DOCSLIB.ORG

Practical Traffic Analysis Attacks on Secure Messaging Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Practical Traffic Analysis Attacks on Secure Messaging Applications Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali∗, Amir Houmansadr∗, Ramin Soltaniy, Dennis Goeckelz, and Don Towsley∗ University of Massachusetts Amherst ∗ abahramali, amir, towsley @cs.umass.edu f [email protected] [email protected] Abstract—Instant Messaging (IM) applications like Telegram, A notable example of oppressed IM services is Tele- Signal, and WhatsApp have become extremely popular in recent gram [83] with over 200 million users globally [61], where years. Unfortunately, such IM services have been targets of a large fraction of its users come from countries with strict continuous governmental surveillance and censorship, as these media regulations like Iran and Russia. In particular, Telegram services are home to public and private communication channels is so popular in Iran that it has been estimated to consume more on socially and politically sensitive topics. To protect their clients, than 60 percent of Iran’s Internet bandwidth [9]. Consequently, popular IM services deploy state-of-the-art encryption mecha- nisms. In this paper, we show that despite the use of advanced Iranian officials have taken various measures to monitor and encryption, popular IM applications leak sensitive information block Telegram: from requesting Telegram to host some of its about their clients to adversaries who merely monitor their servers inside Iran to enable surveillance [85], to requesting encrypted IM traffic, with no need for leveraging any software Telegram to remove controversial political and non-political vulnerabilities of IM applications. Specifically, we devise traffic channels [85]. Eventually, Iran blocked Telegram entirely in analysis attacks that enable an adversary to identify adminis- April 2018 due to Telegram’s non-compliance. Despite this, trators as well as members of target IM channels (e.g., forums) statistics suggest only a small decrease in Telegram’s Iranian with high accuracies. We believe that our study demonstrates a users who connect to it through various kinds of VPNs [43]. significant, real-world threat to the users of such services given Telegram has also been blocked in Russia as Telegram op- the increasing attempts by oppressive governments at cracking erators refrained from handing over their encryption keys to down controversial IM channels. Russian officials for surveillance [73]. Finally, in the light of We demonstrate the practicality of our traffic analysis attacks Telegram’s crucial role in recent Hong Kong protests, there through extensive experiments on real-world IM communications. are unconfirmed reports [22], [75] that mainland Chinese and We show that standard countermeasure techniques such as Hong Kong authorities may have attempted to discover Hong adding cover traffic can degrade the effectiveness of the attacks Kong protesters by misusing a Telegram feature that enabled we introduce in this paper. We hope that our study will encourage them to map phone numbers to Telegram IDs. IM providers to integrate effective traffic obfuscation counter- measures into their software. In the meantime, we have designed A Fundamental Vulnerability: Popular IM applications like and deployed an open-source, publicly available countermeasure system, called IMProxy, that can be used by IM clients with no Telegram, WhatsApp, and Signal deploy encryption (either need for any support from IM providers. We have demonstrated end-to-end or end-to-middle) to secure user communications. the effectiveness of IMProxy through experiments. We refer to such services as secure IM (SIM) applications. In this paper, we demonstrate that despite their use of advanced encryption, popular IM applications leak sensitive information I. INTRODUCTION about their clients’ activities to surveillance parties. Specif- Instant Messaging (IM) applications like Telegram, Signal, ically, we demonstrate that surveillance parties are capable arXiv:2005.00508v1 [cs.CR] 1 May 2020 1 and WhatsApp have become enormously popular in recent of identifying members as well as administrators of target years. Recent studies estimate that over 2 billion people use IM communications (e.g., politically sensitive IM channels) mobile IM applications across the world [42]. IM services with very high accuracies, and by only using low-cost traffic enable users to form private and public social groups and analysis techniques. Note that our attacks are not due to exchange messages of various types, including text messages, security flaws or buggy software implementations such as those images, videos, and audio files. In particular, IM applications discovered previously [32], [49], [74], [94]; while important, are used extensively to exchange politically and socially sen- such security flaws are scarce, and are immediately fixed by sitive content. As a result, governments and corporations in- IM providers once discovered. Instead, our attacks enable creasingly monitor the communications made through popular surveillance by merely watching encrypted IM traffic of IM IM services [1], [2], [73], [85]. users, and assuming that the