DOCSLIB.ORG

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Böck

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Böck https://hboeck.de 1 INTRODUCTION Hanno Böck, freelance journalist and hacker. Writing for Golem.de and others. Fuzzing Project, funded by Linux Foundation's Core Infrastructure Initiative. Author of monthly Bulletproof TLS Newsletter. 2 1982 Richard Feynman presents idea of a quantum computer CC by-sa 3.0, Tamiko Thiel, Wikimedia Commons 3 1994 Peter Shor shows quantum computers could break public key cryptography CC sa 1.0, Peter Shor, Wikimedia Commons 4 QUANTUM COMPUTERS Well understood theory, but hard to engineer. Some researchers give timeframes of 10-15 years for scalable quantum computers. 5 POST-QUANTUM CRYPTOGRAPHY Algorithms that we believe to be resistant to quantum attacks. Development still in early stages. 6 SYMMETRIC POST-QUANTUM CRYPTOGRAPHY Hash functions (SHA-2, SHA-3) and symmetric encryption (AES) are the easy part. Just use larger keys (256 bit is fine). 7 PUBLIC KEY CRYPTOGRAPHY Encryption with separate public and private key Signatures Key exchanges 8 UNDERLYING PROBLEMS OF PUBLIC KEY CRYPTOGRAPHY Factoring-based (RSA) Discrete-logarithm-based (Diffie Hellman, DSA, ElGamal) Elliptic-curve-based (ECDSA, ECDH, X25519, Ed25519) Quantum computers break all three. 9 CRYPTO IS BROKEN Almost every crypto soware and protocol today uses these algorithms. TLS/SSL, SSH, OpenPGP/GnuPG, Signal, Whatsapp, OTR, OMEMO, ... Quantum computers break practically everything using crypto. 10 CANDIDATES FOR POST-QUANTUM CRYPTOGRAPHY Code-based cryptography Lattice-based cryptography Isogeny-based cryptography Hash-based signatures Multivariate cryptography 11 CONSERVATIVE, SAFE CHOICES EU PQCRYPTO recommendations 12 MCELIECE / MCBITS McEliece: Code-based encryption. Parameters from McBits paper (Bernstein, Chou, Schwabe, 2013). Good: old, well researched Bad: large keys (~1 MB) 13 HASH-BASED SIGNATURES Good: as secure as the hash function XMSS: needs internal state SPHINCS: no state, but large signatures 14 LATTICES Ntru, Ring-Learning-With-Errors, New Hope, Ntru prime, BLISS, Tesla#. Pro: Practical, fast, relatively small keys. Con: Patents, conflicts over security estimates. Most likely candidate for early deployments. 15 SUPERSINGULAR ISOGENIES OF ELLIPTIC CURVES SIDH - Diffie-Hellman-alike key exchange. Pro: Very similar workflow to Diffie Hellman, small keys. Con: Not that fast, very new, needs more research. 16 POST-QUANTUM CRYPTOGRAPHY TODAY We have the choice between very impractical and experimental algorithms. 17 IMPLEMENTATION CONSIDERATIONGS 18 ATTACKS ON OLD CRYPTO Logjam, FREAK, DROWN, SWEET32 19 DEPRECATION IS HARD It oen takes decades to deprecate old crypto. Windows-XP- compatibility is still a concern for some. If quantum computers come in 10-15 years then the transition will be rough. 20 IT'S NOT JUST THE ALGORITHMS Secure algorithms can be used in insecure ways. October 2016: Three research papers on potential backdoors and security issues with Diffie Hellman. If we don't even know how to use the oldest public key algorithm safely, how should we know how to use entirely new algorithms? 21 STORE NOW, DECRYPT LATER Attackers could store large amounts of encrypted communication today and decrypt it once a quantum computer is available. Strong argument for fast deployment. 22 HYBRID MODES No confidence in practical postquantum schemes. Combine experimental postquantum algorithm with well researched prequantum algorithm. Example: X25519 (elliptic curve) and New Hope (lattice- based) key exchange. 23 CECPQ1 Google deployed New Hope / X25519 hybrid in Chrome/BoringSSL and on some servers. 24 REBELALLIANCE Hybrid New Hope / X25519 key exchange for tor. 25 QUANTUM MYTHBUSTING 26 WHEN WILL I HAVE A QUANTUM COMPUTER ON MY DESK? Maybe never. 