ADVERSARIAL MODELS FOR SECURE MESSAGING
By Joël Alwen
In an age of ever more sophisticated cybercrime and mass surveillance, secure communication is an increasingly rare and premium commodity. As we develop better methods and models for protecting communication streams, it is essential to examine how the threat model for secure messaging applications has evolved beyond the traditional man-in-the-middle attack. This plays a crucial role in guiding the development of new secure communication tools to better address proven dangers to our digital security.
Since the early days of the Diffie-Hellman key exchange, the RSA encryption scheme and the Schnorr signature scheme modern cryptography, secure messaging has come a long way. As our technology improves and becomes widely deployed, keeping track of the lessons we can learn from its past and present failures is key to advancing our security models.
In this blog post and the accompanying white paper, I go over a range of attacks on secure messaging and collaboration platforms witnessed in the wild in the last few years to identify what conclusions we can draw from those incidents with the goal of building more realistic adversarial models beyond the classic eavesdropping scenario. The real world attacks and vulnerabilities the paper touches upon include:
- Detecting the language in encrypted text messages;
- Recovering the content of encrypted VoIP conversations;
- HipChat server compromise leading to leaking of meta-data and chat logs;
- Invisible rekeying on WhatsApp;
- Widespread lack of even basic privacy in the face of future quantum attacks;
- Browser-based attacks on WhatsApp and Telegram;
- iMessage protocol attack and
- Legal threats.
The paper also covers some defensive techniques that can provide meaningful security in these models including the steps taken by Wickr for defending against these types of attacks including the following:
- Forward secrecy;
- Backwards secrecy;
- Post-quantum cryptography;
- Hardened login credentials and user authentication;
- Account compromise detection and recovery techniques;
- Traffic analysis attacks and ways to mitigate the risks including message padding, hardened VoIP, and constant time cryptography;
- Multi-party messaging architecture and the need to set new security goals for groups;
- Explicit consideration of design choices balancing usability vs security;
- Legal considerations and policy communication.
This exercise of examining the successes and failures of adversarial models in secure messaging is central to our quest to build both more meaningfully secure and usable secure communication tools. Just as considering the eavesdropping model led us to design various forms of end-to-end encryption and authentication, the same benefits can arise from developing newer adversarial models inspired by attacks launched on our current systems. You can read a full white paper here.