Cryptographers love an enigma, a problem to solveand this one has it all. Indestructible codes, secret notes, encryption and decryption.
Heres the puzzle: Someone wants to send a secure message online. It has to be so private, so secret, that they can deny they ever sent it. If someone leaks the message, it can never be traced back to the sender. Its all veryMission: Impossible. But theres a kicker: if that message peddles abuse or misinformation, maybe threatens violence, then anonymity may need to go out the windowthe sender needs to be held to account.
And thats the challenge: is there a way to allow people to send confidential, secure, untraceable messages, but still track any menacing ones?
Mayank Varia might have cracked the conundrum. A cryptographer and computer scientist, Varia is an expert on the societal impact of algorithms and programs, developing systems that balance privacy and security with transparency and social justice. Working with a team of Boston University computer scientists, hes designed a program called Hecatefittingly named after the ancient Greek goddess of magic and spellsthat can be bolted onto a secure messaging app to beef up its confidentiality, while also allowing moderators to crack down on abuse. The team is presentingits findingsat the31st USENIX Security Symposium.
Our goal in cryptography is to build tools and systems that allow people to get things done safely in the digital world, saysVaria, a BU Faculty of Computing & Data Sciences associate professor. The question at play in our paper is what is the most effective way to build a mechanism for reporting abusethe fastest, most efficient way to provide the strongest security guarantees and provide the weakest possible puncturing of that?
Its an approach hes also applying beyond messaging apps, building online tools that allow local governments to track gender wage gapswithout accessing private salary dataand enable sexual assault victims to more safely report their attackers.
When two people chat in a private room, what they talk about is just between themtheres no paper trail, no recording; the conversation lives on in memory alone. Put the same conversation onlineTwitter, Facebook, emailand its a different story. Every word is preserved for history. Sometimes thats good, but just as often its not. An activist in an authoritarian state trying to get word to a journalist or a patient seeking help for a private health issue might not want their words broadcast to the world or held in an archive.
Thats where end-to-end encryption comes in. Popularized by apps like WhatsApp and Signal, it scrambles sent messages into an unreadable format, only decrypting them when they land on the recipients phone. It also ensures messages sent from one person to another cant be traced back to the sender; just like that private in-person chat, its a conversation without a trail or recordeverything is deniable.
The goal of these deniable messaging systems is that even if my phone is compromised after weve had an encrypted messaging conversation, there are no digital breadcrumbs that will allow an external person to know for sure what we sent or even who said it, says Varia.
Amnesty International calls encryption a human right, arguing its an essential protection of [everyones] rights to privacy and free speech, and especially vital for those countering corruption or challenging governments. Like much in the online world though, that privacy can be exploited or bent to more sinister ends. There are specific times where this can be a bad thing, says Varia. Suppose the messages someone is sending are harassing and abusive and you want to go seek help, you want to be able to prove to the moderator what the message contents were and who said them to you.
A study of elementary, middle, and high school students in Israel, where more than 97 percent of kids reportedly use WhatsApp,found 30 percent had been bullied on the app, while UK prosecutors have said end-to-end encryption couldharm their ability to catch and stop child abusers. Extremist groups,from Islamic State to domestic terrorists, have leaned on encrypted apps like Telegram and Signal to spread their calls for violence.
The task for tech companies is finding a way to support the right to privacy with the need for accountability. Hecate offers a way to do bothit allows app users to deny they ever sent a message, but to also be reported if they say something abusive.
Developed by Varia and doctoral students Rawane Issa (GRS22) and Nicolas Alhaddad (GRS24), Hecate starts with the accountability side of that contradictorydeniable and traceablecombination. Using the program, an apps moderator creates a unique batch of electronic signaturesor tokensfor each user. When that user sends a message, a hidden token goes along for the ride. If the recipient decides to report that message, the moderator will be able to verify the senders token and take action. Its called asymmetric message franking.
The fail-safe, says Varia, the part that allows for deniability, is that the token is only useful to the moderator.
The token is an encrypted statement that only the moderator knows how to readits like they wrote a message in invisible ink to their future self, says Varia. The moderator is the one who builds these tokens. Thats the nifty part about our system: even if the moderator goes rogue, they cant show and convince the rest of the worldthey have no digital proof, no breadcrumbs they can show to anyone else.
The user can maintain deniabilityat least publicly.
Similar message franking systems already existFacebook parent Meta uses one on WhatsAppbut Varia says Hecate is faster, more secure, and futureproof in a way current programs are not.
Hecate is the first message franking scheme that simultaneously achieves fast execution on a phone and for the moderator server, support for message forwarding, and compatibility with anonymous communication networks like Signals sealed sender, says Varia. Previous constructions achieved at most two of these three objectives.
The team says Hecate could be ready for implementation on apps like Signal and WhatsApp with just a few months of custom development and testing. But despite its technological advantages, Varia suggests companies approach Hecate with caution until theyve fully investigated its potential societal impact.