27 QUANTUM ALGORITHMS Quantum computers don't magically make everything faster, they're faster for very specific problems (factoring, physical simulations). Even if possible: It's not clear if there's a need for home quantum computers. Possible scenario: Quantum computers are run by universities and companies, one can rent computing time. 28 D-WAVE The D-Wave quantum computer can't run Shor's algorithm. It's not clear if D-Wave quantum computers can do anything useful. But they are almost certainly irrelevant for cryptography. 29 QUANTUM CRYPTOGRAPHY Image public domain, Wikimedia Commons 30 CLARIFICATION OF VOCABULARY Quantum computing: Using quantum effects to solve mathematical problems that can't efficiently be solved on normal computers. Post-Quantum cryptography: Cryptography that resists attacks with quantum computers. Quantum cryptography / quantum key distribution: Using physical channels to exchange cryptographic keys. 31 QUANTUM CRYPTOGRAPHY / QKD Idea: cryptography that is secure based on the laws of physics. Send single particles with polarized encoding, exchange polarization filter configuration. This has major drawbacks and solves nothing. 32 HUGE HYPE Latest trend: Talk about Quantum Internet. 33 LIMITATIONS Very likely limited distances (tens or hundreds of kilometers). Or maybe this is good? 34 But they can only function over distances up to 300 km [...] Instead, repeaters based on trusted nodes or fully quantum devices, possibly involving satellites, are needed to reach global distances. The advantage of trusted-node schemes is that they provide access for lawful intercept, as required by many nation states Source: EU Quantum Manifesto 35 TRUSTED INTERMEDIATES? 36 QUANTUM INTERNET? Let's say I want to send an encrypted message from Berlin to Sydney. Trusted intermediates in Poland, Ukraine, Russia, Kazakhstan, China, India, Burma, Thailand, Malaysia, Indonesia, Australia. 37 NOT WIRELESS QKD needs a physical connection between endpoints. No Wifi No mobile Internet 38 QUANTUM HACKING Quantum cryptography provides perfect security. However regularly commercial QKD devices get broken. How's that even possible? 39 QKD: SECURE IN THEORY The big argument for QKD: It's perfectly secure - based on the laws of physics! However that's only true for an idealized version of QKD, not for any real system. 40 PROBLEMS OF HARDWARE-BASED SECURITY If you have a bug in your encryption soware you can install an update (hopefully). If you have a bug in your encryption hardware you need to buy new hardware. 41 QKD NEEDS AUTHENTICATION All QKD systems need an authenticated channel. QKD depends on the cryptography its proponents claim it should replace. This limitation is rarely mentioned, but it's significant. It means QKD can't solve the problems created by quantum computers. 42 "It is a well-established fact that all QKE protocols require that the parties have access to an authentic channel. Without this authenticated link, QKE is vulnerable to man-in-the-middle attacks. Overlooking this fact results in exaggerated claims and/or false expectations about the potential impact of QKE." (Paterson, Piper, Schack, 2004) 43 QUANTUM CRYPTOGRAPHY Extremely overhyped with outragerous claims ("Quantum Internet"). Entirely unclear which problems it should solve. Definitely not a solution for the problems created by quantum computers. That solution is Post-Quantum cryptography. 44 CONCLUSIONS Quantum computers may come pretty soon (or not at all). We need to be prepared. Post-Quantum cryptography is still in its early stages. We're already too late. Be wary of overhyped claims about quantum cryptography, which likely won't solve anything 45 MORE INFO pqcrypto.org pqcrypto.eu.org - EU PQCRYPTO research project csrc.nist.gov/groups/ST/post-quantum-crypto/ - NIST standardization effort Questions? 46.
Recommended publications
  • A History of End-To-End Encryption and the Death of PGP

    A History of End-To-End Encryption and the Death of PGP

    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
  • Is Bob Sending Mixed Signals?

