GGrantIndex
← Search

CRII: SaTC: Privacy vs. Accountability--Usable Deniability and Non-Repudiation for Encrypted Messaging Systems

$175,000FY2024CSENSF

New Mexico State University, Las Cruces NM

Investigators

Abstract

End-to-end encrypted messaging apps are used by billions of people, globally. Encryption by itself, however, does not guarantee people’s privacy, accountability, and safety. Sometimes safety goals require plausible deniability: for conversations that might be compromising, it can useful to send a message and have the receiver know who sent it, but not be able to prove who the sender was to others. Sometimes accountability goals require non-repudiation: for on-the-record conversations, a sender may want to be able to prove that they, or their partner, sent a message even if the partner claims otherwise and tries to alter the conversation transcript. This project’s goal is to help people understand and make good choices about when to choose deniability and when to choose non-repudiation and develop messaging app features that make it easy to make those choices. Through this, the project will advance knowledge around how people make sense of and use cryptography, and people’s practical ability to effectively and safely communicate. The project is organized around two parallel interface design activities, one focused on interfaces for deniability, and one on interfaces for non-repudiation. For deniability, the team will develop interaction techniques that allow users to alter the content, timing, and authorship of messages in a transcript, leveraging underlying cryptographic techniques that support those edits. For non-repudiation, the team will develop interaction techniques that help people cryptographically sign messages using keys tied to their identity. Both interfaces will be tested through a series of user studies that address (1) people’s ability to use the tools, (2) their ability to understand the implications of using tools for deniability and non-repudiation, and (3) to use them in conversational contexts. The work will be carried out with a number of undergraduate and graduate students, and research interns, providing valuable and needed training for a future cybersecurity workforce. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →