Stick: an End-to-End Encryption Protocol Tailored for Social Network Platforms

Omar Basem, Abrar Ullah, Hani Ragab Hassan

Research output: Contribution to journalArticlepeer-review

28 Downloads (Pure)

Abstract

End-to-End Encryption (E2EE) has become a de facto standard in messengers, especially after the development of the secure messaging protocol Signal. However, the adoption of E2EE has been limited to messengers, and has not yet seen a noticeable trace in social network platforms, despite the increase in users privacy violations. In this paper, we propose, verify, implement and evaluate a novel E2EE protocol Stick. Stick is a Signal-based protocol tailored for social network platforms. We believe our protocol is the first to support re-establishable encryption sessions in an asynchronous multi-device setting while preserving forward secrecy and introducing backward secrecy. Stick includes several innovative features, including a new session concept, multiple pairwise sessions and refreshing identity keys. We verified Stick using Verifpal - a formal verification tool in the symbolic model. Our security analysis shows the Stick protocol does achieve a form of post-compromise security in many-to-many communications, the trait which most group protocols lack. Most importantly, the Stick protocol can re-establish encryption sessions while ensuring authentication and confidentiality. We implemented our protocol as a stand-alone open-source API. Our evaluation shows the Stick protocol can be used in a real-world social network app with no noticeable compromise on usability or performance.

Original languageEnglish
JournalIEEE Transactions on Dependable and Secure Computing
DOIs
Publication statusE-pub ahead of print - 18 Feb 2022

Keywords

  • Cryptography
  • Encryption
  • End-to-End Encryption
  • Formal Verification
  • Proposals
  • Protocols
  • Security
  • Security Protocol
  • Servers
  • Social Network Platforms
  • Social networking (online)

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Stick: an End-to-End Encryption Protocol Tailored for Social Network Platforms'. Together they form a unique fingerprint.

Cite this