17th IMA International Conference on Cryptography and Coding

Modern secure messaging protocols can offer strong security guarantees, such as perfect forward secrecy and post-compromise security [1]. Many widely used messaging applications, such as WhatsApp, Facebook Secure Conversations, Skype, and the Signal App have started to use one common underlying mechanism: the Signal protocol library. Yet while there exist good modern standardised protocols for secure channels, such as IETF TLS 1.3, there are no such open standard counterparts for secure messaging.

Early 2018, the Internet Engineering Task Force (IETF) officially started a working group with the goal of developing an open internet standard for secure messaging, called MLS [2]. This project aims to repeat the successful collaboration between industry and academia that has helped the development of TLS 1.3 [3], and the concrete formation of the working group was triggered by new developments in secure group messaging [4].

In this talk we will discuss the goals of Messaging Layer Security, its ongoing development, and some of the many challenges that still await. Challenges remain in at least three areas: technical solutions, limitations of analysis techniques, and process challenges.

[1] "On Post-Compromise Security", K. Cohn-Gordon. C. Cremers, and L. Garratt. IEEE CSF 2016 and https://eprint.iacr.org/2016/221.pdf.

[2] "Messaging Layer Security", IETF, https://datatracker.ietf.org/wg/mls/about/.

[3] "Reactive and Proactive Standardisation of TLS", K.G. Paterson and T. van der Merwe. SSR 2016.

[4] "On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees", K. Cohn-Gordon, C. Cremers, L. Garratt, J. Millican, and K. Milner. 2018, ACM CCS 2018 and https://eprint.iacr.org/2017/666.pdf.

Randomness is vital to cryptographic security. Pseudorandom number generation algorithms have been the topic of decades of academic study, and a variety of cryptographic pseudorandom number generation algorithms have been formally standardized over the years. However, in spite of these formal foundations and standards, cryptographic disasters stemming from flawed random number generator implementations happen with distressing frequency. We will tour several recent incidents of flawed random number generator designs, trace these flaws to gaps in understanding between researchers, standards bodies, and implementers, and discuss implications for security and policy moving forward.

Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for covert or side-channel attacks. Historically, cryptography has been a strong focus of research in the field of microarchitectural side-channel attacks However, the last years have shown a shift in the targets. During this presentation, we will review how microarchitectural attacks evolved in the last decade, and we will delve into side-channel attacks on keystroke timings as well as robust covert channels in the cloud.

Unfortunately, Clémentine’s talk had to be cancelled.

From 2016 to 2018, the H2020 NEXTLEAP (NEXT-generation Techno-Social and Legal Encryption, Access and Privacy) project has sought to ‘create, validate, and deploy communication and computation protocols that can serve as pillars for a secure, trust-worthy, annotable and privacy-respecting Internet that ensures citizens fundamental rights’. Its consortium included computer scientists and social scientists working in close interaction. In this talk, I will present some of the work that was conducted in the ‘social sciences-led’ strand of NEXTLEAP, which attempted to account for the diversity of users of secure messaging applications and their underlying protocols, as well as the different motivations of their developers.

Due to the increased deployment of secure messaging protocols in a variety of settings, differences between what developers “believe” are the needs of their users and their actual needs can have very tangible and potentially problematic consequences. Based on 90 interviews with both high and low-risk users, as well as the developers, of popular secure messaging applications, we mapped the design choices made by developers to threat models of both high-risk and low-risk users. Our research revealed interesting and sometimes surprising results, among which: high-risk users often consider client device seizures to be more dangerous than compromised servers; key verification is important to high-risk users, but they often do not engage in cryptographic key verification, instead using other “out of band” means; high-risk users, unlike low-risk users, often need pseudonyms and are heavily concerned over metadata collection. Developers tend to value open standards, open-source, and decentralization, but high-risk users often find these aspects less urgent given their more pressing concerns; and while, for developers, avoiding trusted third parties is an important concern, several high-risk users are in fact happy to rely on trusted third parties ‘protected’ by specific geo-political situations. We conclude by suggesting that work still needs to be done for secure messaging protocols to be aligned with real user needs, including high-risk, and with real-world threat models.

The proceedings will be published in Springer's Lecture Notes in Computer Science series, and will be available at the conference.

Submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to a journal or any other conference or workshop with proceedings. Accepted submissions may not appear in any other conference or workshop that has proceedings. Authors of accepted papers must guarantee that their paper will be presented at the conference and must make a full version of their paper available online.

All submissions will be blind-reviewed. Papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references. Submissions should begin with a cover page containing title, a short abstract, and a list of keywords. The body of the paper should be at most 14 pages, excluding the title page with abstract, the bibliography, and clearly marked appendices. Committee members are not required to review appendices, so the paper should be intelligible and self-contained within this length. The submission must be in Springer’s LNCS format (LaTeX). Submissions not meeting these guidelines risk rejection without consideration of their merits.

Submissions should be submitted via EasyChair.

The main criteria for acceptance are whether the committee believes that the proposed talk will be of interest and of appropriate quality to present to the IMACC audience:

Submissions must comply with the following rules:

• Submissions can be full papers (maximum 10 pages), abstracts (maximum 2 pages), or the expected presentation slides.
• Submissions must be non-anonymous and must clearly specify which author will give the talk.
• The submission should provide sufficient detail to explain what the talk will be about.

As these presentations do not enter the formal proceedings (see accompanying Call for Papers), we accept and encourage contributed talk proposals which correspond to papers that are under submission or already published elsewhere.

Presentations should be submitted via EasyChair.

• 2019-08-13: Presentation Submission Deadline extended to 28 August, 6pm (UK time).
• 2019-07-24: Note that presentation submission will open on August 5 and close on August 14 (unchanged).
• 2019-07-12: Paper Submission Deadline extended to 19 July 2019, 6pm (UK Time).

• Submission Deadline: 19 July 2019 (Papers) and 28 August 2019 (Presentations)
• Author Notification: 5 September 2019 (Papers) and 5 October 2019 (Presentations)
• Proceedings Version Deadline: 22 September 2019 (Papers)
• Conference: 16 to 18 December 2019