Coniks: Bringing key transparency to end users

Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, Michael J. Freedman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.

Original languageEnglish (US)
Title of host publicationProceedings of the 24th USENIX Security Symposium
PublisherUSENIX Association
Pages383-398
Number of pages16
ISBN (Electronic)9781931971232
StatePublished - Jan 1 2015
Event24th USENIX Security Symposium - Washington, United States
Duration: Aug 12 2015Aug 14 2015

Publication series

NameProceedings of the 24th USENIX Security Symposium

Conference

Conference24th USENIX Security Symposium
CountryUnited States
CityWashington
Period8/12/158/14/15

Fingerprint

Transparency
Communication systems
Servers
Communication

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Melara, M. S., Blankstein, A., Bonneau, J., Felten, E. W., & Freedman, M. J. (2015). Coniks: Bringing key transparency to end users. In Proceedings of the 24th USENIX Security Symposium (pp. 383-398). (Proceedings of the 24th USENIX Security Symposium). USENIX Association.

Coniks : Bringing key transparency to end users. / Melara, Marcela S.; Blankstein, Aaron; Bonneau, Joseph; Felten, Edward W.; Freedman, Michael J.

Proceedings of the 24th USENIX Security Symposium. USENIX Association, 2015. p. 383-398 (Proceedings of the 24th USENIX Security Symposium).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Melara, MS, Blankstein, A, Bonneau, J, Felten, EW & Freedman, MJ 2015, Coniks: Bringing key transparency to end users. in Proceedings of the 24th USENIX Security Symposium. Proceedings of the 24th USENIX Security Symposium, USENIX Association, pp. 383-398, 24th USENIX Security Symposium, Washington, United States, 8/12/15.
Melara MS, Blankstein A, Bonneau J, Felten EW, Freedman MJ. Coniks: Bringing key transparency to end users. In Proceedings of the 24th USENIX Security Symposium. USENIX Association. 2015. p. 383-398. (Proceedings of the 24th USENIX Security Symposium).
Melara, Marcela S. ; Blankstein, Aaron ; Bonneau, Joseph ; Felten, Edward W. ; Freedman, Michael J. / Coniks : Bringing key transparency to end users. Proceedings of the 24th USENIX Security Symposium. USENIX Association, 2015. pp. 383-398 (Proceedings of the 24th USENIX Security Symposium).
@inproceedings{da07501a12614a84985a631859419a59,
title = "Coniks: Bringing key transparency to end users",
abstract = "We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.",
author = "Melara, {Marcela S.} and Aaron Blankstein and Joseph Bonneau and Felten, {Edward W.} and Freedman, {Michael J.}",
year = "2015",
month = "1",
day = "1",
language = "English (US)",
series = "Proceedings of the 24th USENIX Security Symposium",
publisher = "USENIX Association",
pages = "383--398",
booktitle = "Proceedings of the 24th USENIX Security Symposium",

}

TY - GEN

T1 - Coniks

T2 - Bringing key transparency to end users

AU - Melara, Marcela S.

AU - Blankstein, Aaron

AU - Bonneau, Joseph

AU - Felten, Edward W.

AU - Freedman, Michael J.

PY - 2015/1/1

Y1 - 2015/1/1

N2 - We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.

AB - We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.

UR - http://www.scopus.com/inward/record.url?scp=85076303055&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076303055&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85076303055

T3 - Proceedings of the 24th USENIX Security Symposium

SP - 383

EP - 398

BT - Proceedings of the 24th USENIX Security Symposium

PB - USENIX Association

ER -