    Is Bob Sending Mixed Signals?

    Is Bob Sending Mixed Signals? Michael Schliep Ian Kariniemi Nicholas Hopper University of Minnesota University of Minnesota University of Minnesota [email protected] [email protected] [email protected] ABSTRACT Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that imple- ment end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world ad- versaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model. 1 INTRODUCTION (a) Alice’s view of the conversa-(b) Bob’s view of the conversa- Recently many software developers and companies have been inte- tion. tion. grating end-to-end encrypted messaging protocols into their chat applications. Some applications implement a proprietary protocol, Figure 1: Speaker inconsistency in a conversation. such as Apple iMessage [1]; others, such as Cryptocat [7], imple- ment XMPP OMEMO [17]; but most implement the Signal protocol or a protocol based on Signal, including Open Whisper Systems’ caching.
  • Security & Privacy for Mobile Phones

    Security & Privacy for Mobile Phones

    Security & Privacy FOR Mobile Phones Carybé, Lucas Helfstein July 4, 2017 Instituto DE Matemática E Estatística - USP What IS security? • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; 1 • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; 1 • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; 1 Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. 1 Security IS ... A System! Eve | | | Alice "Hi" <---------------> "Hi" Bob 2 Security IS ... Cryptography! Eve | | | Alice "Hi" <----"*****"------> "Hi" Bob 3 Security IS ... Impossible! The ONLY TRULY SECURE SYSTEM IS ONE THAT IS POWERED off, CAST IN A BLOCK OF CONCRETE AND SEALED IN A lead-lined ROOM WITH ARMED GUARDS - AND EVEN THEN I HAVE MY doubts.
  • Modern End-To-End Encrypted Messaging for the Desktop

    Modern End-To-End Encrypted Messaging for the Desktop

    Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Modern End-to-End Encrypted Messaging for the Desktop DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering and Internet Computing eingereicht von Richard Bayerle Matrikelnummer 1025259 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Mitwirkung: Dr. Martin Schmiedecker Wien, 2. Oktober 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Modern End-to-End Encrypted Messaging for the Desktop DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering and Internet Computing by Richard Bayerle Registration Number 1025259 to the Faculty of Informatics at the TU Wien Advisor: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Assistance: Dr. Martin Schmiedecker Vienna, 2nd October, 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Richard Bayerle Seestraße 67 78315 Radolfzell am Bodensee Deutschland Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwen- deten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.
  • XEP-0384: OMEMO Encryption

    XEP-0384: OMEMO Encryption

    XEP-0384: OMEMO Encryption Andreas Straub Daniel Gultsch Tim Henkes mailto:andy@strb:org mailto:daniel@gultsch:de mailto:me@syndace:dev xmpp:andy@strb:org xmpp:daniel@gultsch:de Klaus Herberth Paul Schaub Marvin Wißfeld xmpp:klaus@jsxc:org mailto:vanitasvitae@riseup:net mailto:xmpp@larma:de xmpp:vanitasvitae@jabberhead:tk xmpp:jabber@larma:de 2021-09-28 Version 0.8.0 Status Type Short Name Experimental Standards Track OMEMO This specification defines a protocol for end-to-end encryption in one-to-one chats, as well as group chats where each participant may have multiple clients per account. Legal Copyright This XMPP Extension Protocol is copyright © 1999 – 2020 by the XMPP Standards Foundation (XSF). Permissions Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the ”Specification”), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specifi- cation, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or sub- stantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or pub- lisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
  • Volume 160 May, 2020

    Volume 160 May, 2020

    Volume 160 May, 2020 Short Topix: Zoombombing Is A Crime, Not A Prank GIMP Tutorial: Photo Editing, Part 3 PCLinuxOS Magazine Friends & Family - jzakiya Champions Of Regnum On PCLinuxOS EBCDIC Handling Library, Part 2 PCLinuxOS Recipe Corner: Lemon Pepper Chicken ms_meme's Nook: The Linux Bounce Wallpaper Roundup, Revisited Finally! ShotCut Running On PCLinuxOS And more inside! PCLinuxOS Magazine Page 1 In This Issue... 3 From The Chief Editor's Desk... 5 Staying "Safe" While You Stream: DBD's Tips On Living DRM-Free During Quarantine The PCLinuxOS name, logo and colors are the trademark of 6 Screenshot Showcase Texstar. 7 PCLinuxOS Recipe Corner: Lemon Pepper Chicken The PCLinuxOS Magazine is a monthly online publication containing PCLinuxOS-related materials. It is published 8 Wallpaper Roundup, Revisited primarily for members of the PCLinuxOS community. The magazine staff is comprised of volunteers from the 13 Screenshot Showcase PCLinuxOS community. 14 ms_meme's Nook: I Want It That Way Visit us online at http://www.pclosmag.com 15 Short Topix: Zoombombing Is A Crime, Not A Prank This release was made possible by the following volunteers: 19 Screenshot Showcase Chief Editor: Paul Arnote (parnote) 20 GIMP Tutorial: Photo Editing, Part 3 Assistant Editor: Meemaw Artwork: Sproggy, Timeth, ms_meme, Meemaw 22 Better than Zoom: Magazine Layout: Paul Arnote, Meemaw, ms_meme HTML Layout: YouCanToo Try These Free Software Tools For Staying In Touch Staff: 25 PCLinuxOS Family Member Spotlight: jzakiya ms_meme CgBoy Meemaw YouCanToo 26 Screenshot Showcase Gary L. Ratliff, Sr. Pete Kelly Daniel Meiß-Wilhelm phorneker 27 Champions Of Regnum On PCLinuxOS daiashi Khadis Thok 32 Screenshot Showcase Alessandro Ebersol Smileeb 33 EBCDIC Handling Library, Part 2 Contributors: 44 PCLinuxOS Bonus Recipe Corner: jzakiya Mashed Potato Mac & Cheese Bake 45 Screenshot Showcase The PCLinuxOS Magazine is released under the Creative 46 Finally! ShotCut Running On PCLinuxOS! Commons Attribution-NonCommercial-Share-Alike 3.0 Unported license.
  • Nutzung Von Openpgp Auf Android

    Nutzung Von Openpgp Auf Android

    Nutzung von OpenPGP auf Android Eine Anforderungsanalyse und Studie vorhandener OpenPGP- Implementierungen Autoren Vincent Breitmoser OpenKeychain Dominik Schürmann Institut für Betriebssysteme und Rechnerverbund, TU Braunschweig OpenKeychain Unter Mitwirkung von: Bernhard Reiter Emanuel Schütze Intevation GmbH Neuer Graben 17 49074 Osnabrück https://intevation.de Werner Koch g10 code GmbH Hüttenstr. 61 40699 Erkrath https://g10code.com Dieses Werk ist unter der Lizenz „Creative Commons Namensnennung-Weitergabe unter gleichen Bedingungen Deutschland“ in Version 3.0 (abgekürzt „CC-by-sa 3.0/de“) veröffentlicht. Den rechtsverbindlichen Lizenzvertrag finden Sie unter http://creativecommons.org/licenses/by-sa/3.0/de/legalcode. Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Tel.: +49 22899 9582-0 E-Mail: [email protected] Internet: https://www.bsi.bund.de © Bundesamt für Sicherheit in der Informationstechnik 2016 Änderungshistorie Version Datum Name Beschreibung 1.0 11.5.2016 siehe Autoren Initiale Version für die Veröffentlichung Inhaltsverzeichnis Inhaltsverzeichnis 1 Einleitung............................................................................................................................................................................................... 7 1.1 Ausgangssituation..........................................................................................................7 1.2 Ziel der Studie................................................................................................................7
  • Multi-Device Secure Instant Messaging

