gabriele Lenzini. Association for Computing Machinery, 2016. pp. 17-28 (ACM International Conference Proceeding Series).

@inproceedings{89c451acc07741c7b3859f30d13eb7b2,

title = "Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications",

abstract = "Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in the seminal paper, 'Why Johnny Can't Encrypt'? Our work evaluates the implementation of end-to-end encryption in popular IM applications: WhatsApp, Viber, Telegram, and Signal, against established usable-security principles, and in quantitative and qualitative usability experiments. Unfortunately, although participants expressed interest in confidentiality, even against a rogue operator, our results show that current mechanisms are impractical to use, leaving users with only the illusion of security. Hope is not lost. We conclude with directions which may allow usable end-to-end encryption for IM applications.",

author = "Amir Herzberg and Hemi Leibowitz",

note = "Publisher Copyright: {\textcopyright} 2016 Association for Computing Machinery.; 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016 ; Conference date: 05-12-2016",

year = "2016",

month = dec,

day = "5",

doi = "10.1145/3046055.3046059",

language = "אנגלית",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "17--28",

editor = "Giampaolo Bella and Gabriele Lenzini",

booktitle = "Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC)",

}

Herzberg, A & Leibowitz, H 2016, Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications. in G Bella & G Lenzini (eds), Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC). ACM International Conference Proceeding Series, vol. Part F130652, Association for Computing Machinery, pp. 17-28, 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016, Los Angeles, United States, 5/12/16. https://doi.org/10.1145/3046055.3046059

Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications. / Herzberg, Amir; Leibowitz, Hemi.
Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC). ed. / Giampaolo Bella; Gabriele Lenzini. Association for Computing Machinery, 2016. p. 17-28 (ACM International Conference Proceeding Series; Vol. Part F130652).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications

AU - Herzberg, Amir

AU - Leibowitz, Hemi

PY - 2016/12/5

Y1 - 2016/12/5

N2 - Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in the seminal paper, 'Why Johnny Can't Encrypt'? Our work evaluates the implementation of end-to-end encryption in popular IM applications: WhatsApp, Viber, Telegram, and Signal, against established usable-security principles, and in quantitative and qualitative usability experiments. Unfortunately, although participants expressed interest in confidentiality, even against a rogue operator, our results show that current mechanisms are impractical to use, leaving users with only the illusion of security. Hope is not lost. We conclude with directions which may allow usable end-to-end encryption for IM applications.

AB - Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in the seminal paper, 'Why Johnny Can't Encrypt'? Our work evaluates the implementation of end-to-end encryption in popular IM applications: WhatsApp, Viber, Telegram, and Signal, against established usable-security principles, and in quantitative and qualitative usability experiments. Unfortunately, although participants expressed interest in confidentiality, even against a rogue operator, our results show that current mechanisms are impractical to use, leaving users with only the illusion of security. Hope is not lost. We conclude with directions which may allow usable end-to-end encryption for IM applications.

UR - http://www.scopus.com/inward/record.url?scp=85030540712&partnerID=8YFLogxK

U2 - 10.1145/3046055.3046059

DO - 10.1145/3046055.3046059

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85030540712

T3 - ACM International Conference Proceeding Series

SP - 17

EP - 28

BT - Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC)

A2 - Bella, Giampaolo

A2 - Lenzini, Gabriele

PB - Association for Computing Machinery

T2 - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016

Y2 - 5 December 2016

ER -

Herzberg A, Leibowitz H. Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications. In Bella G, Lenzini G, editors, Proceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC). Association for Computing Machinery. 2016. p. 17-28. (ACM International Conference Proceeding Series). doi: 10.1145/3046055.3046059

Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications

Abstract

Publication series

Conference

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this