Dan Turner
ABSTRACT
In applications such as end-to-end encrypted instant messaging, secure email, and device pairing, users need to compare key fingerprints to detect impersonation and adversary-in-the-middle attacks. Key fingerprints are usually computed as truncated hashes of each party’s view of the channel keys, encoded as an alphanumeric or numeric string, and compared out-of-band, e.g. manually, to detect any inconsistencies. Previous work has extensively studied the usability of various verification strategies and encoding formats, however, the exact effect of key fingerprint length on the security and usability of key fingerprint verification has not been rigorously investigated. We present a 162-participant study on the effect of numeric key fingerprint length on comparison time and error rate. While the results confirm some widely-held intuitions such as general comparison times and errors increasing significantly with length, a closer look reveals interesting nuances. The significant rise in comparison time only occurs when highly similar fingerprints are compared, and comparison time remains relatively constant otherwise. On errors, our results clearly distinguish between security non-critical errors that remain low irrespective of length and security critical errors that significantly rise, especially at higher fingerprint lengths. A noteworthy implication of this latter result is that Signal / WhatsApp key fingerprints provide a considerably lower level of security than usually assumed.
- OpenSSH 8.2. 2020. OpenSSH Release Notes. www.openssh.com.Google Scholar
- akwizgran. 2014. Basic English: Encode random bitstrings as pseudo-random poems. GitHub repository at https://github.com/akwizgran/basic-english.Google Scholar
- Stefan Brands and David Chaum. 1993. Distance-bounding protocols. In Workshop on the Theory and Application of of Cryptographic Techniques at EUROCRYPT ’93. Springer, 344–359.Google Scholar
- Matthew Copeland, Joergen Grahn, and David A Wheeler. 1999. The GNU Privacy Handbook. https://www.gnupg.org/gph/en/manual.html.Google Scholar
- Sergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl, and Matthew Smith. 2016. An empirical study of textual key-fingerprint representations. In 25th USENIX Security Symposium (USENIX Security 16). USENIX, Austin, TX, 193–208.Google Scholar
- Michael Farb, Yue-Hsun Lin, Tiffany Hyun-Jin Kim, Jonathan McCune, and Adrian Perrig. 2013. Safeslinger: easy-to-use and secure public-key exchange. In Proceedings of the 19th annual international conference on Mobile computing & networking. 417–428.Google ScholarDigital Library
- Michael T Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun. 2006. Loud and clear: Human-verifiable authentication based on audio. In 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06). IEEE, IEEE Computer Society, 10–10.Google ScholarDigital Library
- Peter Gutmann. 2011. Do users verify SSH keys?Login 36 (2011), 35–36.Google Scholar
- Amir Herzberg and Hemi Leibowitz. 2016. Can Johnny finally encrypt?: evaluating E2E-encryption in popular IM applications. In ACM Workshop on Socio-Technical Aspects in Security and Trust (STAST). ACM, New York, NY, USA.Google ScholarDigital Library
- Antti Huima. 2000. The Bubble Babble Binary Data Encoding. Network Working Group Internet Draft, available at http://web.mit.edu/kenta/www/one/bubblebabble/spec/jrtrjwzi/draft-huima-01.txt.Google Scholar
- Ronald Kainda, Ivan Flechais, and A. W. Roscoe. 2009. Usability and Security of Out-of-Band Channels in Secure Device Pairing Protocols. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09). Association for Computing Machinery, New York, NY, USA, Article 11, 12 pages. https://doi.org/10.1145/1572532.1572547Google ScholarDigital Library
- Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, and Yang Wang. 2009. Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09). Association for Computing Machinery, New York, NY, USA, Article 10, 12 pages. https://doi.org/10.1145/1572532.1572546Google ScholarDigital Library
- Raph Levien and Donald Johnson. 1998. Snowflake. http://dlakwi.net/snowflake/snowflake.html.Google Scholar
- Lee Livsey, Helen Petrie, Siamak F Shahandashti, and Aidan Fray. 2021. Performance and Usability of Visual and Verbal Verification of Word-based Key Fingerprints. In Human Aspects of Information Security and Assurance: 15th IFIP International Symposium, HAISA 2021, Virtual Event, July 7–9. Springer, 199–210.Google ScholarCross Ref
- Moxie Marlinspike. 2016. Safety number updates. Signal Blog. Availabe at https://signal.org/blog/safety-number-updates.Google Scholar
- Adrian Perrig and Dawn Song. 1999. Hash visualization: A new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce, Vol. 25.Google Scholar
- Konrad Rieck. 2002. Fuzzy Fingerprints Attacking Vulnerabilities in the Human Brain. Online publication, available at http://ouah.org/ffp.pdf (2002).Google Scholar
- Svenja Schröder, Markus Huber, David Wind, and Christoph Rottermanner. 2016. When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging. In Proceedings 1st European Workshop on Usable Security (Darmstadt, Germany). Internet Society, Reston, VA.Google ScholarCross Ref
- Maliheh Shirvanian, Nitesh Saxena, and Jesvin James George. 2017. On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification. In Proceedings of the 33rd Annual Computer Security Applications Conference (Orlando, FL, USA) (ACSAC 2017). ACM, New York, NY, USA, 499–511. https://doi.org/10.1145/3134600.3134610Google ScholarDigital Library
- Joshua Tan, Lujo Bauer, Joseph Bonneau, Lorrie Faith Cranor, Jeremy Thomas, and Blase Ur. 2017. Can Unicorns Help Users Compare Crypto Key Fingerprints?. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). ACM, New York, NY, USA, 3787–3798.Google ScholarDigital Library
- Ersin Uzun, Nitesh Saxena, and Arun Kumar. 2011. Pairing Devices for Social Interactions: A Comparative Usability Evaluation. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vancouver, BC, Canada) (CHI ’11). Association for Computing Machinery, New York, NY, USA, 2315–2324. https://doi.org/10.1145/1978942.1979282Google ScholarDigital Library
- Elham Vaziripour, Justin Wu, Mark O’Neill, Daniel Metro, Josh Cockrell, Timothy Moffett, Jordan Whitehead, Nick Bonner, Kent E Seamons, and Daniel Zappala. 2018. Action Needed! Helping Users Find and Complete the Authentication Ceremony in Signal.. In SOUPS@ USENIX Security Symposium. 47–62.Google Scholar
- Elham Vaziripour, Justin Wu, Mark O’Neill, Jordan Whitehead, Scott Heidbrink, Kent Seamons, and Daniel Zappala. 2017. Is that you, Alice? A usability study of the authentication ceremony of secure messaging applications. In 13th Symposium on Usable Privacy and Security (SOUPS’17). 29–47.Google Scholar
- WhatsApp. 2017. WhatsApp Encryption Overview. Technical white paper, WhatsApp, Available from whatsapp.com.Google Scholar
- Justin Wu, Cyrus Gattrell, Devon Howard, Jake Tyler, Elham Vaziripour, Kent Seamons, and Daniel Zappala. 2019. “Something isn’t secure, but I’m not sure how that translates into a problem”: Promoting autonomy by designing for understanding in Signal. In 15th Symposium on Usable Privacy and Security (SOUPS’19).Google Scholar
Index Terms
- The Effect of Length on Key Fingerprint Verification Security and Usability
Recommendations
Can Unicorns Help Users Compare Crypto Key Fingerprints?
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsMany authentication schemes ask users to manually compare compact representations of cryptographic keys, known as fingerprints. If the fingerprints do not match, that may signal a man-in-the-middle attack. An adversary performing an attack may use a ...
Secure and usable out-of-band channels for ad hoc mobile device interactions
WISTP'10: Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart DevicesProtocols for bootstrapping security in ad hoc mobile device interactions rely on users' ability to perform specific tasks such as transferring or comparing fingerprints of information between devices. The size of fingerprints depends on the level of ...
A new signature scheme without random oracles
Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Comments