Just as considering the eavesdropping model led us to design various forms of end-to-end encryption and authentication, the same benefits can arise from developing newer adversarial models inspired by attacks launched on our current systems. Indeed, this exercise is pivotal in our quest to build both more secure and more usable secure communication tools. As our technology improves and becomes widely deployed, keeping track of the lessons we can learn from its past and present failures is key to advancing our security models. Since the early days of the Diffie-Hellman key exchange, the RSA encryption scheme and the Schnorr signature scheme modern cryptography, secure messaging has come a long way. This plays a crucial role in guiding the development of new secure communication tools to better address proven dangers to our digital security. As we develop better methods and models for protecting communication streams, it is essential to examine how the threat model for secure messaging applications has evolved beyond the traditional man-in-the-middle attack. * The content of this paper was presented at 2017 AppSecUSAAuthor: Joël Alwen In an age of ever more sophisticated cybercrime and mass surveillance, secure communication is an increasingly rare and premium commodity. “As we develop better methods and models for protecting communication streams, it is essential to examine how the threat model for secure messaging applications has evolved beyond the traditional man-in-the-middle attack.”
0 kommentar(er)
