"Securing Autocrypt: Reversing the Panopticon"
Holger (NEXTLEAP project)
Description: We present and discuss new ways for preventing and detecting active attacks against Autocrypt (https://autocrypt.org). The Level 1 Autocrypt spec offers users single-click, opt-in encryption for e-mail apps. It eases group communications and introduces a way to setup encryption on multiple devices. However, Autocrypt does not yet address or discuss active attacks from the message layer such as tampering with the Autocrypt header during e-mail message transport. This session presents results from ongoing research in the NEXTLEAP EU project and aims to help inform further community discussions around secure decentralized messaging. Our "reverse the panopticon" approach translates to: - introduce uncertainty for malfeasant e-mail providers or network attackers: they can not know if an attempt at breaking encryption between peers will be detected, possibily immediately. - certainty for users: a new "verified" chat mode allows to have consistently e2e-encrypted messaging that can not be compromised from network attackers.
Track: Securité Informatique