underlying IM software is entirely secure. The key enabler of our attacks is the fact that major IM operators do not deploy any mechanisms to obfuscate traffic characteristics (e.g., packet timing and sizes), due to Network and Distributed Systems Security (NDSS) Symposium 2020 23-26 February 2020, San Diego, CA, USA the impact of obfuscation on the usability and performance of ISBN 1-891562-61-4 https://dx.doi.org/10.14722/ndss.2020.24347 1An administrator of an IM channel is a member who is privileged to post www.ndss-symposium.org messages to that channel. such services. We therefore argue that our attacks demonstrate neling SIM traffic through VPNs, mixing it with background a fundamental vulnerability in major in-the-wild IM services, traffic, adding cover IM traffic, and delaying IM packets. As and, as we will demonstrate, they work against all major IM expected, our experiments show that such countermeasures services. reduce the effectiveness of the attacks at the cost of additional communication overhead as well as increased latency for SIM We believe that our attacks present significant real-world communications. For instance, we find that tunneling SIM threats to the users of believed-to-be-secure IM services, traffic through VPN and mixing it with background web- specially given escalating attempts by oppressive regimes to browsing traffic reduces the accuracy of our attack from crack down on such services, e.g., the recent attempts [1], [2], 93% to 70%, and adding cover traffic with a 17% overhead [22], [75] to identify and seize the administrators and members drops the accuracy to 62%. We argue that since many SIM of controversial IM communications. users do not deploy such third-party countermeasures due Our Contributions: We design traffic analysis attack algo- to usability reasons, SIM providers should integrate standard rithms for SIM communications; the objective of our attack traffic obfuscation techniques into their software to protect is to identify the admins and/or members of target SIM their users against the introduced traffic analysis attacks. In communications. What enables our attack is that, widely-used the meantime, we have designed and deployed an open-source, SIM services do not employ any mechanisms to obfuscate publicly available countermeasure system, called IMProxy, statistical characteristics of their communications. that can be used by IM clients with no need to any support from IM providers. We have demonstrated the effectiveness of We start by establishing a statistical model for IM traffic IMProxy through experiments. characteristics. Such a model is essential in our search for effective traffic analysis attacks on SIM services. To model IM In summary, we make the following contributions: communications, we join over 1,000 public Telegram channels We introduce traffic analysis attacks that reliably identify and record their communications, based on which we derive • users involved in sensitive communications through se- a statistical model for IM traffic features. We use our SIM cure IM services. To launch our attacks, the adversary model to derive theoretical bounds on the effectiveness of our does not need cooperate with IM providers, nor does traffic analysis algorithms; we also use our statistical model he need to leverage any security flaws of the target IM to generate arbitrary numbers of synthetic SIM channels to services. enhance the confidence of our empirical evaluations. We establish a statistical model for regular IM commu- Based on our statistical model for IM communications, we • nications by analyzing IM traffic from a large number of use hypothesis testing [68] to systematically design effective real-world IM channels. traffic analysis attack algorithms. Specifically, we design two We perform extensive experiments on the popular IM ser- traffic analysis attack algorithms; our first algorithm, which we • vices of Telegram, WhatsApp, and Signal to demonstrate call the event-based correlator, relies on the statistical model the in-the-wild effectiveness of our attacks. that we derive for SIM communications to offer an optimal We study potential countermeasures against our attacks. matching of users to channels. Our second algorithm, which • In particular, we design and deploy IMProxy, which is an we call the shape-based algorithm, correlates the shapes of open-source, publicly available countermeasure system. SIM traffic flows in order to match users to target
Load more

Recommended publications
  • Security & Privacy for Mobile Phones
    Security & Privacy FOR Mobile Phones Carybé, Lucas Helfstein July 4, 2017 Instituto DE Matemática E Estatística - USP What IS security? • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; 1 • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; 1 • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; 1 Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. 1 Security IS ... A System! Eve | | | Alice "Hi" <---------------> "Hi" Bob 2 Security IS ... Cryptography! Eve | | | Alice "Hi" <----"*****"------> "Hi" Bob 3 Security IS ... Impossible! The ONLY TRULY SECURE SYSTEM IS ONE THAT IS POWERED off, CAST IN A BLOCK OF CONCRETE AND SEALED IN A lead-lined ROOM WITH ARMED GUARDS - AND EVEN THEN I HAVE MY doubts.
    [Show full text]
  • Messaging Apps & Communication Platforms Comparative Analysis
    www.dka.global Messaging Apps & Communication Platforms Comparative Analysis February 2021 Table of Contents User concerns regarding privacy in messaging apps have spiked in recent years. Incidents of data breaches have alarmed many customers and forced them to reconsider their standard attitudes Introduction 3 towards messaging apps and the security of their personal information. Some situations and events have steadily Methodology of the Assessment 4 deteriorated public trust, resulting in many users wondering whether they have lost control over their own data. Messaging Apps: Score by Features 5 Users of messaging apps and platforms report concerns about Messaging Apps: Score by Security 7 businesses, advertisers and governments accessing and using their data. These growing privacy concerns have prompted Total Score 9 advocacy for tighter regulations. In addition, they have placed companies responsible for safeguarding personal data under greater scrutiny. Trade-offs between Features and Security 11 At the same time, developments in Information Technologies are Operating System, Hardware and Other Issues 13 bringing new, more sophisticated solutions for messaging and corporate communication. Corporate Communication Platforms 14 Deep Knowledge Analytics conducted its own independent analysis to identify and benchmark the most secure and Conclusions 16 convenient messaging apps.In this case study we are assessing convenience, security and accessibility of 18 popular messaging Disclaimer 17 apps. The study also features a short analysis of corporate communication platforms. Deep Knowledge Analytics 2 Introduction Messaging apps are essential for our daily activities, including business communication, personal communication, and other domains. For some specific spheres, such as journalism and protest activities, secure messaging is a central concern, of the utmost importance.
    [Show full text]
  • A Case Study Analysis: How Sweet Briar College Prevailed Over Institutional Closure
    A CASE STUDY ANALYSIS: HOW SWEET BRIAR COLLEGE PREVAILED OVER INSTITUTIONAL CLOSURE by Amanda Ray Ennis A Thesis Submitted to the Graduate Faculty of George Mason University in Partial Fulfillment of The Requirements for the Degree of Master of Arts Interdisciplinary Studies Committee: __________________________________________ Director __________________________________________ __________________________________________ __________________________________________ Program Director __________________________________________ Dean, College of Humanities and Social Sciences Date: ____________________________________ Spring Semester 2018 George Mason University Fairfax, VA Running Head: How Sweet Briar College Prevailed Over Institutional Closure A Case Study Analysis: How Sweet Briar College Prevailed Over Institutional Closure A thesis submitted in partial fulfillment of the requirements for the degree of Master of Arts in Interdisciplinary Studies at George Mason University by Amanda Ray Ennis Bachelor of Science George Mason University, 2012 Director: Jan Arminio, Professor Department of Higher Education Spring Semester 2018 George Mason University Fairfax, VA DEDICATION This thesis is dedicated to Sweet Briar College’s Pink and Green Army: the students, staff, faculty and fierce alumnae who fought and successfully saved their school – you are a true testament that anything can be accomplished through passion and perseverance; and to the strong and powerful women around the world who create change, demand equality, and never give up in fighting for what they believe in. ii ACKNOWLEDGEMENTS I would like to thank my husband, John, for his encouragement, understanding and willingness to overlook my stress clutter. To my Mom, for always answering my late night calls and more importantly for instilling in me the significance and value of being an educated women. To my Dad, for helping me find humor in any situation.
    [Show full text]
  • Co-Ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin, Ksenia Ermoshina, Francesca Musiani
    Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin, Ksenia Ermoshina, Francesca Musiani To cite this version: Harry Halpin, Ksenia Ermoshina, Francesca Musiani. Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols. SSR 2018 - Security Standardisation Research Conference, Nov 2018, Darmstadt, Germany. hal-01966560 HAL Id: hal-01966560 https://hal.inria.fr/hal-01966560 Submitted on 28 Dec 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols Harry Halpin1, Ksenia Ermoshina2, and Francesca Musiani2 1 Inria 2 Rue Simone Iff [email protected] 2 Institute for Communication Sciences, CNRS 20 rue Berbier-du-Mets 75013 Paris, France Abstract. Due to the increased deployment of secure messaging pro- tocols, differences between what developers \believe" are the needs of their users and their actual needs can have real consequences. Based on 90 interviews with both high and low-risk users, as well as the developers of popular secure messaging applications, we mapped the design choices of the protocols made by developers to the relevance of these features to threat models of both high-risk and low-risk users.
