BYU

Abstract by Tarun Yadav

Personal Infomation


Presenter's Name

Tarun Yadav

Degree Level

Doctorate

Co-Authors

Austin Kolander
Aaron Chan

Abstract Infomation


Department

Computer Science

Faculty Advisor

Kent Seamons

Title

Automating the Authentication Ceremony in Signal

Abstract

End-to-end encryption is widely used in instant messaging applications like WhatsApp, Facebook, and Google Allo. The protocol used by these applications is vulnerable to an active attacker due to its reliance on a trusted key server. The current method to combat these attacks, known as the authentication ceremony, places the burden on users to manually verify each other's public key. This is time-consuming and confusing, and almost nobody adopts it. Our goal is to automate the authentication ceremony. In this talk, I will describe our research plan to (1) demonstrate that active impersonation and man-in-the-middle attacks are feasible by implementing them, (2) design solutions for automating the authentication ceremony, and (3) evaluate and compare how well each design defends against the attacks.