when signal hits the fan · the$cooperative$systems$(cosy)$research$group$–$...
TRANSCRIPT
![Page 1: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/1.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at
When Signal Hits the Fan On the Usability and Security of State-‐of-‐the-‐Art Secure Mobile Messaging Svenja Schröder Cooperative Systems Research Group University of Vienna http://cosy.univie.ac.at Darmstadt, July 18th 2016
Markus Huber, David Wind, Christoph Rottermanner St. Pölten University of Applied Sciences http://Jhstp.ac.at
![Page 2: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/2.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 2
Motivation & Background • Today: over 1 billion WhatsApp users worldwide • A4acks on secure mobile messengers happen… (e.g. Telegram Iran: SMS Login1) • … and good usability of security features is sEll hard to achieve2
• E2e encrypEon tools available for decades, but lack widespread adopEon due to bad usability [1] [2] [3] [4] • Today: two important aspects have changed:
» UbiquiEous communicaEon via mobile devices conEnues to gain importance
» Increased general awareness of privacy and security • à Rise of e2e encrypted mobile messengers
1 h4ps://www.fredericjacobs.com/blog/2016/01/14/sms-‐login 2 h4ps://theintercept.com/2016/07/02/security-‐Eps-‐every-‐signal-‐user-‐should-‐know/
Source: h4p://www.staEsta.com/staEsEcs/260819/number-‐of-‐monthly-‐acEve-‐whatsapp-‐users
Source: h4ps://twi4er.com/KevinMiston/status/686537567051890688/
![Page 3: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/3.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 3
User Study of Signal
• Signal1: State-‐of-‐the-‐art secure mobile messenger on Android and iOS
» Open Source and strong encrypEon protocol » Protocol for e2e encrypted messaging adopted by WhatsApp (April 2016)
• User study to analyze Signal’s security and usability features
» ExploraEon of the users’ abiliEes to noEce, handle and miEgate man-‐in-‐the-‐middle a4acks
1 h4ps://whispersystems.org
![Page 4: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/4.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 4
E2E Encryption in Signal • Forward secrecy + asynchronous message exchange
» CombinaEon of PGP-‐like asynchronous messaging with security properEes of OTR [5]
• Central services to exchange cryptographic keys » Man-‐in-‐the-‐Middle a4ack as compromise of essenEal infrastructure of today’s service messaging apps
• Out-‐of-‐bound channel verificaEon of public IdenEty Keys necessary
![Page 5: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/5.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 5
User Study: General Setting & Pilot Study • User Study in a laboratory seeng (COSY:lab) with 28 parEcipants (7 f., 21 m.) • Pilot study (6 p.) to refine experimental design • Methodology: QuesEonnaire (quant., qual.), Think Aloud, observaEon
Alice Bob Mallory
ParEcipant (Study Room)
Operator (Operator Room)
![Page 6: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/6.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 6
Study Design
• Two parts: 1) Usability study of messaging and security funcEonality
» QuesEonnaire with demographics, general privacy/security behavior, instant messaging
» Tasks: Chat funcEonality, seeng password, export/import of data
2) Users’ reacEons to the MITM a4ack » Task: further message exchange, verificaEon of Bob’s idenEty (users could ask Bob into the room at any Eme for verificaEon purposes)
» Debriefing quesEonnaire to assess mental models of the a4ack
In-‐between: Launch of simulated MITM a4ack with compromised server
![Page 7: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/7.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 7
Results: General Usability Results
• Nearly all par4cipants use messaging apps » (SMS/texEng: 27, WhatsApp: 26, Telegram: 28, Viber: 8, Facebook Messenger: 4, …, Signal: 1)
• Privacy and security on smartphones are of importance to the par4cipants
» care about third parEes reading their messages • Usability of chat func4onality and security features generally posi4ve
» Chat funcEonality: sending of images confusing to six parEcipants » Seeng the passphrase seemed easy » Six parEcipants didn’t find the backup opEon
![Page 8: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/8.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 8
Results: Users’ Reactions to the Attack • Due to MITM a4ack sent messages weren’t delivered:
• Users seemed to follow “the flow”
Error noEficaEon
![Page 9: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/9.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 9
Results: Users’ Reactions to the Attack • VerificaEon at a later point:
• 8 users never accessed the key comparison page • 21 of 28 par4cipants failed to correctly compare encryp4on keys to verify iden4ty of their chat partner
![Page 10: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/10.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 10
Results: Mental Models of the Attack • 13 users thought to have successfully verified Bob while they failed to correctly compare keys
» Would likely have conEnued to communicate over insecure connecEon
• AccepEng Bob‘s new key in the error dialogue (6) • “VerificaEon” by personal meeEng / idenEty check (4) • Presence of keys on comparison page (1) • Asking Bob whether the chat is secure (1)
False VerificaEon Strategies
• MITM a4ack (7; only 1 compared keys correctly) • Mallory impersonates Bob (4) • ReinstallaEon / MalfuncEon (resp. 3) • Non-‐specified a4ack (2)
AssumpEons about the A4ack
• Uninstalling the app (11) • ContacEng Bob on another channel (8)
• Searching for informaEon online (6)
MiEgaEon Strategies
• Asking friends (4) • Inform developers (3) • […]
![Page 11: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/11.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 11
Discussion
• Surprising results: 21 of 28 users failed to correctly compare keys • Serious gaps between self-‐assessment, mental models and outcome
» Lack of required knowledge? » App failed to support users? » Different understanding of term “verificaEon”? » Effort for successful defense was too high?
