TY - GEN
T1 - Towards Human-Centric Endpoint Security
AU - Blessing, Jenny
AU - Das Chowdhury, Partha
AU - Sameen, Maria
AU - Anderson, Ross
AU - Gardiner, Joe
AU - Rashid, Awais
PY - 2023/10/21
Y1 - 2023/10/21
N2 - In a survey of six widely used end-to-end encrypted messaging applications, we consider the post-compromise recovery process from the perspective of what security audit functions, if any, are in place to detect and recover from attacks. Our investigation reveals audit functions vary in the extent to which they rely on the end user. We argue developers should minimize dependence on users and view them as a residual, not primary, risk mitigation strategy. To provide robust communications security, E2EE applications need to avoid protocol designs that dump too much responsibility on naive users and instead make system components play an appropriate role.
AB - In a survey of six widely used end-to-end encrypted messaging applications, we consider the post-compromise recovery process from the perspective of what security audit functions, if any, are in place to detect and recover from attacks. Our investigation reveals audit functions vary in the extent to which they rely on the end user. We argue developers should minimize dependence on users and view them as a residual, not primary, risk mitigation strategy. To provide robust communications security, E2EE applications need to avoid protocol designs that dump too much responsibility on naive users and instead make system components play an appropriate role.
M3 - Conference Contribution (Conference Proceeding)
SN - 9783031430329
T3 - Lecture Notes in Computer Science
BT - Security Protocols XXVIII
PB - Springer
ER -