Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications

Amir Herzberg, Hemi Leibowitz

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

25 Scopus citations

Abstract

Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in the seminal paper, 'Why Johnny Can't Encrypt'? Our work evaluates the implementation of end-to-end encryption in popular IM applications: WhatsApp, Viber, Telegram, and Signal, against established usable-security principles, and in quantitative and qualitative usability experiments. Unfortunately, although participants expressed interest in confidentiality, even against a rogue operator, our results show that current mechanisms are impractical to use, leaving users with only the illusion of security. Hope is not lost. We conclude with directions which may allow usable end-to-end encryption for IM applications.

Original languageEnglish
Title of host publicationProceedings - 6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016; Co-located with the 2016 Annual Computer Security Applications Conference (ACSAC)
EditorsGiampaolo Bella, Gabriele Lenzini
PublisherAssociation for Computing Machinery
Pages17-28
Number of pages12
ISBN (Electronic)9781450348263
DOIs
StatePublished - 5 Dec 2016
Event6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016 - Los Angeles, United States
Duration: 5 Dec 2016 → …

Publication series

NameACM International Conference Proceeding Series
VolumePart F130652

Conference

Conference6th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2016
Country/TerritoryUnited States
CityLos Angeles
Period5/12/16 → …

Bibliographical note

Publisher Copyright:
© 2016 Association for Computing Machinery.

Funding

Thanks to Markus Jakobsson, Michael Farb, Simson Garfinkel, Ruba Abu-Salma, and STAST paper shepherd for their comments. This research was supported by grants from the Israeli Ministry of Science and Technology.

FundersFunder number
Israeli ministry of science and technology

    Fingerprint

    Dive into the research topics of 'Can Johnny finally encrypt? Evaluating E2E-encryption in popular im applications'. Together they form a unique fingerprint.

    Cite this