SLIDE 1
Secure Messaging
Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley
End to End Encryption
- Only the two parties communicating can decrypt
messages
Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC - - PowerPoint PPT Presentation
Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC - - PowerPoint PPT Presentation
Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley End to End Encryption Only the two parties communicating can decrypt messages Forward Secrecy Key compromise doesnt compromise past session keys
SLIDE 2
SLIDE 3
Forward Secrecy
- Key compromise doesn’t compromise past session
keys
- Perfect: key only valid for one session.
SLIDE 4
Text Messaging
- Information can be read by third parties
- Information can be mined by third parties
- Your texts can inform the ads you receive in the mail!
SLIDE 5 Email
- Most is unsecured, sent in plaintext across the
web.
- 1.2 Billion people use gmail
SLIDE 6
Lavabit
- 2004-2013
- Provided email services to 410,000 people
- US government wanted to install a device that would
give them access to all of the customers’ messages
- US government wanted owner to surrender my
company's private encryption keys to access the plain-text versions of messages from customers using Lavabit’s encrypted storage feature (Paraphrasing Ladar)
SLIDE 7
SLIDE 8
SLIDE 9
Apple’s iMessage
- Developed in 2011
- Provides end-to-end encryption
SLIDE 10
Apple iMessage
SLIDE 11
Issues with iMessage
- Trusted third party
- Trusted code base
- Users unable to verify that there’s no MITM attack
- RSA key exchange — no perfect forward secrecy
SLIDE 12
SLIDE 13
Signal Messenger
- Previously TextSecure and RedPhone
- First launched in 2010
- Provides end-to-end encryption for text messages
and voice calls
SLIDE 14
Signal Protocol
- Phases:
- Registration
- Setup conversation
- Converse
SLIDE 15
Registration
- Authenticate server to client
- Authenticate client to server (to prevent
impersonation of a user by another):
- Server sends a token to user’s phone and
expects the user to send that token back – checks that user indeed owns that phone
- Provide some public keys to the server
SLIDE 16
Keys used
- Double Ratchet Algorithm
- ratchet: device that moves forward one step at a time
- Diffie-Hellman key exchange ratchet
- KDF ratchet
- long-lived keys
- pre-keys (medium lived)
- ephemeral keys (session keys)
SLIDE 17
PGP: Pretty Good Privacy
- First launched in 1991
- Encryption protocol for email
SLIDE 18
wikipedia
SLIDE 19
Web of Trust
- “As time goes on, you will accumulate keys from
- ther people that you may want to designate as
trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault- tolerant web of confidence for all public keys.” — Phil Zimmerman
SLIDE 20
SLIDE 21
SLIDE 22
Issues with PGP
- Hard to use
- No good user interface
SLIDE 23
Problematic properties of security
- unmotivated user
- security is a secondary goal
- abstraction
- security policies are abstract and not intuitive
- lack of feedback
- hard for security team to understand the user
- barn door
- once it’s gone, it’s gone
- weakest link
- security of system = security of weakest component