secure messaging
play

Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC - PowerPoint PPT Presentation

Nov 09, 2023 •180 likes •424 views

Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley End to End Encryption Only the two parties communicating can decrypt messages Forward Secrecy Key compromise doesnt compromise past session keys

  1. Secure Messaging Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley

  2. End to End Encryption • Only the two parties communicating can decrypt messages

  3. Forward Secrecy • Key compromise doesn’t compromise past session keys • Perfect: key only valid for one session.

  4. Text Messaging • Information can be read by third parties • Information can be mined by third parties • Your texts can inform the ads you receive in the mail!

  5. Email • Most is unsecured, sent in plaintext across the web. • 1.2 Billion people use gmail

  6. Lavabit • 2004-2013 • Provided email services to 410,000 people • US government wanted to install a device that would give them access to all of the customers’ messages • US government wanted owner to surrender my company's private encryption keys to access the plain-text versions of messages from customers using Lavabit’s encrypted storage feature (Paraphrasing Ladar)

  9. Apple’s iMessage • Developed in 2011 • Provides end-to-end encryption

  10. Apple iMessage

  11. Issues with iMessage • Trusted third party • Trusted code base • Users unable to verify that there’s no MITM attack • RSA key exchange — no perfect forward secrecy

  13. Signal Messenger • Previously TextSecure and RedPhone • First launched in 2010 • Provides end-to-end encryption for text messages and voice calls

  14. Signal Protocol • Phases: • Registration • Setup conversation • Converse

  15. Registration • Authenticate server to client • Authenticate client to server (to prevent impersonation of a user by another): • Server sends a token to user’s phone and expects the user to send that token back – checks that user indeed owns that phone • Provide some public keys to the server

  16. Keys used • Double Ratchet Algorithm • ratchet: device that moves forward one step at a time • Diffie-Hellman key exchange ratchet • KDF ratchet • long-lived keys • pre-keys (medium lived) • ephemeral keys (session keys)

  17. PGP: Pretty Good Privacy • First launched in 1991 • Encryption protocol for email

  18. wikipedia

  19. Web of Trust • “As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault- tolerant web of confidence for all public keys.” — Phil Zimmerman

  22. Issues with PGP • Hard to use • No good user interface

  23. Problematic properties of security • unmotivated user • security is a secondary goal • abstraction • security policies are abstract and not intuitive • lack of feedback • hard for security team to understand the user • barn door • once it’s gone, it’s gone • weakest link • security of system = security of weakest component

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones Information Technology Security Location User Messaging Tracking Network * CEO A. Baar Akbay CFO PDM M. Melih H. Hakan Deirmenci Kahraman

371 views • 36 slides
A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

Secure Public Instant Messaging Financial Cryptography - Feb 27, 2006 A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University, Canada Mohammad Mannan Feb 27, 2006 1

399 views • 15 slides
The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution

The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution

Grape Chat Presentation 2019 The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution that lives inside your favourite tools. The secure Autobahn of communication Integrate Grape with market leading

568 views • 25 slides
Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM, and attacks against it How IM is being used today, and why these uses make strong security essential Current problems and examples To-do

258 views • 23 slides
Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin

Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin

Electrical and Computer Engineering Department Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin Soltani, Amir Houmansadr, Dennis Goeckel, Don Towsley University of Massachusetts Amherst Instant

512 views • 40 slides
POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P.

POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P.

POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P. Willmann, P. Druschel, D. S. Wallach Rice University X. Bonnaire, P. Sens, J.-M. Busca, L. Arantes-Bezerra University of Paris 6 (LIP6) HotOS 2003 1

197 views • 16 slides
Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy and the U.S. Department of Homeland

541 views • 15 slides
Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

779 views • 30 slides
Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

699 views • 54 slides
Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements

Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements

Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements Homework 3 due Dec 2 Final Dec 15, 11:30-2:30 End-to-end encryption Encryption decryptable only by the ends Intermediary dont receive decryption

769 views • 30 slides
I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger and Ian Goldberg Secure Messaging 2 Secure Messaging All-Verifier Deniable Anonymous Authentication End-to Authentication End Zone

776 views • 48 slides
Secure SMS messaging using Quasigroup encryption and Java SMS API Marko Hassinen, Smile Markovski

Secure SMS messaging using Quasigroup encryption and Java SMS API Marko Hassinen, Smile Markovski

Secure SMS messaging using Quasigroup encryption and Java SMS API Marko Hassinen, Smile Markovski Marko.Hassinen@cs.uku.fi, smile@ii.edu.mk University of Kuopio, Finland SS Cyril and Methodius University, Republic of Macedonia SPLST 2003

595 views • 38 slides
ADHA S ecure Messaging Industry Offer Proposed T esting Process Details December 2019

ADHA S ecure Messaging Industry Offer Proposed T esting Process Details December 2019

ADHA S ecure Messaging Industry Offer Proposed T esting Process Details December 2019 Welcome! Webinar technical presenter: S cott Ferris, S olution Architect, ADHA 1 2 2 3 4 5 6 7 M Y SECURE SECURE INTEROPERABILITY M

419 views • 13 slides
YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I here? Hundreds of product launches. Dozens of corporate launches. One top-funded Kickstarter campaign The Tool: The Message Map

655 views • 22 slides
Contacts, Referrals & Secure Messaging Allied Health Professions Australia (AHPA) Presented

Contacts, Referrals & Secure Messaging Allied Health Professions Australia (AHPA) Presented

Webinar 2 Contacts, Referrals & Secure Messaging Allied Health Professions Australia (AHPA) Presented by Katrina Otto Train IT Medical Pty Ltd www.trainitmedical.com.au katrina@trainitmedical.com.au Allied Health Professions Australia

836 views • 57 slides
Universality of group embeddability Filippo Calderoni University of Turin Polytechnic di Turin

Universality of group embeddability Filippo Calderoni University of Turin Polytechnic di Turin

Universality of group embeddability Filippo Calderoni University of Turin Polytechnic di Turin 27th July 2016 1/22 Borel reducibility In the framework of Borel reducibility, relations are defined over Polish or standard Borel spaces.

467 views • 44 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John Roman Linux System Administrator RAND Corporation SCALE 2017 Roman, John PGP PGP 101 public/private keyrings Roman, John PGP PGP 101

690 views • 42 slides
Launchpad GPG & SSH Key Basics Class on making and importing your own GPG & SSH Key(s)

Launchpad GPG & SSH Key Basics Class on making and importing your own GPG & SSH Key(s)

Launchpad GPG & SSH Key Basics Class on making and importing your own GPG & SSH Key(s) into Launchpad Making your GPG Key Ok the things you'll need for this process. 1) Email Client such as Thunderbird. 2) A GPG/PGP Key Plugin for

449 views • 6 slides
Human Factors Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Human Factors Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Human Factors Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Discuss the practical consideration of usability of security

459 views • 31 slides
Reaping and breaking keys at scale: when crypto meets big data Nils Amiet Yolan Romailler

Reaping and breaking keys at scale: when crypto meets big data Nils Amiet Yolan Romailler

Reaping and breaking keys at scale: when crypto meets big data Nils Amiet Yolan Romailler August 2018 DEF CON 26 Public keys what for? Break them! Retrieve the private keys Show how easy it is If we can do it

684 views • 31 slides
Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why it was created? Cryptographic protocol Paper in 2004 by Ian Goldberg , Nikita Borisov and Eric Brewer Conversations in the

299 views • 18 slides

More recommend