Abstract
End-to-End Encryption (E2EE) has become a de facto standard in messengers, especially after the development of the secure messaging protocol - Signal. However, the adoption of E2EE has been limited to messengers, and has not yet seen a noticeable trace in social network platforms, despite the increase in users' privacy violations. In this paper, we propose, verify, implement and evaluate a novel E2EE protocol - Stick. Stick is a Signal-based protocol tailored for social network platforms. We believe our protocol is the first to support re-establishable encryption sessions in an asynchronous multi-device setting while preserving forward secrecy and introducing backward secrecy. Stick includes several innovative features, including a new session concept, multiple pairwise sessions and refreshing identity keys. We verified Stick using Verifpal - a formal verification tool in the symbolic model. Our security analysis shows our protocol does achieve a form of post-compromise security in many-to-many communications - the trait most group protocols lack. Most importantly, the Stick protocol can re-establish encryption sessions while ensuring authentication and confidentiality. We implemented our protocol as a stand-alone open-source API. Our evaluation shows the Stick protocol can be used in a real-world social network app with no noticeable compromise on usability or performance.
| Original language | English |
|---|---|
| Pages (from-to) | 1258-1269 |
| Number of pages | 12 |
| Journal | IEEE Transactions on Dependable and Secure Computing |
| Volume | 20 |
| Issue number | 2 |
| Early online date | 18 Feb 2022 |
| DOIs | |
| Publication status | Published - 1 Mar 2023 |
Keywords
- End-to-end encryption
- formal verification
- security protocol
- social network platforms
ASJC Scopus subject areas
- General Computer Science
- Electrical and Electronic Engineering