Detecting and preventing active attacks against Autocrypt
ΒΆ
1. Introduction
1.1. Attack model and terminology
1.2. Problems of current key-verification techniques
1.3. Integrating key verification with general workflows
1.4. Supplementary key consistency through ClaimChains
1.5. Detecting inconsistencies through Gossip and DKIM
2. Securing communications against network adversaries
2.1. Setup Contact protocol
2.2. Verified Group protocol
2.3. History-verification protocol
2.4. Verifying keys through onion-queries
3. Key consistency with ClaimChains
3.1. High level overview of the ClaimChain design
3.2. Use and architecture
3.3. Evaluating ClaimChains to guide verification
4. Using Autocrypt key gossip to guide key verification
4.1. Attack Scenarios
4.2. Probability of detecting an attack through out of band verification
5. Using DKIM signature checks to guide key verification
5.1. DKIM Signatures on Autocrypt Headers
5.2. Device loss and MITM attacks
5.3. Open Questions
countermitm-0.10.0
Index
Download PDF
Github
IRC/freenode #nextleap