whatsapp end to end encryption are our messages private
play

WhatsApp End-to-End Encryption: Are Our Messages Private? - PowerPoint PPT Presentation

Apr 03, 2024 •571 likes •979 views

WhatsApp End-to-End Encryption: Are Our Messages Private? Supervisors: Research project by: Pavlos Lontorfos Ruben De Vries Soufiane el Aissaoui Tom Carpaij 1 Introduction 2 Introduction 1.5 billion users Black box

  1. WhatsApp End-to-End Encryption: Are Our Messages Private? Supervisors: Research project by: Pavlos Lontorfos Ruben De Vries Soufiane el Aissaoui Tom Carpaij 1

  2. Introduction 2

  3. Introduction 1.5 billion users ● “Black box” application ● Security vs. end-to-end encryption ● Can we trust Facebook's claim of End-to-End ● encryption? 3

  4. Research questions Is user-to-user message exchange via WhatsApp End-to-End encrypted? What are the algorithms used to create the Signal protocol? ● What are the differences between Signal and WhatsApp network traffic? ● To what extent are WhatsApp messages encrypted to the Signal protocol ● specifications? 4

  5. Literature review Breach of End-to-End encryption in group messages [1] ● Non-blocking WhatsApp implementation [2] ● Voicemail account verification hijack [3] ● Signal protocol papers [4] [5] ● WhatsApp End-to-End encryption implementation whitepaper [6] ● Formal proof of Signal protocol security [7] ● 5

  6. Background: Extended Triple Diffie-Hellman (X3DH) X3DH illustration. From Open Whisper Systems , by Marlinspike and Perrin, 2016. Retrieved from https://signal.org/docs/specifications/x3dh/ 6

  7. Background: Single ratchet algorithm Single ratchet illustration. From Open Whisper Systems , by Perrin and Marlinspike , 2016. Retrieved from https://signal.org/docs/specifications/doubleratchet/ 7

  8. Background: Double ratchet algorithm Double ratchet illustration. From Open Whisper Systems , by Perrin and Marlinspike , 2016. Retrieved from https://signal.org/docs/specifications/doubleratchet/Set3_2.png 8

  9. Blocking-Non blocking mechanism Signal: Blocking Mechanism No message retransmission ● Smaller User Base ● Secure ● WhatsApp: Non-blocking Mechanism Messages are retransmitted ● Friendly user experience/ convenience ● Security issues - Attack scenario ● 9

  10. Methods Assumptions made: If Signal is implemented correctly, the protocol is secure ● Signal Application implements their protocol correctly ● WhatsApp is proprietary software Android version was analyzed. Protocol implementation remains the same for IOS Latest available version of WhatsApp(2.18.380) and Signal(4.32.8) 10

  11. Experiments 11

  12. Experiment: Traffic comparison 12

  13. Results: Traffic comparison 13

  14. Experiment: Packet decryption 14

  15. Results: Packet decryption 15

  16. Results: Packet decryption 16

  17. Results: Packet decryption Unfortunately no packets captured from WhatsApp Noise Pipes : Custom protocol instead of TLS Burp Suite couldn’t recognise those packets 17

  18. Experiment: Basic blocking 18

  19. Experiment: Basic blocking 19

  20. Experiment: Basic blocking 20

  21. Experiment: Basic blocking 21

  22. Experiment: Basic blocking 22

  23. Experiment: Basic blocking 23

  24. Experiment: Basic blocking 24

  25. Results: Basic blocking 25

  26. Experiment:Sender offline blocking 26

  27. Experiment:Sender offline blocking 27

  28. Experiment:Sender offline blocking 28

  29. Experiment:Sender offline blocking 29

  30. Experiment:Sender offline blocking 30

  31. Results: Sender offline blocking 31

  32. Experiment:Sender offline blocking 32

  33. Experiment: Sender offline blocking 33

  34. Results: Sender offline blocking 34

  35. Experiment: Sender migration blocking 35

  36. Results: Sender migration blocking 36

  37. Discussion We expected the traffic of both applications to be more similar ● Decryption could verify the correct use of the Signal protocol ● 37

  38. Future work Key extraction and message decryption (reverse engineering) ● Phone call verification abuse ● Metadata collection ● WhatsApp, Instagram and Messenger integration ● 38

  39. Conclusion What are the algorithms used to create the Signal protocol? ● What are the differences between Signal and WhatsApp network ● traffic? To what extent are WhatsApp messages encrypted to the Signal ● protocol specifications? Is user-to-user message exchange via WhatsApp end-to-end encrypted? Probably yes 39

  40. References ● [1] P. R ̈osler, C. Mainka, and J. Schwenk, “More is less: On the end-to-end security of group chats in signal, whatsapp, and threema,” 2018. ● [2] M. Marlinspike, “ There is no WhatsApp ’backdoor’),” 2017, last accessed 22 January 2019. [Online]. Available: https://signal.org/blog/there-is-no-whatsapp-backdoor/ ● [3] M. Vigo, “Compromising online accounts by cracking voicemail systems),” 2018, last accessed 21 January 2019. [Online]. Available: https://www.martinvigo.com/voicemailcracker/ ● [4] K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila, “A formal security analysis of the signal messaging protocol,” in Security and Privacy (EuroS&P), 2017 IEEE European Symposium on. IEEE, 2017, pp. 451–466. ● [5] WhatsApp, “Whatsapp encryption overview,” April 5, 2016, p. 12. 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

That's Billion with a B: Scaling to the next level at WhatsApp Rick Reed WhatsApp Erlang

That's Billion with a B: Scaling to the next level at WhatsApp Rick Reed WhatsApp Erlang

That's Billion with a B: Scaling to the next level at WhatsApp Rick Reed WhatsApp Erlang Factory SF March 7, 2014 1 About Me Joined WhatsApp in 2011 Learned Erlang at WhatsApp Scalability & multimedia Team Small (~10 on Erlang)

649 views • 44 slides
Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: Private-Key Encryption Algorithms

Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: Private-Key Encryption Algorithms

Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: Private-Key Encryption Algorithms Also called single-key or symmetric key algorithms Both parties share the key needed to encrypt and decrypt messages, hence both parties are

916 views • 48 slides
FORWARD PRIVATE SEARCHABLE ENCRYPTION & BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE

FORWARD PRIVATE SEARCHABLE ENCRYPTION & BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE

FORWARD PRIVATE SEARCHABLE ENCRYPTION & BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE Searchable Encryption Outsource data securely keep search functionalities Generic Solutions Fully Homomorphic Encryption, MPC, ORAM

578 views • 37 slides
Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika

Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika

Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika Brakerski Vinod Vaikuntanathan (Weizmann) (University of Toronto) CRYPTO 2011 Outsourcing Computation x Function x f f ( x ) medical records

520 views • 15 slides
on WhatsApp Kiran Garimella , Dean Eckles 1 WhatsApp Peer to peer messaging platform 1.5

on WhatsApp Kiran Garimella , Dean Eckles 1 WhatsApp Peer to peer messaging platform 1.5

Image based Misinformation on WhatsApp Kiran Garimella , Dean Eckles 1 WhatsApp Peer to peer messaging platform 1.5 Billion monthly active users Multimedia heavy roughly 50% is images and video End-to-end encrypted Image

423 views • 19 slides
Lecture 10: Encryption CIS 1.0 Lecture 10, by Yuqing Tang How messages being sent? Packet

Lecture 10: Encryption CIS 1.0 Lecture 10, by Yuqing Tang How messages being sent? Packet

Lecture 10: Encryption CIS 1.0 Lecture 10, by Yuqing Tang How messages being sent? Packet switching via many routers. Routers sitting between source and destination computers can access the content of the packets. To ensure the

434 views • 18 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA)

Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA)

Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA) Project Phase-II Check Fake WhatsApp messages before you forward You may receive many spam emails. Fake WhatsApp forwards in a day while using

390 views • 21 slides
Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get CCA security, we used a MAC Bob would accept only messages from Alice But in PKE, Bob wants to receive messages from Eve as well! But only if it is

336 views • 14 slides
Protection and Security - II Encrypts a block of data at a time (64 bit messages, with 56 bit

Protection and Security - II Encrypts a block of data at a time (64 bit messages, with 56 bit

CSC 4103 - Operating Systems Symmetric Encryption Spring 2007 Same key used to encrypt and decrypt E ( k ) can be derived from D ( k ), and vice versa Lecture - XXI DES is most commonly used symmetric block-encryption algorithm

496 views • 4 slides
How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben Morris Phil Rogaway Till Stegers University of California, Davis University of California, Davis Dept of Mathematics Dept of Computer

1.01k views • 25 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

649 views • 60 slides
USER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC18, London, UK, 23 April 2018 Theodor

USER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC18, London, UK, 23 April 2018 Theodor

USER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC18, London, UK, 23 April 2018 Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Ppper, Markus Drmuth OVERVIEW Instant Messaging New WhatsApp feature introduced October

202 views • 17 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
Conversational Platform for WhatsApp Official Sendbee Reseller The world's most popular

Conversational Platform for WhatsApp Official Sendbee Reseller The world's most popular

Conversational Platform for WhatsApp Official Sendbee Reseller The world's most popular messaging app is now open for YOUR BUSINESS Create a verified business profile on WhatsApp and connect with 2b+ users across the world. WHAT WE DO WE

746 views • 33 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Acknowledgements Ed Lider (USFS Retired) Meeting Water Quality EPA: Don Martin, Leigh

Acknowledgements Ed Lider (USFS Retired) Meeting Water Quality EPA: Don Martin, Leigh

11/16/2011 Acknowledgements Ed Lider (USFS Retired) Meeting Water Quality EPA: Don Martin, Leigh Woodruff, Eric Monschein Goals in North Fork CDA DEQ: Tom Herron, Bob Steed, Tyson Clyne, Kristin Subbasin Streams? Keith, Marti Bridges,

63 views • 4 slides
Staying on Your Feet: Taking Steps to Prevent Falls and Fall-Related Injuries Speakers Notes

Staying on Your Feet: Taking Steps to Prevent Falls and Fall-Related Injuries Speakers Notes

1 Staying on Your Feet: Taking Steps to Prevent Falls and Fall-Related Injuries Speakers Notes ------------------------------------------------------------------------------------------------------------------------------------------ Staying on

310 views • 17 slides
Hand Hygiene: Train the Trainer National Hand Hygiene Training Programme for Healthcare Workers

Hand Hygiene: Train the Trainer National Hand Hygiene Training Programme for Healthcare Workers

Hand Hygiene: Train the Trainer National Hand Hygiene Training Programme for Healthcare Workers in Community and Primary Care HCAI AMR Clinical Programme 2017 Who can become a trainer? The trainer will be considered to be more effective it

804 views • 76 slides
TOWN HALL TOWN HALL Eden E n E. Freema man City Manager ABOUT WINCHESTER Population

TOWN HALL TOWN HALL Eden E n E. Freema man City Manager ABOUT WINCHESTER Population

TOWN HALL TOWN HALL Eden E n E. Freema man City Manager ABOUT WINCHESTER Population 27,932 (2017) Size 9.3 square miles Council/Manager form of government Budget $251M (FY19 Adopted) General Fund - $93,654,000

829 views • 52 slides
Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web applications work What does the tooling landscape look like How does automated security testing fail What can we do Image courtesy of

583 views • 56 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Who am I? Penetration Tester @ The Royal Bank of Scotland BeEF developer: Tunneling Proxy,

Who am I? Penetration Tester @ The Royal Bank of Scotland BeEF developer: Tunneling Proxy,

Ground BeEF : Cutting, devouring and digesting the legs off a browser Michele antisnatchor Orru 6 September 2011 Who am I? Penetration Tester @ The Royal Bank of Scotland BeEF developer: Tunneling Proxy, XssRays integration,

497 views • 32 slides
Fourth Q Quarter and Fiscal Year 2 2019 E Earnings March 5, 2020 Cautionary Notes This

Fourth Q Quarter and Fiscal Year 2 2019 E Earnings March 5, 2020 Cautionary Notes This

Fourth Q Quarter and Fiscal Year 2 2019 E Earnings March 5, 2020 Cautionary Notes This presentation contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. All statements other than

312 views • 27 slides

More recommend