The gold standard to construct and analyze security protocols in modern cryptology is to first define a security model that specifies the use of the protocol and the capabilities of an attacker in a mathematically-precise way, and then show the security of proposed protocols by reduction to well-defined computational hardness assumptions (aka. the "provable security" approach).In the context of secure storage of messages and media in instant messaging environments we are still lacking this level of clarity and rigor of security claims, despite the huge practical importance of this topic. The vast majority of prior research on encrypted instant messaging has focused on messages in transit, but existing results say nothing about the privacy of messages that are stored on a user's device(s). This research project will address this research gap by providing first foundational models and provably-secure constructions for secure storage of messages and media in instant messaging environments. We will define security models that capture desirable advanced security properties, such as forward security, post-compromise security, and more, in a modular fashion. This will enable us to formally analyze and understand the security properties and limitations of existing protocols, in order to develop efficient and practical alternative solutions for the wide variety of use cases that exist in the instant messaging space. A major aspect of the proposal is to construct and analyse provably-secure key derivation schemes for secure backup storage, using advanced cryptographic techniques for oblivious computation.

DFG Programme Research Grants