Security and Privacy in Unified Communication Architectures with Focus on Online Real-Time Meeting Scheduling and Joining

Use of Unified Communication (UC) technology, including video conferencing, audio conferencing, and instant messaging, significantly increased during the COVID-19 pandemic. It has become essential for digital activism and in broader societal contexts. For example, undetectability, anonymity, and genuine end-to-end encryption are not always provided by commonly used UC platforms. Digital activists unaware of the associated risks of using UC meetings to coordinate on-the-ground activities could be a target for autocratic governments. However, UC users often overlook the importance of security and privacy. This dissertation establishes the security and privacy threats associated with UC by systematically analyzing the security and privacy threats and mitigations in a generic UC scenario. A critical aspect of the dissertation involves a comprehensive examination of the existing security and privacy properties embedded within major UC market leaders. This research analyzes the deficiencies in current UC solutions for mitigating the identified threats and aligning them with the requirements of digital activists. Further, the study collects and analyzes the specific functional, security, and privacy requirements for users engaged in digital activism by using semi-structured interviews. Through a comprehensive analysis, the research identifies several gaps in existing UC systems’ security and privacy provisions. While confidentiality in communication channels is generally well protected through encryption, other security and privacy properties such as anonymity, undetectability, anonymous communication, transparency, and user awareness are mostly lacking on UC platforms. One such identified issue pertains to the security and privacy of meeting invitations via e-mail, a common component of UC platforms. The research proposes a viable solution to mitigate this weakness by presenting the novel Secure and Privacy Preserving Invitation (SEPPI) architecture. SEPPI ensures that meeting invitations are confidential and secure, while also maintaining pseudonymity via aliases and activities that cannot be correlated with participants (unlinkability). The security and privacy of SEPPI are analyzed, and a large-scale systematic user evaluation of a SEPPI prototype is conducted. The findings suggest that SEPPI achieves increased privacy and security at an acceptable cost to convenience. Overall, the thesis shows a trend toward convenient consumption of UC as a commodity and a lack of end-user awareness about exposing sensitive information, for example, via metadata. The identified security and privacy threats and provided mitigations should inform and guide the UC user in determining the selection criteria for choosing a platform, both in general and for sensitive communication.