Signal Protocol

Signal Protocol
Communications protocol
Purpose Non-federated encrypted messaging
Based on OTR, SCIMP[1]
Influenced OMEMO, Matrix[2]
OSI layer Application layer

The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that provides end-to-end encryption for instant messaging conversations.[2] The protocol was developed by Open Whisper Systems in 2013.[2] It has since been implemented into WhatsApp, Facebook Messenger, and Google Allo, encrypting the conversations of "more than a billion people worldwide".[3]

The protocol combines the Double Ratchet Algorithm, prekeys, and a triple Diffie–Hellman (3-DH) handshake,[4] and uses Curve25519, AES-256 and HMAC-SHA256 as primitives.[5]

History

The Signal Protocol's development was started by Trevor Perrin and Moxie Marlinspike (Open Whisper Systems) in 2013. The first version of the protocol, TextSecure v1, was based on OTR.[6][7]

On 24 February 2014, Open Whisper Systems introduced TextSecure v2,[8] which migrated to the Axolotl Ratchet.[6][9] The design of the Axolotl Ratchet is based on the ephemeral key exchange that was introduced by Off-the-Record Messaging and combines it with a symmetric-key ratchet modeled after the Silent Circle Instant Messaging Protocol (SCIMP).[1] It brought about support for asynchronous communication ("offline messages") as its major new feature, as well as better resilience with distorted order of messages and simpler support for conversations with multiple participants.[10] The Axolotl Ratchet was named after the critically endangered aquatic salamander Axolotl, which has extraordinary self-healing capabilities. The developers refer to the algorithm as self-healing because it automatically disables an attacker from accessing the cleartext of later messages after having compromised a session key.[1]

The third version of the protocol, TextSecure v3, made some changes to the cryptographic primitives and the wire protocol.[6] In October 2014, researchers from Ruhr University Bochum published an analysis of TextSecure v3.[5][6] Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure.[11]

In March 2016, the developers renamed the protocol as the Signal Protocol. They also renamed the Axolotl Ratchet as the Double Ratchet Algorithm to better differentiate between the ratchet and the full protocol,[12] because some had used the name Axolotl when referring to the full protocol.[13][12]

As of October 2016, the Signal Protocol is based on TextSecure v3, but with additional cryptographic changes.[6] In October 2016, researchers from UK’s University of Oxford, Queensland University of Technology in Australia, and Canada’s McMaster University published a formal analysis of the protocol.[14][15] They concluded that the protocol was cryptographically sound.[14][15]

Properties

The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity.[16] It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.[16]

The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption.[16] In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.[16]

Authentication

For authentication, users can manually compare public key fingerprints through an outside channel.[17] This makes it possible for users to verify each others' identities and avoid a man-in-the-middle attack.[17] An implementation can also choose to employ a trust on first use mechanism in order to notify users if a correspondent's key changes.[17]

Metadata

The Signal Protocol does not prevent a company from retaining information about when and with whom users communicate.[18][19] There can therefore be differences in how messaging service providers choose to handle this information. For example, WhatsApp's privacy policy states:

WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.[19][20]

Signal's privacy policy states that recipients' identifiers are only kept on the Signal servers as long as necessary in order to transmit each message.[21] In June 2016, Moxie Marlinspike told The Intercept that "the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second."[19]

Usage

Open Whisper Systems first introduced the protocol in their TextSecure app. They later merged an encrypted voice calling application called RedPhone into the TextSecure app and renamed it as Signal.