    [Show full text]
  • View 2018-2019 Academic Catalog.Pdf
    Briar Cliff University Catalog Undergraduate & Graduate Studies 2018-2019 The university insignia, work of the Briar Cliff Department of Art, sums up the goals of Briar Cliff. The cross proclaims that we are a Catholic university, dedicated to the love that gave all. The most important part of the Briar Cliff philosophy is reverence and concern for each person. This emphasis on the dignity of the individual fosters a friendly, democratic spirit that rejects class lines and racial barriers. The wavy lines indicate the location of the university in Siouxland, with the Missouri River as the western boundary. In the impressionistic eagle, the sign of the Sioux tribes who were a part of this area, we see strength and reaching for the heights. Mater Gratiae, Mother of Grace, proclaims Mary, mother of the Savior, as patroness of Briar Cliff under her title of Lady of Grace. Caritas, love, is the Franciscan call to the two great commands: love God with all your power; love your neighbor as yourself. The star speaks of striving upward for knowledge and wisdom. Briar Cliff University Catalog 1 Correspondence Directory Street Address: Briar Cliff University 3303 Rebecca Street Sioux City, Iowa 51104 Telephone: 712-279-5321 or 1-800-662-3303 Prospective Students: Office of Admissions 712-279-5200 Financial Aid: Director of Financial Aid 712-279-5239 University Relations: Toll-free: 866-5-BC-ALUM (866-522-2586) Transcripts and Class Schedules: Registrar 712-279-5447 Athletic Program: Director of Athletics 712-279-1707 Every effort is made to ensure the accuracy of information in this catalog, but Briar Cliff University reserves the authority to make changes without prior notice.
    [Show full text]
  • Instant Messaging
    Click to edit Master title style •InstantClick to Messaging edit Master Security text styles and Privacy • Second level Chat and• Third more level while safeguarding your privacy • Fourth level • Fifth level Klaus Möller WP8-T1 Webinar, 24th of September 2020 Public www.geant.org 1 | www.geant.org 24/09/20 1 Instant Messaging (IM) Introduction • Other names: Mobile Messaging or simply Online Chat • Originally: Sending (small) text messages to other users – First: on the same computer, later: world wide – User (person) had to be online to receive message ● Some systems allow delivery from server later ● Or use Chat-Bots (workaround in the beginning) • Not limited to text anymore – Photos, Sounds, Video – File transfer between users • Additional feature of Voice-/Videoconferencing systems 2 | www.geant.org Google Talk (discontinued) Tlen.pl (discontinued) WhatsApp Kik Customized Cryptocat (uses modified prosody) Google Hangouts Instant Messaging Protocols Snapchat (?) nk.pl LiveJournal Talk Gizmo5 WP Spik (discontinued) Tipic IM XMPP ● Wide variety, some notable mentions IBM Lotus Sametime Bitmessage Customized ProtonMail ● AIM Gmail ICQ Gateway Email Outlook HTTP(s) OSCAR (discontinued) Bonjour Apple mail MobileMe Yahoo! mail – As part of WebRTC or REST APIs SIMPLE Yandex.mail Skype for Business HipChat Ring AQQ SIP – MSRP Google Wave Federation Protocol (discontinued) Discord, … Libon Jingle FaceTime IRC DCC Gadu-Gadu Facebook Messenger ● SIP (Telephony) MSNP14 (discontinued) YMSG (Yahoo! Messenger) IM MQTT LINE Steam Friends protocols
    [Show full text]
  • 990-Pf, Part Iv John S
    Return of Private Foundation OMB No. 1545-0052 Form 990-PF or Section 4947(a)(1) Trust Treated as Private Foundation Department of the Treasury | Do not enter social security numbers on this form as it may be made public. 2014 Internal Revenue Service | Information about Form 990-PF and its separate instructions is at www.irs.gov/form990pf. Open to Public Inspection For calendar year 2014 or tax year beginning , and ending Name of foundation A Employer identification number JOHN S. AND JAMES L. KNIGHT FOUNDATION 65-0464177 Number and street (or P.O. box number if mail is not delivered to street address) Room/suite B Telephone number 200 SOUTH BISCAYNE BLVD, #3300 305-908-2600 City or town, state or province, country, and ZIP or foreign postal code C If exemption application is pending, check here~| MIAMI, FL 33131-2349 G Check all that apply: Initial return Initial return of a former public charity D 1. Foreign organizations, check here ~~| Final return Amended return 2. Foreign organizations meeting the 85% test, Address change Name change check here and attach computation ~~~~| H Check type of organization: X Section 501(c)(3) exempt private foundation E If private foundation status was terminated Section 4947(a)(1) nonexempt charitable trust Other taxable private foundation under section 507(b)(1)(A), check here ~| I Fair market value of all assets at end of year J Accounting method: Cash X Accrual F If the foundation is in a 60-month termination (from Part II, col. (c), line 16) Other (specify) under section 507(b)(1)(B), check here ~| | $ 2,285,572,378.