Theres a question of can we build this, theres also a question ofshouldwe build this? says Varia. We can try to design these tools that provide safety benefits, but there might be longer dialogues and discussions with affected communities. Are we achieving the right notion of security for, say, the journalist, the dissident, the people being harassed online?
As head ofCDS Hub for Civic Tech Impact, Varia is used to considering the societal and policy implications of his research. The hubs aim is to develop software and algorithms that advance public interest, whether they help to fight misinformation or foster increased government transparency. A theme through recent projects is the creation of programs that, like Hecate, straddle the line between privacy and accountability.
During a recent partnership with theBoston Womens Workforce Council, for example, BU computer scientists built agender wage gap calculatorthat enables companies to share salaries with the citywithout letting sensitive pay data leave their servers.
Were designing tools that allow peopleit sounds counterintuitiveto compute data that they cannot see, says Varia, whos a member of the federal governmentsAdvisory Committee on Data for Evidence Building. Maybe I want to send you a message, but I dont want you to read it; its weird, but maybe a bunch of us are sending information and we want you to be able to do some computation over it.
Thats caught the interest of the Defense Advanced Research Projects Agency and Naval Information Warfare Center, which both funded the work that led to Hecate and have an interest in asking computer experts to crunch data without ever seeing the secrets hidden within it.
Varias approach to encryption could also benefit survivors of sexual abuse. He recently partnered with San Franciscobased nonprofitCallistoto developa new secure sexual assault reporting system. Inspired by the #MeToo movement, its goal is to help assault victims who are frightened of coming forward.
They report their instance of sexual assault into our system and that report kind of vanishes into the ether, says Varia. But if somebody else reports also being assaulted by the same perpetrator, thenand only thendoes the system identify the existence of this match.
That information goes to a volunteer attorneybound by attorney-client privilegewho can then work with the victims and survivors on next steps. Just like Hecate, Varia says it finds a balance between privacy and openness, between deniability and traceability.
When we talk about trade-offs between privacy, digital civil liberties, and other rights, sometimes there is a natural tension, says Varia. But we can do both: we dont have to build a system that allows for bulk surveillance, wide-scale attribution of metadata of whos talking to who; we can provide strong personal privacy and human rights, while also providing online trust and safety, and helping people who need it.
See the original post:
Can WhatsApp messages be secure and encryptedbut traceable at the same time? - EurekAlert
- To Foil NSA Spies, Encrypt Everything [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- What is cryptography? - A Word Definition From the ... [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- cryptography: Definition from Answers.com [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Cryptography - Wikipedia, the free encyclopedia [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Cryptography - CISSP Domain 07 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Cryptography Advanced Encryption Standard AES Tutorial,fips 197 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Faraday Project for Network Security and Cryptography - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- An Overview of Cryptography - Gary C. Kessler [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- An Open Letter from US Researchers in Cryptography and ... [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Gambling with Secrets Part 4 8 Private Key Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Gambling with Secrets Part 1 8 What is Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Public Key Cryptography RSA Encryption Algorithm - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Public Key Cryptography Diffie Hellman Key Exchange - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Intro to Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Caesar Cipher Ancient Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- 50 top US cyber security experts write open letter calling for end to NSA 'snoop-ops' [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Prominent cryptography and security researchers deplore NSA's surveillance activities [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Obama Stays Silent on Reform of NSA's Crypto Subversion [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Cryptography experts sign open letter against NSA surveillance [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- US crypto researchers to NSA: If you must track, track responsibly [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Java Cryptography Architecture (JCA) Overview - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Cryptography - Part 1 - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Cryptography - Part 2 - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- International Journal on Cryptography and Information Security ( IJCIS) - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Bitcoin Lowdown: Block Chain Cryptography Trumps Human Trust, Deal With It - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Bitcoin Lowdown: Block Chain Cryptography Trumps Human Trust - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- NSA and GCHQ spoofed LinkedIn to hack Belgian cryptography professor [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Lecture 17: Elliptic Curve Cryptography (ECC) - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Cryptography event - Pravega 2014 - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- Lecture 1: Introduction to Cryptography - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- US