In November 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform.[22] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and key verification would be coming soon after.[23] On April 5, 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.[24][25]

In September 2015, G Data launched a new messaging app called Secure Chat which uses the Signal Protocol.[26][27]

In September 2016, Google launched a new messaging app called Allo, which features an optional "incognito mode" that uses the Signal Protocol for end-to-end encryption.[28][29]

In October 2016, Facebook deployed an optional mode called "secret conversations" in Facebook Messenger which provides end-to-end encryption using an implementation of the Signal Protocol.[30][31][32][33]

Influence

The Signal Protocol has had an influence on other cryptographic protocols. On May 3, 2016, Viber said that their encryption protocol is a custom implementation that "uses the same concepts" as the Signal Protocol.[34][35] On May 9, 2016, the developers of Wire said that their encryption protocol, Proteus, is based on the Signal Protocol.[36][37]

The Double Ratchet Algorithm that was introduced as part of the Signal Protocol has also been adopted by other protocols. OMEMO is a proposed XMPP Extension Protocol (XEP) that was introduced in the Conversations messaging app and submitted to the XMPP Standards Foundation (XSF) in the autumn of 2015.[38][2] Matrix is an open communications protocol that includes Olm, a library that provides for optional end-to-end encryption on a room-by-room basis via a Double Ratchet Algorithm implementation.[2]

Implementations

Open Whisper Systems maintains the following Signal Protocol libraries on GitHub:

See also

References

  1. 1 2 3 Marlinspike, Moxie (26 November 2013). "Advanced cryptographic ratcheting". whispersystems.org. Open Whisper Systems. Retrieved 23 September 2016.
  2. 1 2 3 4 5 Ermoshina, Musiani & Halpin 2016
  3. "Moxie Marlinspike - 40 under 40". Fortune. Time Inc. 2016. Retrieved 22 September 2016.
  4. Unger et al. 2015, p. 241
  5. 1 2 Frosch et al. 2016
  6. 1 2 3 4 5 Cohn-Gordon et al. 2016, p. 2
  7. "Protocol". GitHub. Open Whisper Systems. 2 March 2014. Archived from the original on 7 January 2015. Retrieved 28 October 2016.
  8. Donohue, Brian (24 February 2014). "TextSecure Sheds SMS in Latest Version". Threatpost. Retrieved 14 July 2016.
  9. "ProtocolV2". GitHub. Open Whisper Systems. 2 March 2014. Archived from the original on 15 October 2014. Retrieved 28 October 2016.
  10. Unger et al. 2015
  11. Pauli, Darren. "Auditors find encrypted chat client TextSecure is secure". The Register. Retrieved 4 November 2014.
  12. 1 2 Marlinspike, Moxie (30 March 2016). "Signal on the outside, Signal on the inside". Open Whisper Systems. Retrieved 9 April 2016.
  13. Cohn-Gordon et al. 2016, p. 1
  14. 1 2 Brook, Chris (10 November 2016). "Signal Audit Reveals Protocol Cryptographically Sound". Threatpost. Kaspersky Lab. Retrieved 11 November 2016.
  15. 1 2 Cohn-Gordon et al. 2016
  16. 1 2 3 4 Unger et al. 2015, p. 239
  17. 1 2 3 Rottermanner et al. 2015, p. 5
  18. Rottermanner et al. 2015, p. 4
  19. 1 2 3 Lee, Micah (22 June 2016). "Battle of the Secure Messaging Apps: How Signal Beats WhatsApp". The Intercept. First Look Media. Retrieved 8 October 2016.
  20. "Privacy Notice". WhatsApp Inc. 7 July 2012. Retrieved 16 October 2016.
  21. "Privacy Policy". Open Whisper Systems. n.d. Retrieved 8 October 2016.
  22. Jon Evans (18 November 2014). "WhatsApp Partners With Open Whisper Systems To End-To-End Encrypt Billions Of Messages A Day". TechCrunch. Retrieved 14 March 2016.
  23. "Open Whisper Systems partners with WhatsApp to provide end-to-end encryption". Open Whisper Systems. 18 November 2014. Retrieved 14 March 2016.
  24. Metz, Cade (5 April 2016). "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired. Condé Nast. Retrieved 5 April 2016.
  25. Lomas, Natasha (5 April 2016). "WhatsApp completes end-to-end encryption rollout". TechCrunch. AOL Inc. Retrieved 5 April 2016.
  26. Seals, Tara (17 September 2015). "G DATA Adds Encryption for Secure Mobile Chat". Infosecurity Magazine. Reed Exhibitions Ltd. Retrieved 14 July 2016.
  27. "SecureChat". GitHub. G Data. Retrieved 14 July 2016.
  28. Greenberg, Andy (18 May 2016). "With Allo and Duo, Google Finally Encrypts Conversations End-to-End". Wired. Condé Nast. Retrieved 18 May 2016.
  29. Gibbs, Samuel (21 September 2016). "Google launches WhatsApp competitor Allo – with Google Assistant". The Guardian. Retrieved 21 September 2016.
  30. Isaac, Mike (8 July 2016). "Facebook to Add 'Secret Conversations' to Messenger App". The New York Times. The New York Times Company. Retrieved 12 July 2016.
  31. "Messenger Secret Conversations" (PDF) (Whitepaper). Facebook. 8 July 2016. Retrieved 12 July 2016.
  32. Greenberg, Andy (8 July 2016). "'Secret Conversations:' End-to-End Encryption Comes to Facebook Messenger". Wired. Condé Nast. Retrieved 12 July 2016.
  33. Greenberg, Andy (4 October 2016). "You Can All Finally Encrypt Facebook Messenger, So Do It". Wired. Condé Nast. Retrieved 5 October 2016.
  34. "Viber Encryption Overview". Viber. 3 May 2016. Retrieved 9 October 2016.
  35. Eyal, Ofir (3 May 2016). "Canada, Germany and Australia are getting e2e encryption". Viber. Retrieved 9 October 2016.
  36. "Add attribution". GitHub. Wire Swiss GmbH. 9 May 2016. Retrieved 9 October 2016.
  37. "Wire Security Whitepaper" (PDF). Wire Swiss GmbH. 3 March 2016. Retrieved 15 July 2016.
  38. Andreas Straub (25 October 2015). "OMEMO Encryption". XMPP Standards Foundation website. Retrieved 15 October 2016.
  39. Open Whisper Systems. "libsignal-protocol-c". GitHub. Retrieved 13 June 2016.
  40. Open Whisper Systems. "libsignal-protocol-java". GitHub. Retrieved 6 April 2016.
  41. Open Whisper Systems. "libsignal-protocol-javascript". GitHub. Retrieved 25 September 2016.

