InfoGuard: A Design and Usability Study of User-Controlled Application-Independent Encryption for Privacy-Conscious Users

• URL: http://arxiv.org/abs/2311.00812v1
• Date: Wed, 1 Nov 2023 19:54:01 GMT
• Title: InfoGuard: A Design and Usability Study of User-Controlled Application-Independent Encryption for Privacy-Conscious Users
• Authors: Tarun Yadav, Austin Cook, Justin Hales, Kent Seamons,
• Abstract summary: Billions of secure messaging users have adopted end-to-end encryption (E2EE) Most communication applications do not provide E2EE, and application silos prevent interoperability. We propose InfoGuard, a system enabling E2EE for user-to-user communication in any application.
• Score: 1.2499537119440245
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Billions of secure messaging users have adopted end-to-end encryption (E2EE). Nevertheless, challenges remain. Most communication applications do not provide E2EE, and application silos prevent interoperability. Our qualitative analysis of privacy-conscious users' discussions of E2EE on Reddit reveals concerns about trusting client applications with plaintext, lack of clear indicators about how encryption works, high cost to switch apps, and concerns that most apps are not open source. We propose InfoGuard, a system enabling E2EE for user-to-user communication in any application. InfoGuard allows users to trigger encryption on any textbox, even if the application does not support E2EE. InfoGuard encrypts text before it reaches the application, eliminating the client app's access to plaintext. InfoGuard also incorporates visible encryption to make it easier for users to understand that their data is being encrypted and give them greater confidence in the system's security. The design enables fine-grained encryption, allowing specific sensitive data items to be encrypted while the rest remains visible to the server. Participants in our user study found InfoGuard usable and trustworthy, expressing a willingness to adopt it.

Related papers

• Privacy-preserving server-supported decryption [2.2530496464901106]
  We consider encryption systems with two-out-of-two threshold decryption, where one of the parties initiates the decryption and the other one assists. Existing threshold decryption schemes disclose to the server the ciphertext that is being decrypted. We give a construction, where the identity of the ciphertext is not leaked to the server, and the client's privacy is preserved.
  arXiv  Detail & Related papers  (2024-10-25T06:47:53Z)
• ARSecure: A Novel End-to-End Encryption Messaging System Using Augmented Reality [0.28087862620958753]
  We introduce ARSecure, a novel end-to-end encryption messaging solution utilizing augmented reality glasses. ARSecure allows users to encrypt and decrypt their messages before they reach their phone devices, effectively countering the CSS technology in E2EE systems.
  arXiv  Detail & Related papers  (2024-08-28T16:39:43Z)
• SoK: Web Authentication in the Age of End-to-End Encryption [9.053236170794579]
  E2EE messaging and backup services have brought new challenges for usable authentication. passwordless authentication ("passkeys") has become a promising candidate to replace passwords altogether. E2EE authentication quickly becomes relevant not only for a niche group of dedicated E2EE enthusiasts but for the general public.
  arXiv  Detail & Related papers  (2024-06-26T10:23:58Z)
• Mind the Privacy Unit! User-Level Differential Privacy for Language Model Fine-Tuning [62.224804688233]
  differential privacy (DP) offers a promising solution by ensuring models are 'almost indistinguishable' with or without any particular privacy unit. We study user-level DP motivated by applications where it necessary to ensure uniform privacy protection across users.
  arXiv  Detail & Related papers  (2024-06-20T13:54:32Z)
• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• Non-Fungible Programs: Private Full-Stack Applications for Web3 [0.3683202928838613]
  This paper introduces the Non-Fungible Program (NFP) model for developing self-contained applications. NFP applications are distributed blockchain, powered by Web technology, and backed by private databases in smart contracts. Access to code, as well as backend services, is controlled and guaranteed by smart contracts according to the NFT ownership model.
  arXiv  Detail & Related papers  (2024-04-24T03:46:18Z)
• CodeChameleon: Personalized Encryption Framework for Jailbreaking Large Language Models [49.60006012946767]
  We propose CodeChameleon, a novel jailbreak framework based on personalized encryption tactics. We conduct extensive experiments on 7 Large Language Models, achieving state-of-the-art average Attack Success Rate (ASR) Remarkably, our method achieves an 86.6% ASR on GPT-4-1106.
  arXiv  Detail & Related papers  (2024-02-26T16:35:59Z)
• EmojiCrypt: Prompt Encryption for Secure Communication with Large Language Models [41.090214475309516]
  Cloud-based large language models (LLMs) pose substantial risks of data breaches and unauthorized access to sensitive information. This paper proposes a simple yet effective mechanism EmojiCrypt to protect user privacy.
  arXiv  Detail & Related papers  (2024-02-08T17:57:11Z)
• RiDDLE: Reversible and Diversified De-identification with Latent Encryptor [57.66174700276893]
  This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor. Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
  arXiv  Detail & Related papers  (2023-03-09T11:03:52Z)
• Cloud-Based Face and Speech Recognition for Access Control Applications [55.84746218227712]
  The system helps employees to unlock the entrance door via face recognition without the need of tag-keys or cards. Visitors and delivery persons are provided with a speech-to-text service where they utter the name of the employee that they want to meet. The hardware of the system is constituted by two Raspberry Pi, a 7-inch LCD-touch display, a camera, and a sound card with a microphone and speaker.
  arXiv  Detail & Related papers  (2020-04-23T13:57:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.