    Multi-Device Secure Instant Messaging

    SoK: Multi-Device Secure Instant Messaging Antonio Dimeo, Felix Gohla, Daniel Goßen, Niko Lockenvitz {antonio.dimeo, felix.gohla, daniel.gossen, niko.lockenvitz}@student.hpi.de Hasso Plattner Institute, University of Potsdam April 17, 2021 Abstract The secure multi-device instant messaging ecosystem is diverse, varied, and under- represented in academia. We create a systematization of knowledge which focuses on the challenges of multi-device messaging in a secure context and give an overview of the current situation in the multi-device setting. For that, we analyze messenger documentation, white papers, and research that deals with multi-device messaging. This includes a detailed description of different patterns for data transfer between devices as well as device management, i.e. how clients are cryptographically linked or unlinked to or from an account and how the initial setup can be implemented. We then evaluate different instant messengers with regard to relevant criteria, e.g. whether they achieve specific security, usability, and privacy goals. In the end, we outline interesting areas for future research. Contents 1 Introduction3 1.1 Group Messaging vs. Multi-Device Messaging............... 4 1.2 Methodology.................................. 4 2 Multi-Device Messaging7 2.1 Context...................................... 7 2.2 Transferring Data Between Different Devices of One User........ 7 2.2.1 Storing Data on a Server........................ 8 2.2.2 Using Messages to Exchange Data.................. 9 2.3 Transferring Data to a Different User..................... 11 2.3.1 Without End-to-end Encryption................... 11 2.3.2 End-to-end Encryption With Shared Group Key.......... 13 2.3.3 End-to-end Encryption Per Recipient...............
  • (In-)Secure Messaging with Scimp

    (In-)Secure Messaging with Scimp

    (In-)secure messaging with SCimp Sebastian R. Verschoor and Tanja Lange (with many slides and pictures by Sebastian) University of Waterloo / Eindhoven University of Technology CryptoAction Symposium 2017 28 March 2017 https://eprint.iacr.org/2016/703 Sebastian R. Verschoor and Tanja Lange (In-)secure messaging with SCimp 1 Secure Messaging protocols EFF ad in Wired magazine (source) Sebastian R. Verschoor and Tanja Lange (In-)secure messaging with SCimp 2 History of online secure messaging (1/2) I 1991: Phil Zimmermann creates PGP I 2004: Nikita Borisov, Ian Goldberg and Eric Brewer create OTR I Secure, but requires synchronous environment I 2011: Gary Belvin introduces SecureSMS (master's thesis) I 2012: SCimp (Silent Circle instant messaging protocol) I By Vinnie Moscaritolo, Gary Belvin and Phil Zimmermann I SecureSMS for XMPP I Even copies variable names and equation numbering from Belvin's thesis (despite creating internal inconsistencies) I February 2014: Open Whisper Systems releases TextSecure v2 I Allows offline initial user message I Later renamed to Signal Sebastian R. Verschoor and Tanja Lange (In-)secure messaging with SCimp 3 History of online secure messaging (2/2) I May 2014: Silent Circle updates to SCimp v2 I Allows offline initial user message I August 2015: Silent Circle releases code for SCimp v2 I Adds more inconsistencies between code and documentation I September 2015: Silent Circle discontinues SCimp, switches to Signal-based protocol I October 2015: Andreas Straub proposes OMEMO I Multi-device Signal for XMPP I Oct-Nov 2016: Trevor Perrin and Moxie Marlinspike release official specification for the Signal protocol I Dec 7th 2016: OMEMO gets standardized by the XMPP Standard Foundation: XEP-0384 (experimental) Sebastian R.
  • Co-Ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin, Ksenia Ermoshina, Francesca Musiani

    Co-Ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin, Ksenia Ermoshina, Francesca Musiani

    Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin, Ksenia Ermoshina, Francesca Musiani To cite this version: Harry Halpin, Ksenia Ermoshina, Francesca Musiani. Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols. SSR 2018 - Security Standardisation Research Conference, Nov 2018, Darmstadt, Germany. hal-01966560 HAL Id: hal-01966560 https://hal.inria.fr/hal-01966560 Submitted on 28 Dec 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin1, Ksenia Ermoshina2, and Francesca Musiani2 1 Inria 2 Rue Simone Iff [email protected] 2 Institute for Communication Sciences, CNRS 20 rue Berbier-du-Mets 75013 Paris, France Abstract. Due to the increased deployment of secure messaging pro- tocols, differences between what developers \believe" are the needs of their users and their actual needs can have real consequences. Based on 90 interviews with both high and low-risk users, as well as the developers of popular secure messaging applications, we mapped the design choices of the protocols made by developers to the relevance of these features to threat models of both high-risk and low-risk users.
  • Security and Privacy of Secure Messaging Services

    Security and Privacy of Secure Messaging Services

    Security and Privacy of Secure Messaging Services A Case Study of Wire DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering & Internet Computing eingereicht von Andreas Boll, BSc Matrikelnummer 0825205 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdoz. Mag.rer.soc.oec. Dipl.-Ing. Dr.techn. Edgar Weippl Mitwirkung: Univ.Lektor Dipl.-Ing. Dr.techn. Georg Merzdovnik, BSc Die approbierte gedruckte Originalversion dieser Diplomarbeit ist an der TU Wien Bibliothek verfügbar. The approved original version of this thesis is available in print at TU Wien Bibliothek. Wien, 3. März 2020 Andreas Boll Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.at Die approbierte gedruckte Originalversion dieser Diplomarbeit ist an der TU Wien Bibliothek verfügbar. The approved original version of this thesis is available in print at TU Wien Bibliothek. Security and Privacy of Secure Messaging Services A Case Study of Wire DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering & Internet Computing by Andreas Boll, BSc Registration Number 0825205 to the Faculty of Informatics at the TU Wien Advisor: Privatdoz. Mag.rer.soc.oec. Dipl.-Ing. Dr.techn. Edgar Weippl Assistance: Univ.Lektor Dipl.-Ing. Dr.techn. Georg Merzdovnik, BSc Die approbierte gedruckte Originalversion dieser Diplomarbeit ist an der TU Wien Bibliothek verfügbar. The approved original version of this thesis is available in print at TU Wien Bibliothek. Vienna, 3rd March, 2020 Andreas Boll Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel.
  • Multi Protocol Instant Messenger Client

    Multi Protocol Instant Messenger Client

    Multi Protocol Instant Messenger Client Pietistical or vested, Allin never refashions any Illyria! Approximal and permanent Gordon unquoting almost perspectively, though Kalvin surmised his deceleration mused. Gibb gloved soberly? Rambox and clients have javascript disabled for multi client pidgin? Automatic cover photo as microphones, features we can be sure that offers to continue creating content has several layers of protocols are the pidgin is. Hotmail or irc, the top of free instant messengers available. Many different messenger, but it aim, i have remained mute about code review and communicate by continuing to keep your buddy who used? All your computer or more than on the encryption to develop the first of the back end encrypted communications tool for teamwork hub where did instant. Manage accounts you use and clients are not on os x, multi client which contains no file. This client with clients had a business text sms messaging client? But protocol instant messenger for multi protocol support community of protocols support requests to run empathy source? Although the option to communicate securely and others or group messaging protocols like the xmpp daemon written in one of instant. Still maintained can not attempt to. Are easily manage accounts on microsoft, multi client connections between clients tested supported protocols, but users the wrath of. These messenger clients, multi platforms to use other messengers available options available as google, if a tricky question and qq, pidgin can set. It allows users can share unlimited messages no tweaking to ask ubuntu and. The protocols and clients ranging from the spam ims. One instant messenger client for multi protocol as view received emails within chat.