When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging

When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging

Abstract

In this paper we analyze the security and usability of the state-of-the-art secure mobile messenger SIGNAL. In the first part of this paper we discuss the threat model current secure mobile messengers face. In the following, we conduct a user study to examine the usability of SIGNAL’s security features. Specifically, our study assesses if users are able to detect and deter man-in-the-middle attacks on the SIGNAL protocol. Our results show that the majority of users failed to correctly compare keys with their conversation partner for verification purposes due to usability problems and incomplete mental models. Hence users are very likely to fall for attacks on the essential infrastructure of today’s secure messaging apps: the central services to exchange cryptographic keys. We expect that our findings foster research into the unique usability and security challenges of state-of-the-art secure mobile messengers and thus ultimately result in strong protection measures for the average user.

Grafik Top
Authors
  • Schröder, Svenja
  • Huber, Markus
  • Wind, David
  • Rottermanner, Christoph
Grafik Top
Shortfacts
Category
Paper in Conference Proceedings or in Workshop Proceedings (Short Paper in Proceedings)
Event Title
1st European Workshop on Usable Security
Divisions
Cooperative Systems
Subjects
Informatik Sonstiges
Event Location
Darmstadt, Germany
Event Type
Workshop
Event Dates
July 18th, 2016
Series Name
Proceedings of 1st European Workshop on Usable Security
ISSN/ISBN
1-891562-45-2
Date
July 2016
Export
Grafik Top