SafeSlinger makes sending secure messages easy. Just keep your passphrase a secret, and only you and the other party can read messages. Messages cannot be read by your cellular carrier, Internet-provider, employer, or anyone else. SafeSlinger is the result of research at Carnegie Mellon’s CyLab that resolves a specific security problem. The problem: How can we start a trusted relationship between people, on the fly, without people having sophisticated knowledge of security protocols? Users regularly experience a crisis of confidence on the Internet. Is that email truly originating from the claimed individual? Is that Facebook invitation indeed from that person or is it a fake page set up by an impersonator? These doubts are usually resolved through a leap of faith, expressing the desperation of users. To establish a secure basis for Internet communication, they have implemented SafeSlinger, a system leveraging the proliferation of smartphones to enable people to securely and privately exchange their public keys. Through the exchanged authentic public key, SafeSlinger establishes a secure channel offering secrecy and authenticity, which we use to support secure messaging and file exchange. Essentially, we support an abstraction to safely “sling” information from one device to another. SafeSlinger also provides an API for importing applications’ public keys into a user’s contact information. By slinging entire contact entries to others, we support secure introductions, as the contact entry includes the SafeSlinger public keys as well as other public keys that were imported. As a result, SafeSlinger provides an easy-to-use and understand approach for trust establishment among people. Cryptography alone cannot address this problem. They have many useful protocols such as SSL or PGP for entities that already share authentic key material, but the root of the problem still remains: how do we obtain the authentic public key from the intended resource or individual? The global certification process for SSL is not without drawbacks and weaknesses, and the usability challenges of decentralized mechanisms such as PGP are well-known. The problem of human-oriented, trust establishment is fundamental; no amount of automation and “fail-safe” defaults can avoid the need for basic trust decisions to be made by humans (system administrators and ordinary users alike), since they ultimately assume the risks of digital communication, accessing remote sites, allowing remote access to their local resources, and employing other users’ services. To counteract these challenges, they designed SafeSlinger as an easy-to-use application that offers many benefits to drive usage. Per Metcalfe’s law, the utility of a system grows with the square of the number of users. Our goal is thus to provide immediate utility to enable epidemic growth. They achieve immediate utility through the robust exchange of contact list information between different smartphone platforms, which does not require any location information or leak private information outside the participating phones. SafeSlinger also provides simple and secure messaging and file transfer that is immediately usable. Because the messages are encrypted and require a password to access, many teens may find this appealing to protect their messages from peers and parents. Through free multi-platform applications available on smartphone markets, open documentation, and open-source code, they anticipate wide adoption of SafeSlinger. Assuming wide adoption, they hope to provide usable and secure communication for the masses, and a security platform that will enable numerous security services and applications. This has been added to the tools section of Research Resources Subject Tracer™ Information Blog. This will be added to Privacy Resources Subject Tracer™.
posted by Marcus Zillman |