    [Show full text]
  • OSINT Handbook September 2020
    OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 Aleksandra Bielska Noa Rebecca Kurz, Yves Baumgartner, Vytenis Benetis 2 Foreword I am delighted to share with you the 2020 edition of the OSINT Tools and Resources Handbook. Once again, the Handbook has been revised and updated to reflect the evolution of this discipline, and the many strategic, operational and technical challenges OSINT practitioners have to grapple with. Given the speed of change on the web, some might question the wisdom of pulling together such a resource. What’s wrong with the Top 10 tools, or the Top 100? There are only so many resources one can bookmark after all. Such arguments are not without merit. My fear, however, is that they are also shortsighted. I offer four reasons why. To begin, a shortlist betrays the widening spectrum of OSINT practice. Whereas OSINT was once the preserve of analysts working in national security, it now embraces a growing class of professionals in fields as diverse as journalism, cybersecurity, investment research, crisis management and human rights. A limited toolkit can never satisfy all of these constituencies. Second, a good OSINT practitioner is someone who is comfortable working with different tools, sources and collection strategies. The temptation toward narrow specialisation in OSINT is one that has to be resisted. Why? Because no research task is ever as tidy as the customer’s requirements are likely to suggest. Third, is the inevitable realisation that good tool awareness is equivalent to good source awareness. Indeed, the right tool can determine whether you harvest the right information.
    [Show full text]
  • On the Feasibility of Short-Lived Dynamic Onion Services
    2021 IEEE Symposium on Security and Privacy Workshops On the feasibility of short-lived dynamic onion services Tobias Holler,¨ Thomas Raab, Michael Roland, and Rene´ Mayrhofer Johannes Kepler University Linz Institute of Networks and Security Email: ftobias.hoeller, thomas.raab, michael.roland, [email protected] Abstract—Tor onion services utilize the Tor network to enable like Tor Messenger [2] or Ricochet [3] tried to establish incoming connections on a device without disclosing its network instant messaging with metadata-protection but did not manage location. Decentralized systems with extended privacy require- to capture significant public attention. Other projects like ments like metadata-avoiding messengers typically rely on onion services. However, a long-lived onion service address can itself be Briar [4] or cwtch [5] which follow the same approach are abused as identifying metadata. Replacing static onion services still actively developed. A renewed effort made by government with dynamic short-lived onion services may be a way to avoid officials to force organizations to grant law enforcement access such metadata leakage. This work evaluates the feasibility of to end-to-end encrypted information [6] has strengthened the short-lived dynamically generated onion services in decentralized argument for decentralized communication, because there is systems. We show, based on a detailed timing analysis of the onion service deployment process, that dynamic onion services no operator of a central server, who could be forced by law are already feasible for peer-to-peer communication in certain to compromise the confidentiality and privacy of all clients. scenarios. Especially users with increased privacy requirements against public entities like journalists, activists, or whistleblowers have I.