and UK spy agencies accused of swoop on Belgian cryptography expert [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Conceal: Facebook's new Java APIs for cryptography on Android [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Cryptography Apps: How To Keep Your Personal Info Private [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Cryptography Breakthrough Could Make Software Unhackable [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Oi, Android devs! Facebook wants your apps to be more secure [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Lecture 19: Elgamal Digital Signature - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Lecture 18: Digital Signatures and Security Services - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Cryptography 1. List some of the attacks on the Diffie ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Cryptography Breakthrough Could Make Software Unhackable ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Cryptography: Secret Coding, Spying, and E-Commerce - Video [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Cryptography - Video [Last Updated On: February 9th, 2014] [Originally Added On: February 9th, 2014]
- Public Key Cryptography: RSA Encryption Algorithm - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- Is Bitcoin Anonymous? Arvind Narayanan | Princeton University | Real World Cryptography Workshop - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- A Competitive Study of Cryptography Techniques over Block Cipher - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- How Quantum Computing Will Change Cryptography [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- REALITY LOST - EXCERPT SIX (QUANTUM CRYPTOGRAPHY) - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- Introduction to Cryptography of Bitcoin, Explained! - Video [Last Updated On: February 18th, 2014] [Originally Added On: February 18th, 2014]
- [FOSDEM 2014] USE OTR or how we learned to start worrying and love cryptography - Video [Last Updated On: February 18th, 2014] [Originally Added On: February 18th, 2014]
- Reshif's Cryptography Challenge Solution/Walkthrough - Video [Last Updated On: February 20th, 2014] [Originally Added On: February 20th, 2014]
- [DEFCON 19] Steganography and Cryptography 101 - Video [Last Updated On: February 22nd, 2014] [Originally Added On: February 22nd, 2014]
- A Brief Rundown Of The Spying Questions Intel's CEO Won't Answer [Last Updated On: February 25th, 2014] [Originally Added On: February 25th, 2014]
- DEF CON 8 - Jon Erickson - Number Theory Complexity, Theory, Cryptography, and Quantum Computing. - Video [Last Updated On: February 26th, 2014] [Originally Added On: February 26th, 2014]
- Was YOUR iPhone at risk of being hacked? Bug in Apple update left mobiles open to identity theft for up to 18 months ... [Last Updated On: February 27th, 2014] [Originally Added On: February 27th, 2014]
- Security researchers urge tech companies to explain their cryptographic choices [Last Updated On: February 27th, 2014] [Originally Added On: February 27th, 2014]
- Apple reveals algorithm behind 'encrypted' iMessages [Last Updated On: February 28th, 2014] [Originally Added On: February 28th, 2014]
- Wiliest Ways to Keep the NSA at Bay [Last Updated On: March 1st, 2014] [Originally Added On: March 1st, 2014]
- How to Pronounce Cryptography - Video [Last Updated On: March 1st, 2014] [Originally Added On: March 1st, 2014]
- cryptography in DNS - Video [Last Updated On: March 3rd, 2014] [Originally Added On: March 3rd, 2014]
- Who is the reclusive billionaire creator of Bitcoin? [Last Updated On: March 4th, 2014] [Originally Added On: March 4th, 2014]
- How to say cryptography in Italian - Video [Last Updated On: March 4th, 2014] [Originally Added On: March 4th, 2014]
- Massive Linux security flaw dwarfs Appleās cryptography problems of just last week [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
- Security lessons from RSA [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
- Visual Cryptography - Video [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
- Classical Computing Embraces Quantum Ideas [Last Updated On: March 6th, 2014] [Originally Added On: March 6th, 2014]
- Quantum Cryptography Conquers Noise Problem [Last Updated On: March 6th, 2014] [Originally Added On: March 6th, 2014]
- REALITY LOST Bonus scene 4. Quantum cryptography Founding Fathers. - Video [Last Updated On: March 7th, 2014] [Originally Added On: March 7th, 2014]
- Quantum Cryptography: From Theory to Practice - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- Forcing Trust: Nonlocal Games and Untrusted-device Cryptography - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- TrustyCon 2014 - New Frontiers in Cryptography - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- REALITY LOST Bonus scene 3. Christian Kurtsiefer on hacking quantum cryptography. - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- Nerlens Noel Tweets Date for Potential NBA Debut [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- CISSP SG Cryptography - Video [Last Updated On: March 10th, 2014] [Originally Added On: March 10th, 2014]
- More secure communications thanks to quantum physics [Last Updated On: March 13th, 2014] [Originally Added On: March 13th, 2014]
- New Cryptography Scheme Secured By Quantum Physics [Last Updated On: March 13th, 2014] [Originally Added On: March 13th, 2014]
- History Of Cryptography - Video [Last Updated On: March 14th, 2014] [Originally Added On: March 14th, 2014]
- avc 19 Cryptography x264 - Video [Last Updated On: March 15th, 2014] [Originally Added On: March 15th, 2014]
- Edward Snowden Speaks at SXSW [Last Updated On: April 10th, 2017] [Originally Added On: March 15th, 2014]
- Tor is building an anonymous instant messenger [Last Updated On: April 10th, 2017] [Originally Added On: March 15th, 2014]
- learn cryptography learn the following pkcs refrences - Video [Last Updated On: March 16th, 2014] [Originally Added On: March 16th, 2014]
- [Lec-2][Part-2] Shift Cipher - Symmetric ciphers - Video [Last Updated On: March 16th, 2014] [Originally Added On: March 16th, 2014]