Abstract
Secure mobile apps, including end-to-end encrypted messaging apps such as Whats-App and Signal, are increasingly popular today. These apps require trust in a centralized key directory to automatically exchange the public keys used to secure user communication. This trust may be abused by malicious, subpoenaed, or compromised directories. A public key infrastructure (PKI) solution that requires less trust would increase the security of these commonly used apps.CONIKS is a recent PKI proposal that features transparent key directories which publish auditable digests of the public keys they present to queriers. By monitoring its key every time a new digest is published, a client can verify that its key is published correctly, reducing the need to trust the directory. CONIKS features improved security at the cost of unique auditing and monitoring requirements. In this thesis, we examine CONIKS' suitability as a PKI solution for secure mobile apps. We present a threat analysis of possible attacks on the CONIKS protocol and explore several important implications of CONIKS' system description, including recommendations for whistleblowing and key change policies. We also analyze mobile device usage data to estimate whether typical mobile device Internet connectivity is sufficient to fulfill CONIKS' monitoring requirement.
Degree
MS
College and Department
Physical and Mathematical Sciences; Computer Science
Rights
http://lib.byu.edu/about/copyright/
BYU ScholarsArchive Citation
Spendlove, George Bradley, "Security Analysis and Recommendations for CONIKS as a PKI Solution for Mobile Apps" (2018). Theses and Dissertations. 8829.
https://scholarsarchive.byu.edu/etd/8829
Date Submitted
2018-12-01
Document Type
Thesis
Handle
http://hdl.lib.byu.edu/1877/etd10519
Keywords
public key infrastructure, CONIKS, public ledger, transparency log, end-to-end encryption, mobile devices, Internet connectivity
Language
english