    [Show full text]
  • Dark Corners of the Internet a Survey of Tor Research [Archive.Org]
    The Hitchhiker’s Guide to Online Anonymity (Or “How I learned to start worrying and love privacy anonymity”) Version 1.0.4, September 2021 by AnonymousPlanet. This guide is still a work in progress. While I am working constantly to correct issues, improve the content, general structure, and readability, it will probably never be “finished”. Some parts might lack information or contain inaccuracies. Your experience may vary. Remember to check regularly for an updated version of this guide. This guide is a non-profit open-source initiative, licensed under Creative Commons Attribution-NonCommercial 4.0 International (cc-by-nc-4.0 [Archive.org]). See the license at the end of the document. • For mirrors see Appendix A6: Mirrors • For help in comparing versions see Appendix A7: Comparing versions Feel free to submit issues using GitHub Issues at: https://github.com/AnonymousPlanet/thgtoa/issues Feel free to come to discuss ideas at: • GitHub Discussions: https://github.com/AnonymousPlanet/thgtoa/discussions • Matrix/Element: ```#anonymity:matrix.org``` https://matrix.to/#/#anonymity:matrix.org Follow me on: • Twitter at https://twitter.com/AnonyPla [Nitter] (cannot guarantee this account will stay up for long tho) • Mastodon at https://mastodon.social/@anonypla. To contact me, see the updated information on the website or send an e-mail to [email protected] Please consider donating if you enjoy the project and want to support the hosting fees (for the Tor hosting and the Tor Exit node). There are several ways you could read this guide: • You want to understand the current state of online privacy and anonymity not necessarily get too technical about it: Just read the Introduction, Requirements, Understanding some basics of how some information can lead back to you and how to mitigate those, and A final editorial note sections.
    [Show full text]
  • Metadata Reduction for the Signal Protocol
    Humboldt-Universität zu Berlin Mathematisch-Naturwissenschaftliche Fakultät Institut für Informatik Metadata Reduction for the Signal Protocol Masterarbeit zur Erlangung des akademischen Grades Master of Science (M. Sc.) eingereicht von: Fabian Kaczmarczyck geboren am: 6.2.1992 geboren in: Berlin Gutachter/innen: Prof. Dr. Jens-Peter Redlich Prof. Dr. Björn Scheuermann eingereicht am: verteidigt am: The messenger Signal encrypts conversations, but the protocol leaks the social graph. This thesis proposes two modifications to hide all links between users. The first is a solution to the open problem of contact discovery. The current implementation needs its clients to upload their address books to a central server to determine who can privately talk with each other and users need to trust the server not to store this information. The second part hides the communication partners of conversations, using a pseudonymous authentication. No further user interaction is required by any of the new methods to maintain usability. 3 4 Contents 1 Introduction6 1.1 Motivation . .6 1.2 Contribution . .6 2 Background & Related Work8 2.1 Signal Protocol . .8 2.2 Private Information Retrieval . .8 2.3 Software Guard Extensions . .9 2.4 Anonymization Networks . .9 3 Design Goals 10 3.1 Goals . 10 3.2 Threat Model . 10 4 Contact Discovery 11 4.1 Blind Signatures . 11 4.2 Authentication . 11 4.3 IP Obfuscation . 13 4.4 Timing . 13 4.4.1 Discovery & Prekey Requests . 14 4.4.2 Registration . 15 4.4.3 Stamp Generation . 15 4.5 Bloom Filter . 16 5 Message Delivery 18 5.1 Statistical Attack . 19 5.2 Pseudonymous Authentication .
    [Show full text]
  • Standardising by Running Code'': the Signal Protocol and De Facto
    “Standardising by running code”: the Signal protocol and de facto standardisation in end-to-end encrypted messaging Ksenia Ermoshina, Francesca Musiani To cite this version: Ksenia Ermoshina, Francesca Musiani. “Standardising by running code”: the Signal protocol and de facto standardisation in end-to-end encrypted messaging. Internet histories, Taylor & Francis, 2019, pp.1-21. 10.1080/24701475.2019.1654697. halshs-02319701 HAL Id: halshs-02319701 https://halshs.archives-ouvertes.fr/halshs-02319701 Submitted on 18 Oct 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. “Standardizing by running code”: The Signal protocol and de facto standardization in end-to-end encrypted messaging Ksenia Ermoshina Francesca Musiani Center for Internet and Society, CNRS, Paris, France Centre Internet et Société (CIS-CNRS), 59-61 rue Pouchet, 75849 Paris cedex 17 Corresponding author email: [email protected] Ksenia Ermoshina (PhD, MINES ParisTech) is a postdoctoral researcher at the Center for Internet and Society (CIS) of the French National Centre for Scientific Research (CNRS), and is an Associate Researcher at the Citizen Lab, Munk School of Global Affairs, University of Toronto. Her research focuses on information operations within the Russian-Ukrainian armed conflict, including digital threats to journalists and civil society organizations, Internet censorship, and surveillance.
    [Show full text]