Literature

  • Cohn-Gordon, Katriel; Cremers, Cas; Dowling, Benjamin; Garratt, Luke; Stebila, Douglas (25 October 2016). "A Formal Security Analysis of the Signal Messaging Protocol" (PDF). Cryptology ePrint Archive. International Association for Cryptologic Research (IACR). 
  • Ermoshina, Ksenia; Musiani, Francesca; Halpin, Harry (September 2016). "End-to-End Encrypted Messaging Protocols: An Overview". In Bagnoli, Franco; et al. Internet Science. INSCI 2016. Florence, Italy: Springer. pp. 244–254. doi:10.1007/978-3-319-45982-0_22. ISBN 978-3-319-45982-0. 
  • Frosch, Tilman; Mainka, Christian; Bader, Christoph; Bergsma, Florian; Schwenk, Jörg; Holz, Thorsten (March 2016). How Secure is TextSecure?. 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrücken, Germany: IEEE. pp. 457–472. doi:10.1109/EuroSP.2016.41. ISBN 978-1-5090-1752-2. Retrieved 28 September 2016. 
  • Rottermanner, Christoph; Kieseberg, Peter; Huber, Markus; Schmiedecker, Martin; Schrittwieser, Sebastian (December 2015). Privacy and Data Protection in Smartphone Messengers (PDF). Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (iiWAS2015). ACM International Conference Proceedings Series. ISBN 978-1-4503-3491-4. Retrieved 25 September 2016. 
  • Unger, Nik; Dechand, Sergej; Bonneau, Joseph; Fahl, Sascha; Perl, Henning; Goldberg, Ian Avrum; Smith, Matthew (2015). SoK: Secure Messaging (PDF). Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society's Technical Committee on Security and Privacy. pp. 232–249. doi:10.1109/SP.2015.22. 
Wikimedia Commons has media related to Open Whisper Systems.
This article is issued from Wikipedia - version of the 11/11/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.