On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification

Many widely used Internet messaging and calling apps, such as WhatsApp, Viber, Telegram, and Signal, have deployed an end-to-end encryption functionality. To defeat potential MITM attackers against the key exchange protocol, the approach relies on users to perform a code verification task whereby each user must compare the code (a fingerprint of the cryptographic keys) computed by her app with the one computed by the other user's app and reject the session if the two do not match. In this paper, we study the security and usability of this human-centered code verification task for a setting where the end users are remotely located, and compare it as a baseline to a less frequent scenario where the users are in close proximity. We consider several variations of the code presentation and verification methods, incorporated into representative real-world apps, including codes encoded as numbers or images, displayed on the screen, and verbally spoken by the users. We perform a human factors study in a lab setting to quantify the security and usability of these different methods. Our study results expose key weaknesses in the security and usability of the code verification methods employed in the apps. First, we show that most code verification methods offer poor security (high false accepts) and low usability (high false rejects and low user experience ratings) in the remote setting. Second, we demonstrate that, security and usability under the remote code verification setting is significantly lower than that in the proximity setting. We attribute this result to the increased cognitive overhead associated with comparing the codes across two apps on the same device (remote setting) rather than across two devices (proximity setting). Overall, our work serves to highlight a serious vulnerability of Internet-based communication apps in the remote setting stemming from human errors.