a look into the mobile messaging black box
play

A look into the Mobile Messaging Black Box Roland Schilling Frieder - PowerPoint PPT Presentation

Oct 10, 2023 •524 likes •1.45k views

A look into the Mobile Messaging Black Box Roland Schilling Frieder Steinmetz December 27, 2016 Hamburg University of Technology Security in Distributed Applications 33 rd Chaos Commmunication Congress #33c3 @NerdingByDoing @twillnix

  1. A look into the Mobile Messaging Black Box Roland Schilling Frieder Steinmetz December 27, 2016 Hamburg University of Technology Security in Distributed Applications 33 rd Chaos Commmunication Congress #33c3 @NerdingByDoing @twillnix

  2. Messaging – Identifying Our Expectations You’re at a party • Friend approaches you and needs to tell you something in private • What do you expect when you say private? • You enter a separate room, you trust the location • What does a separate room offer you? party

  3. A Private Room You are now alone in a closed room with your Friend • Both of you have absolute Confidentiality that you are alone • Nobody can overhear your talk • Your exchange is completely private We call this confidentiality

  4. You Know Each Other Since you’re long-time friends, you’re absolutely sure, whom you’re talking to • Nobody can impersonate your friend or you, without the other noticing • You’re talking directly, without a phone or webcam in between We call this authenticity

  5. In Sight of Each Other The room you’re in is small enough that you can always see each other • You know that the words you speak are received just as you spoke them • There is no way either of you hears something other than the other says We call this integrity

  6. It’s a One-Time Talk Suppose somebody steps into the room • They could overhear your conversation • They would only learn the contents of this particular conversation • They would not learn anything about past conversations you had might have We call this forward secrecy → After leaving they would not be able to listen to any future conversations you We call this future secrecy

  7. It’s a One-Time Talk Forward- and Future Secrecy secret conversation overheard conversation timeline Forward Secrecy Future Secrecy third person enters room third person leaves room

  8. It’s a One-Time Talk Between Only You Two There are no witnesses in the room • Either of you can later deny to other having made any statement • Neither of you can prove to other that any of you have made a particular statement We call this deniability

  9. Messaging – Reality Check

  10. Messaging – A More Technical Analogy We started with a conversation analogy to identify our expectations of messaging of view. = > → Actually postal services are better to look at messaging from a technical point From: Alice To: Bob

  11. Example: Traditional Messaging What if our party conversation had taken place via SMS? Your providers (and other people on the same network) • would know the contents of your exchange: no confidentiality • could change the contents of your exchange: no integrity • could reroute your messages and impersonate either of you: no authentication • do not guarantee any secrecy, so we have neither forward secrecy nor future secrecy → We could argue having deniability though. → Messaging translates badly to our offline communication expectation

  12. From Postcards to Letters

  13. From Postcards to Letters

  14. The Shortest Introduction to Encryption You Will Ever Get Symmetric Encryption: Asymmetric Encryption: Encryption and decryption with different keys → Encryption and decryption with the same key Key Crypto plain text ciphertext

  15. The Shortest Introduction to Encryption You Will Ever Get Symmetric Encryption: Asymmetric Encryption: Encryption and decryption with different keys → Encryption and decryption with the same key Key Key Crypto Crypto plain text ciphertext plain text

  16. The Shortest Introduction to Encryption You Will Ever Get Asymmetric Encryption: Symmetric Encryption: → Encryption and decryption with the same key Key Key Crypto Crypto plain text ciphertext plain text → Encryption and decryption with different keys Key Key Crypto Crypto plain text ciphertext plain text

  17. The Shortest Introduction to Encryption You Will Ever Get Symmetric Encryption: Asymmetric Encryption: → Encryption and decryption with the same key Key Key Crypto Crypto plain text ciphertext plain text → Encryption and decryption with different keys Key Key key pair Crypto Crypto plain text ciphertext plain text

  18. • Both parties publish their identities and public keys Public-Key Cryptography – In a Nutshell • Any message can be encrypted with anyone’s public key and only be decrypted with its corresponding secret key Secret Key Secret Key Identity Identity Secret Key Identity Public Key Public Key Public Key

  19. Public-Key Cryptography – In a Nutshell • Both parties publish their identities and public keys • Any message can be encrypted with anyone’s public key and only be decrypted with its corresponding secret key Secret Key Secret Key Identity Identity Secret Key Identity Public Key Public Key Public Key Key Key key pair Crypto Crypto plain text ciphertext plain text

  20. Public-Key Cryptography – In a Nutshell • Both parties publish their identities and public keys • Any message can be encrypted with anyone’s public key and only be decrypted with its corresponding secret key ? Public Key Bob Secret Key Bob Crypto Crypto Bob

  21. Key Establishment . Secret Key Secret Key Public Key Public Key Identity Identity Secret Key Public Key Identity Public Key Bob Public Key Alice Key Key Key Generator Generator

