Toggle Main Menu Toggle Search

Open Access padlockePrints

End to end security is not enough

Lookup NU author(s): Dr Dylan Clarke, Dr Taha Ali


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


© Springer International Publishing AG 2017. End-to-end (E2E) security is commonly marketed as a panacea to all of a user’s security requirements. We contend that this optimism is misplaced, and that E2E security, as offered by services such as WhatsApp, Telegram, Mega, and Skype, is not sufficient in itself to protect users. In this paper, we discuss various means by which these systems may be compromised in spite of their security guarantees. These include exploitation of flaws in the implementation or even deliberate backdoors in the system. In some cases it may be easier for attackers to bypass the E2E secure channel in the system and attack the communication endpoints instead. Furthermore, the lay user generally has no convenient and convincing mechanism to verify that the system is indeed fulfilling its E2E security properties. We illustrate each scenario with prominent examples of actual real-world security failures and we discuss potential mitigation strategies that users may employ.

Publication metadata

Author(s): Clarke D, Ali ST

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Security Protocols 2017: Security Protocols XXV

Year of Conference: 2017

Pages: 260-267

Print publication date: 04/02/2018

Online publication date: 29/11/2017

Acceptance date: 02/04/2016

ISSN: 0302-9743

Publisher: Springer Verlag


DOI: 10.1007/978-3-319-71075-4_29

Library holdings: Search Newcastle University Library for this item

Series Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ISBN: 9783319710747