SEPPI: Secure and Privacy-Preserving Invitation for Unified Communication Meetings

Online meetings through various Unified Communication (UC) platforms are a common theme in the daily lives of many people. While the security features of many UC platforms have been improved over time, e.g., through the addition of end-to-end encryption, the invitation process is commonly still based on calendar invites sent by email. These email invitations form a security and privacy weakness for unified communication systems. To mitigate this weakness, we present in this paper the novel SEPPI architecture. Based on FIDO2 authentication, SEPPI provides confidentiality and integrity for meeting invites and pseudonymity and unlinkability for meeting participants. We analyze the security of SEPPI and conduct a large-scale systematic user evaluation of a \ac{seppi} prototype. Our findings suggest that SEPPI achieves increased privacy and security at an acceptable convenience cost.