[messaging] SafeSlinger's Ephemeral Fingerprint
mwfarb at cmu.edu
Thu Jun 26 14:35:42 PDT 2014
I've been enjoying the discussion on this list over the past few weeks. I'm looking forward to more results from the usability study. Making key verification easier is something many folks at Carnegie Mellon have been working on as well.
One approach we took with SafeSlinger was to reduce the set of 2-10 public keys of all users who are trying to simultaneously exchange keys to 24-bits through a real-time combined in-band and out-of-band protocol. The advantage is 2-10 people attesting to the same 24-bit ephemeral fingerprint goes pretty quickly. The major disadvantage is we've pushed verification up to the beginning of secure communications by merging the sharing of keys with verification of those keys.
In terms of usability, we don't get the advantage of sharing keys first, starting a line of communication using them, and then performing an out-of-band verification when time allows.
Research papers, source code, and smartphone install links are at: www.cylab.cmu.edu/safeslinger. We'd love to hear your thoughts. If you're going to be at SOUPS in July, let me know and we can "Sling Keys".
Michael W. Farb
Research Programmer, Carnegie Mellon University CyLab
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging