Some Slides Adapted from Dr. Raluca Ada Popa at UC Berkeley End to End Encryption

Secure Messaging

Some slides adapted from Dr. Raluca Ada Popa at UC Berkeley End to End Encryption

• Only the two parties communicating can decrypt messages Forward Secrecy

• Key compromise doesn’t compromise past session keys

• Perfect: key only valid for one session. Text Messaging

• Information can be read by third parties

• Information can be mined by third parties

• Your texts can inform the ads you receive in the mail! Email

• Most is unsecured, sent in plaintext across the web.

• 1.2 Billion people use gmail Lavabit

• 2004-2013

• Provided email services to 410,000 people

• US government wanted to install a device that would give them access to all of the customers’ messages

• US government wanted owner to surrender my company's private encryption keys to access the plain-text versions of messages from customers

using Lavabit’s encrypted storage feature (Paraphrasing Ladar)

Apple’s iMessage

• Developed in 2011

• Provides end-to-end encryption Apple iMessage Issues with iMessage

• Trusted third party

• Trusted code base

• Users unable to verify that there’s no MITM attack

• RSA key exchange — no perfect forward secrecy

Signal Messenger

• Previously TextSecure and RedPhone

• First launched in 2010

• Provides end-to-end encryption for text messages and voice calls Signal Protocol

• Phases:

• Registration

• Setup conversation

• Converse Registration

• Authenticate server to client

• Authenticate client to server (to prevent impersonation of a user by another):

• Server sends a token to user’s phone and expects the user to send that token back – checks that user indeed owns that phone

• Provide some public keys to the server Keys used

• Double Ratchet Algorithm

• ratchet: device that moves forward one step at a time

• Difﬁe-Hellman key exchange ratchet

• KDF ratchet

• long-lived keys

• pre-keys (medium lived)

• ephemeral keys (session keys) PGP: Pretty Good Privacy

• First launched in 1991

• Encryption protocol for email wikipedia Web of Trust

• “As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault- tolerant web of conﬁdence for all public keys.” — Phil Zimmerman

Issues with PGP

• Hard to use

• No good user interface Problematic properties of security

• unmotivated user • security is a secondary goal • abstraction • security policies are abstract and not intuitive • lack of feedback • hard for security team to understand the user • barn door • once it’s gone, it’s gone • weakest link • security of system = security of weakest component