How Secure is TextSecure
Tilman Frosch,Christian Mainka,Christoph Bader,Florian Bergsma,Jörg Schwenk,Thorsten Holz +5 more
- 21 Mar 2016
- pp 457-472
TL;DR: It is formally prove that - if key registration is assumed to be secure - TextSecure's push messaging can indeed achieve most of the claimed security goals.
read more
Abstract: Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, before releases about mass surveillance performed by intelligence services such as NSA and GCHQ and Facebook's acquisition of WhatsApp, most mobile messaging apps did not protect confidentiality or integrity of the messages. A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TextSecure. Besides numerous direct installations, its protocol is part of Android's most popular aftermarket firmware Cyanogen-Mod. TextSecure's successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TextSecure's complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TextSecure. Furthermore, we formally prove that - if key registration is assumed to be secure - TextSecure's push messaging can indeed achieve most of the claimed security goals.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
SoK: Secure Messaging
Nik Unger,Sergej Dechand,Joseph Bonneau,Sascha Fahl,Henning Perl,Ian Goldberg,Matthew Smith +6 more
- 17 May 2015
TL;DR: This paper evaluates and systematize current secure messaging solutions and proposes an evaluation framework for their security, usability, and ease-of-adoption properties, and identifies three key challenges and map the design landscape for each: trust establishment, conversation security, and transport privacy.
A Formal Security Analysis of the Signal Messaging Protocol
Katriel Cohn-Gordon,Cas Cremers,Benjamin Dowling,Luke Garratt,Douglas Stebila +4 more
- 26 Apr 2017
TL;DR: In this article, the authors present the first security analysis of Signal's key agreement and double ratchet as a multi-stage key exchange protocol and prove the security of the protocol.
Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach
Nadim Kobeissi,Karthikeyan Bhargavan,Bruno Blanchet +2 more
- 26 Apr 2017
TL;DR: This work uses ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures, and demonstrates that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.
164
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
Paul Rösler,Christian Mainka,Jörg Schwenk +2 more
- 24 Apr 2018
TL;DR: A comprehensive and realistic security model is provided that reveals that strong security properties, such as Future Secrecy, which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
110
A Formal Security Analysis of the Signal Messaging Protocol
TL;DR: A security model is defined which can capture the “ratcheting” key update structure as a multi-stage model where there can be a “tree” of stages, rather than just a sequence.
91
References
A public key cryptosystem and a signature scheme based on discrete logarithms
Taher Elgamal
- 23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
Taher Elgamal
- 19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
•Book
Introduction to Modern Cryptography
Jonathan Katz,Yehuda Lindell +1 more
- 01 Jan 2007
TL;DR: This book discusses Private-Key (Symmetric) Cryptography, Number Theory and Cryptographic Hardness Assumptions, and the Random-Oracle Model in Detail.
2.7K
HMAC: Keyed-Hashing for Message Authentication
Hugo Krawczyk,Mihir Bellare,Ran Canetti +2 more
- 01 Feb 1997
TL;DR: This document describes HMAC, a mechanism for message authentication using cryptographic hash functions that can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key.
2.6K
Efficient Identification and Signatures for Smart Cards
Claus-Peter Schnorr
- 20 Aug 1989
TL;DR: An efficient interactive identification scheme and a related signature scheme that are based on discrete logarithms and which are particularly suited for smart cards are presented.