Abstract by Aaron Chan
Detecting Fake Encryption Keys in Secure Messaging Apps
Modern secure messaging apps rely on a trusted centralized server to relay messages and distribute encryption keys. These servers are vulnerable to attacks that distribute fake keys so that attackers can read users’ messages. We are exploring a peer-to-peer approach to detect the presence of fake keys by using the existing infrastructure of the app to automatically verify keys with trusted friends. We are also researching other detection approaches that require additional infrastructure, such as anonymous communication (Tor) and blockchain.