• AssumpEon: overall security of e2e encryp4on on mobile messengers faces serious usability obstacles
» Users seemed to lack an understanding of e2e encrypEon in general, possible a4ack scenarios and risk potenEals
![Page 12: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/12.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 12
Usability Recommendations for Signal
• Awareness on security status of conversa4on » VerificaEon status should be remembered
• Comprehensible instruc4ons for recommended ac4ons • Clear risk communica4on
» Inform users about possible consequences • Easily accessible verifica4on
» VerificaEon directly accessible from conversaEon
• Current implementaEon leads to more problems instead of miEgaEon, and ulEmately to confusion, frustraEon and eventual uninstallaEon • à not surprising that WhatsApp disabled all encrypEon related noEficaEons by default
^
![Page 13: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/13.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 13
Limitations
• ParEcipants recruited over HCI course » Quite homogenous user group
• Balancing amount of informaEon given on Signal’s encrypEon/verificaEon features
» Explicitly asked to verify each other to assess usability of core-‐security feature of Signal
![Page 14: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/14.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 14
...?
Thank you for your a4enEon! [email protected] @svenjaschroeder
![Page 15: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/15.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 15
Literature
[1] A. Whi4en and J. D. Tygar, “Why johnny can’t encrypt: A usability evaluaEon of pgp 5.0.” in Usenix Security, vol. 1999, 1999. [2] S. L. Garfinkel, D. Margrave, J. I. Schiller, E. Nordlander, and R. C. Miller, “How to make secure email easier to use,” in Proceedings of the SIGCHI conference on human factors in compu;ng systems. ACM, 2005, pp. 701–710. [3] K. Renaud, M. Volkamer, and A. Renkema-‐Padmos, “Why doesn’t jane protect her privacy?” in Privacy Enhancing Technologies. Springer, 2014, pp. 244–262. [4] A. Fry, S. Chiasson, and A. Somayaji, “Not sealed but delivered: The (un) usability of s/mime today,” in Annual Symposium on Informa;on Assurance and Secure Knowledge Management (ASIA’12), Albany, NY, 2012. [5] T. Frosch, C. Mainka, C. Bader, F. Bergsma, and T. Holz, “How secure is textsecure?” 2014.
![Page 16: When Signal Hits The Fan · The$Cooperative$Systems$(COSY)$Research$Group$–$ When%Signal%Hits%the%Fan% On$the$Usability$and$Security$of$StateoftheArt$Secure$!](https://reader033.vdocuments.net/reader033/viewer/2022051921/600e7a8e4fa2005fdf552da5/html5/thumbnails/16.jpg)
The Cooperative Systems (COSY) Research Group – http://cosy.univie.ac.at 16
MITM Attack
• Technical setup: » Modified version of Signal to accept new server on Alice’s and Bob’s phones
» WLAN hotspot on computer which intercepted traffic (mitmproxy with custom script)
» Rooted smartphones with circumvenEon of SSL cerEficate pinning » Reseeng and re-‐registering of device in-‐between parEcipants
• Correct miEgaEon strategy: » If verificaEon due to key matching fails, Alice and Bob should stop communicaEng over Signal and uninstall the app