IACR News item: 17 December 2014
Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Michael J. Freedman, Edward W. Felten
ePrint Reportincreased the demand for end-to-end secure communications. However, key management remains a major barrier to adoption. Current
systems are often either vulnerable to a malicious or coerced key directory or they make unrealistic assumptions about user behavior,
for example, that users will verify key fingerprints out of band.
We present CONIKS, a system that provides automated key management for end users capable of seamless integration into existing secure messaging applications. In CONIKS, key servers maintain consistent directories of username-to-public key bindings that
allow participants to detect any equivocation or unexpected key
changes by malicious key servers. CONIKS also preserves user\'s
privacy by ensuring that adversaries cannot harvest large numbers
of usernames from the directories. Our prototype chat application
extends the Off-the-Record Messaging plug-in for Pidgin. A single
commodity server can support up to 10 million users and clients
need only download less than 100 kB per day of additional data.
Additional news items may be found on the IACR news page.