Secure and Usable Human Verification of Machine-Assisted Cryptography
Lead Research Organisation:
University of York
Department Name: Computer Science
Abstract
This project will investigate two main questions: how does a human being verify that a computer acting as an agent for them is carrying out a cryptographic algorithm as expected, and how does a human being verify that cryptographic data created on their behalf remains intact throughout a process. These two questions appear in many scenarios where human verifiability is usually required to reduce the level of required trust assumptions on computers.
An application of the first question is e-voting systems. One of the desired properties is that the user is able to confidentially cast their ballot, and prevent any other voter from discovering a specific individuals choice. Typically this requires a computer to encrypt a users ballot data, and so a user will seek to verify that the computer is correctly implementing the protocol to ensure that their vote is cast as desired.
One way to achieve this is for the user to challenge the computer to perform the cryptographic protocol on multiple random inputs. The underlying concept is that if the computer is able to return valid responses to many random challenges, then the user can be confident that the computer is indeed correctly implementing the cryptographic protocol. Furthermore, for sufficiently many such challenges the probability that the user will be satisfied given that the computer is not correctly performing the protocol correctly should tend to zero.
However, one of the main problems with such a method is that humans are inherently not random, and so it is unlikely that the user will be able to sufficiently challenge the computer. Moreover, users may see the verification stage as an added encumbrance, especially non-technical members of the general public, and will be willing to simply trust that the computer will perform the protocol as expected. In this context, it is plausible that the user will simply repeat the same challenges each time, in a similar way to the poor password management strategies that are prevalent in society.
This is a particularly dangerous scenario. For if an adversary were to gain control of the broadcast channel it would leave the user vulnerable to a replay attack, enabling the adversary to satisfy the user without ever needing to perform the cryptographic protocol. In the context of e-voting, this would allow the adversary to tamper with the user's vote, which will have dire consequences for the validity of the election. Hence, the human verification of the implementation of cryptographic protocols performed by a computer remains an open problem.
Alongside the difficulties in constructing a sufficient level of challenge for the computer, another problem centers on the ability of humans to compare the responses of such challenges with the expected output. Such data tends to be long strings of random text, which are not suited to easy human verification.
A critical requirement in many E2E encrypted messaging platforms is that users are able to authenticate the public keys of people with whom they wish to communicate. This enables users to implement secure key agreement through a Diffie-Hellman key exchange, and consequently prevent the possibility of a person in the middle attack.
Whatsapp, and other similar messaging apps, currently implement a key fingerprint comparison to enable key verification among a pair of users. These methods, and particularly their usability, are areas of active research. Suggested improvements are the use of word based fingerprints and QR codes, rather than traditional hexadecimal strings, so as to reduce the complexity of fingerprint comparison and make it more user friendly. However, as of present this verification remains entirely optional and is not available for group chats.
Clearly, both research questions are intrinsically linked and have applications to many problems in cyber security and will form an interesting basis for the PhD project.
An application of the first question is e-voting systems. One of the desired properties is that the user is able to confidentially cast their ballot, and prevent any other voter from discovering a specific individuals choice. Typically this requires a computer to encrypt a users ballot data, and so a user will seek to verify that the computer is correctly implementing the protocol to ensure that their vote is cast as desired.
One way to achieve this is for the user to challenge the computer to perform the cryptographic protocol on multiple random inputs. The underlying concept is that if the computer is able to return valid responses to many random challenges, then the user can be confident that the computer is indeed correctly implementing the cryptographic protocol. Furthermore, for sufficiently many such challenges the probability that the user will be satisfied given that the computer is not correctly performing the protocol correctly should tend to zero.
However, one of the main problems with such a method is that humans are inherently not random, and so it is unlikely that the user will be able to sufficiently challenge the computer. Moreover, users may see the verification stage as an added encumbrance, especially non-technical members of the general public, and will be willing to simply trust that the computer will perform the protocol as expected. In this context, it is plausible that the user will simply repeat the same challenges each time, in a similar way to the poor password management strategies that are prevalent in society.
This is a particularly dangerous scenario. For if an adversary were to gain control of the broadcast channel it would leave the user vulnerable to a replay attack, enabling the adversary to satisfy the user without ever needing to perform the cryptographic protocol. In the context of e-voting, this would allow the adversary to tamper with the user's vote, which will have dire consequences for the validity of the election. Hence, the human verification of the implementation of cryptographic protocols performed by a computer remains an open problem.
Alongside the difficulties in constructing a sufficient level of challenge for the computer, another problem centers on the ability of humans to compare the responses of such challenges with the expected output. Such data tends to be long strings of random text, which are not suited to easy human verification.
A critical requirement in many E2E encrypted messaging platforms is that users are able to authenticate the public keys of people with whom they wish to communicate. This enables users to implement secure key agreement through a Diffie-Hellman key exchange, and consequently prevent the possibility of a person in the middle attack.
Whatsapp, and other similar messaging apps, currently implement a key fingerprint comparison to enable key verification among a pair of users. These methods, and particularly their usability, are areas of active research. Suggested improvements are the use of word based fingerprints and QR codes, rather than traditional hexadecimal strings, so as to reduce the complexity of fingerprint comparison and make it more user friendly. However, as of present this verification remains entirely optional and is not available for group chats.
Clearly, both research questions are intrinsically linked and have applications to many problems in cyber security and will form an interesting basis for the PhD project.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/R513386/1 | 01/10/2018 | 31/12/2023 | |||
| 2109248 | Studentship | EP/R513386/1 | 01/10/2018 | 14/10/2021 | Lee Livsey |
| Description | Through a range of related human factors studies, the research has identified a robust usability effect between visual and verbal comparisons of key fingerprints. Key fingerprints enable a pair of users to mitigate the threat of person-in-the middle attacks within secure messaging applications, for example email over PGP or WhatsApp instant messaging. Modern applications tend to encourage a synchronous verification with the fingerprint exchanged through a verbal channel, which is in contrast to previous investigations within the literature. To the knowledge of the author, this research is the first investigation of the differences between an verbal and visual comparison mode, and suggests that secure messaging applications should exert additional effort to provide functionality to enable fingerprints to be compared visually. |
| Exploitation Route | Others could seek to investigate whether these findings persist within other fingerprint representations, e.g those employed by WhatsApp. Also an unexplored area was the challenges that users with either auditory or visual impairments may encounter. |
| Sectors | Digital/Communication/Information Technologies (including Software),Security and Diplomacy |