eprintid: 10068168
rev_number: 17
eprint_status: archive
userid: 608
dir: disk0/10/06/81/68
datestamp: 2019-02-21 16:01:50
lastmod: 2021-11-04 23:30:11
status_changed: 2019-02-21 16:01:50
type: proceedings_section
metadata_visibility: show
creators_name: Kulynych, B
creators_name: Lueks, W
creators_name: Isaakidis, M
creators_name: Danezis, G
creators_name: Troncoso, C
title: ClaimChain: Improving the security and privacy of in-band key distribution for messaging
ispublished: pub
divisions: UCL
divisions: B04
divisions: C05
divisions: F48
note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
abstract: The social demand for email end-to-end encryption is barely supported bymainstream service providers. Autocryptisa new community-driven open specification for e-mail encryption that attempts to respond to this demand. In Autocrypt the encryption keys are attached directly to messages, and thus the encryption can be implemented by email clients without any collaboration of the providers. The decentralized nature of this in-band key distribution, however, makes it prone to man-in-the-middle attacks and can leak the social graph of users. To address this problem we introduce ClaimChain, a cryptographic construction for privacy-preserving authentication of public keys. Users store claims about their identities and keys, as well as their beliefs about others, in ClaimChains. These chains form authenticated decentralized repositories that enable users to prove the authenticity of both their keys and the keys of their contacts. ClaimChains are encrypted, and therefore protect the stored information, such as keys and contact identities, from prying eyes. At the same time, ClaimChain implements mechanisms to provide strong non-equivocation properties, discouraging malicious actors from distributing conflicting or inauthentic claims. We implemented ClaimChain and we show that it offers reasonable performance, low overhead, and authenticity guarantees.
date: 2018-10-15
date_type: published
publisher: ACM
official_url: https://doi.org/10.1145/3267323.3268947
oa_status: green
full_text_type: other
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 1606887
doi: 10.1145/3267323.3268947
isbn_13: 9781450359894
lyricists_name: Danezis, Georges
lyricists_name: Isaakidis, Marios
lyricists_id: GDANE23
lyricists_id: MISAA08
actors_name: Danezis, Georges
actors_name: Turnbull, Sarah
actors_id: GDANE23
actors_id: SLTUR91
actors_role: owner
actors_role: impersonator
full_text_status: public
series: Workshop on Privacy in the Electronic Society (WPES')
publication: Proceedings of the ACM Conference on Computer and Communications Security
volume: 2018
place_of_pub: Toronto, Canada
pagerange: 86-103
event_title: Workshop on Privacy in the Electronic Society 2018 (WPES'18)
issn: 1543-7221
book_title: Proceeding of Workshop on Privacy in the Electronic Society 2018 (WPES'18)
citation:        Kulynych, B;    Lueks, W;    Isaakidis, M;    Danezis, G;    Troncoso, C;      (2018)    ClaimChain: Improving the security and privacy of in-band key distribution for messaging.                     In:  Proceeding of Workshop on Privacy in the Electronic Society 2018 (WPES'18).  (pp. pp. 86-103).  ACM: Toronto, Canada.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/10068168/1/1707.06279.pdf