  22. Recap Symmetric Encryption is cheap, but a key has to keys based on asymmetric key pairs. Asymmetric Encryption gives us IDs but is very ex- tion starts. Key Establishment allows us to create symmetric But there’s more… pensive. Key Key key pair Crypto Crypto plain text ciphertext plain text Key Key be shared by all participants before communica- Crypto Crypto plain text ciphertext plain text Secret Key Secret Key Public Key Public Key Identity Identity Secret Key Public Key Identity Public Key Bob Public Key Alice Key Key Key Generator Generator

  23. Confidentiality Key Key Crypto Crypto plain text ciphertext plain text ?

  24. Deniability From: either of us To: both of us

  25. But What About Forward- and Future Secrecy? secret conversation overheard conversation timeline Forward Secrecy Future Secrecy third person enters room third person leaves room

  26. But What About Forward- and Future Secrecy? secret messages compromised messages timeline Forward Secrecy Future Secrecy key compromise key renegotiation

  27. But What About Forward- and Future Secrecy? Key Key Crypto Crypto Bob

  28. But What About Forward- and Future Secrecy? Key Key Crypto Crypto Bob Key

  29. Recap Our key establishment protocol gives us: • Confidentiality • Deniability • Authenticity We don’t have: • Forward Secrecy • Future Secrecy → We are ignoring Integrity here, but we have that, too.

  30. Key and ID Management Cryptography is rarely, if ever, the solution to a security problem. Cryptography is a translation mechanism, usually converting a communications security problem into a key management problem. —Dieter Gollmann

  31. Key and ID Management Messenger Server Public Key Bob Public Key Alice Alice? Bob? Public Key b o B y e Alice K c l i b u P Secret Key Public Key Identity Secret Key Public Key Identity

  32. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? Can identify a user. But is also considered personal information. • An email address? Same thing as with phone number. But a temporary email can be used. • Something else? Dedicated IDs offer anonymous usage, but ID ownership must be verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership

  33. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? Same thing as with phone number. But a temporary email can be used. • Something else? Dedicated IDs offer anonymous usage, but ID ownership must be verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership → Can identify a user. But is also considered personal information.

  34. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? • Something else? Dedicated IDs offer anonymous usage, but ID ownership must be verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership → Can identify a user. But is also considered personal information. → Same thing as with phone number. But a temporary email can be used.

  35. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? • Something else? verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership → Can identify a user. But is also considered personal information. → Same thing as with phone number. But a temporary email can be used. → Dedicated IDs offer anonymous usage, but ID ownership must be

  36. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? • Something else? verifyable. → Can identify a user. But is also considered personal information. → Same thing as with phone number. But a temporary email can be used. → Dedicated IDs offer anonymous usage, but ID ownership must be → Dedicated IDs are preferrable. But only if we find a way to verify ID ownership

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil Software Engineer at Red Hat Core developer on WildFly Application Server, lead for its messaging component Developed messaging brokers (HornetQ,

965 views • 82 slides
Mobile Health in Two Populations: Addressing Chronic Disease Management Through Text Messaging

Mobile Health in Two Populations: Addressing Chronic Disease Management Through Text Messaging

Mobile Health in Two Populations: Addressing Chronic Disease Management Through Text Messaging Keith McInnes, ScD, MS BUSPH HLPM & VA Center for Health Outcomes and Implementation Research (CHOIR) 1 Value of text messaging in

480 views • 33 slides
Mobile messaging service framework for location-based communities T-106.5820 Seminar on

Mobile messaging service framework for location-based communities T-106.5820 Seminar on

Mobile messaging service framework for location-based communities T-106.5820 Seminar on Distributed Systems, Autumn 2008 Harri Hlikk Synopsis of the study Goals are to describe the concept and basic characteristics of the service on

481 views • 7 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning & WAP primer Forging Messages Demo: Remote provisioning Provisioning: Process and Issues Attack scenario and exploiting Final

713 views • 59 slides
YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I here? Hundreds of product launches. Dozens of corporate launches. One top-funded Kickstarter campaign The Tool: The Message Map

655 views • 22 slides
Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple communication channels of phone messaging, web, and social network January 2016 www.zappix.com 1 Company Profile Zappixs Visual IVR Platform

543 views • 37 slides
CS 525M Mobile Computing Emmanuel Agu Database Management in Mobile Environments Last week,

CS 525M Mobile Computing Emmanuel Agu Database Management in Mobile Environments Last week,

CS 525M Mobile Computing Emmanuel Agu Database Management in Mobile Environments Last week, talked about applications: wireless web, messaging, MPEG, application-aware adaptation Today focus on data management issues First,

507 views • 7 slides
BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every

BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every

BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every day Why 13-34 year olds love messaging 1. Trust Young adults dont trust social networks 2. Intimacy They want to be able to share

