Browse by author
Lookup NU author(s): Dr Dylan Clarke, Dr Taha Ali
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
© Springer International Publishing AG 2017. End-to-end (E2E) security is commonly marketed as a panacea to all of a user’s security requirements. We contend that this optimism is misplaced, and that E2E security, as offered by services such as WhatsApp, Telegram, Mega, and Skype, is not sufficient in itself to protect users. In this paper, we discuss various means by which these systems may be compromised in spite of their security guarantees. These include exploitation of flaws in the implementation or even deliberate backdoors in the system. In some cases it may be easier for attackers to bypass the E2E secure channel in the system and attack the communication endpoints instead. Furthermore, the lay user generally has no convenient and convincing mechanism to verify that the system is indeed fulfilling its E2E security properties. We illustrate each scenario with prominent examples of actual real-world security failures and we discuss potential mitigation strategies that users may employ.
Author(s): Clarke D, Ali ST
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: Security Protocols 2017: Security Protocols XXV
Year of Conference: 2017
Pages: 260-267
Print publication date: 04/02/2018
Online publication date: 29/11/2017
Acceptance date: 02/04/2016
ISSN: 0302-9743
Publisher: Springer Verlag
URL: https://doi.org/10.1007/978-3-319-71075-4_29
DOI: 10.1007/978-3-319-71075-4_29
Library holdings: Search Newcastle University Library for this item
Series Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISBN: 9783319710747