465 views • 34 slides
Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Chair for Network Architectures and Services Technische Universit at M unchen Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures and Services Department of Informatics Technische Universit

519 views • 28 slides
PERSONALIZATION Customers expect personalized, tailored messaging no matter which channel or

PERSONALIZATION Customers expect personalized, tailored messaging no matter which channel or

THE STRUGGLE FOR SMART PERSONALIZATION Customers expect personalized, tailored messaging no matter which channel or device. SO WHY AREN'T MARKETERS DELIVERING? Take a look at why personalization is top priority in the mobile era, and why

411 views • 22 slides
SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel Solutions What are we covering off today? Who we are - communigator relationship Power of using SMS What does good look like? What is

342 views • 19 slides
STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS:

STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS:

STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS: Andy Raskin Andy Raskin Strategic Messaging & Positioning Strategic Messaging & Positioning http://andyraskin.com The great

690 views • 45 slides
MQTT IoT Messaging Protocol Francisco Quintero Lead Firmware Engineer - Internet of Things:

MQTT IoT Messaging Protocol Francisco Quintero Lead Firmware Engineer - Internet of Things:

MQTT IoT Messaging Protocol Francisco Quintero Lead Firmware Engineer - Internet of Things: The next frontier - Evolution of the net: Military and academic use (Mainframes, Minicomputers) General, personal use (Mobile, cloud)

691 views • 33 slides
in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Messaging is Popular 2 Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

585 views • 40 slides
BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha Introduction Messaging Matters OUTLINE Research Observations Recommendations Small Group Discussion Large Group Q&A Introduction Messaging

580 views • 25 slides
!"#$%&'()*+&,$-./(0).( & KG"99$(/$3 &

!"#$%&'()*+&,$-./(0).( & KG"99$(/$3 &

!"#$%&'()*+&,$-./(0).( & KG"99$(/$3 & !"#$%&'()*+&,$-./(0).(&1!',2&3+3*$#3&0%$()4+&35$-06-&*+5$3&.4&

612 views • 5 slides
COMP 364: Computer Tools for Life Sciences Regular expressions Christopher J.F. Cameron and

COMP 364: Computer Tools for Life Sciences Regular expressions Christopher J.F. Cameron and

COMP 364: Computer Tools for Life Sciences Regular expressions Christopher J.F. Cameron and Carlos G. Oliver 1 / 26 Key course information HW4 due tonight at 11:59:59 pm HW5 available now! due Thursday, December 7th at 11:59:59 pm

513 views • 26 slides
the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the

the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the

the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the Internet structure Everyone knows the role of the Internet in our society, but since its commercialization in 1995, no one knows its complete

424 views • 29 slides
Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe

Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe

Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe Foremski, David Plonka, Arthur Berger 1 Whats Entropy/IP? A system that automatically learns structures in Internet addresses known to be active

802 views • 50 slides
Skip Fidura Client Services Director dotmailer Chairman, Email Council, UK DMA @skipfidura

Skip Fidura Client Services Director dotmailer Chairman, Email Council, UK DMA @skipfidura

Skip Fidura Client Services Director dotmailer Chairman, Email Council, UK DMA @skipfidura @dotmailer 2013 2014 16% 91b 17% 107b Growth Consumer Growth Online Sales Sales 21% Total Retail Source: Capgemeni 2014 Slide 2

920 views • 44 slides
--Smart Service Systems-- Sara B. Nerlove, Ph.D. Program Director Industrial Innovation

--Smart Service Systems-- Sara B. Nerlove, Ph.D. Program Director Industrial Innovation

NSF Webinar Partnerships for Innovation: Building Innovation Capacity (PFI:BIC) Solicitation: NSF 15-610 --Smart Service Systems-- Sara B. Nerlove, Ph.D. Program Director Industrial Innovation and Partnerships Directorate for

726 views • 23 slides
Identifying Features of Android Apps from Execution Traces Qi Xin, Farnaz Behrang, Mattia

Identifying Features of Android Apps from Execution Traces Qi Xin, Farnaz Behrang, Mattia

Identifying Features of Android Apps from Execution Traces Qi Xin, Farnaz Behrang, Mattia Fazzini, and Alessandro Orso Understanding a Program & its Features Debugging Refactoring Debloating Testing Documentation Functionality

637 views • 40 slides
Estimates and Projections SDC affiliates meeting May 2009 Program on Applied Demographics Web:

Estimates and Projections SDC affiliates meeting May 2009 Program on Applied Demographics Web:

Estimates and Projections SDC affiliates meeting May 2009 Program on Applied Demographics Web: http://pad.human.cornell.edu Email: PADInfo@Cornell.edu Estimates Review of early releases County - Population Co nt Pop lation Sub

104 views • 8 slides

More recommend