Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Analysis of End-to-End Encryption in Chat Applications

Ashutosh Ahelleya
October 11, 2019
Research
0
35

Security Analysis of End-to-End Encryption in Chat Applications

Presentation of the talk I delivered at BSides Delhi Security Conference

Ashutosh Ahelleya

October 11, 2019
Tweet

More Decks by Ashutosh Ahelleya

See All by Ashutosh Ahelleya
Backdoors, Trust and Scalable Solutions
ashutosha_
0
50

Other Decks in Research

See All in Research
自己教師あり学習による事前学習(CVIMチュートリアル)
naok615
2
1.4k
10-ot-generic-bio.pdf
gpeyre
0
140
Alexander Mielke Hellinger--Kantorovich (a.k.a. Wasserstein-Fisher-Rao) Spaces and Gradient Flows
jjzhu
3
190
LLMマルチエージェントを俯瞰する
masatoto
26
16k
ゼロからわかるリザバーコンピューティング
kurotaky
1
310
[2023 CCSE] ZOZOTOWN検索における 研究開発の取り組みについて
tomoyayama
0
130
論文紹介 DISN: Deep Implicit Surface Network for High quality Single-view 3D Reconstruction / DISN: Deep Implicit Surface Network for High quality Single-view 3D Reconstruction
nttcom
0
120
Azure Arc-enabled Serversを利用した ハイブリッド・マルチクラウド環境の管理 / Managing Hybrid Multi-cloud Environments with Azure Arc-enabled Servers
nttcom
0
220
機械学習と最適化の融合 動的ロットサイズ決定問題を例として
mickey_kubo
1
190
継続的な研究費獲得のための考え方
moda0
2
440
第12回全日本コンピュータビジョン勉強会:画像の自己教師あり学習における大規模データセット
naok615
0
530
Target trial emulationの概要
shuntaros
2
1.2k

Featured

See All Featured
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Into the Great Unknown - MozCon
thekraken
14
1k
It's Worth the Effort
3n
180
27k
Happy Clients
brianwarren
92
6.4k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
26
2.3k
Fantastic passwords and where to find them - at NoRuKo
philnash
38
2.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
12
1.5k
Designing Experiences People Love
moore
136
23k
Imperfection Machines: The Place of Print at Facebook
scottboms
261
12k
Building an army of robots
kneath
300
41k
Documentation Writing (for coders)
carmenintech
61
4k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k

Transcript

  1. Security Analysis of E2EE in chat applications Ashutosh Ahelleya

  2. $whoami 1. Core member and team lead @teambi0s 2. Final

    year undergraduate @ Amrita Vishwa Vidyapeetham, Kerala 3. Crypto(graphy) enthusiast Author: Crypton - open source library to learn offensive and defensive crypto Twitter: @ashutosha_

  3. Overview 1. What is encryption? 2. Security in E2E communication

    3. Encryption in chat applications before E2EE 4. TLS’ limitations and what can go wrong 5. Snowden revelations 6. E2E encryption and its benefits 7. MTProto - version, components, types 8. Case Study - MTProto v1.0 secret chats 9. Widespread adoption of E2EE 10. E2EE myths and challenges 11. Trade-offs 12. QnA

  4. What is encryption? [Source unknown]

  5. Security in E2E communication 1. Transport security to the service

    2. Security of the service itself 3. End-to-End security 4. [Ideal] Sender and Recipient untraceability Need for perfect forward secrecy

  6. Encryption in chat applications before E2EE [Source]

  7. TLS’ limitations for E2E communication 1. Cannot protect if the

    service is itself compromised 2. Cannot protect against malicious service providers a. Corporate espionage!

  8. TLS - what can go wrong? 1. Return of Coppersmith’s

    Attack (ROCA) 2. Bleichenbacher’s attack (ROBOT) 3. Logjam - downgrading TLS connection parameters to 512-bit 4. Practical invalid curve point attacks 5. Forbidden attack on AES-GCM [source]

  9. Snowden revelations - June 2013 1. NSA accused of injecting

    a backdoor in Dual EC DRBG 2. Large scale surveillance of

  10. Comes E2EE into the picture!

  11. What is end-to-end encryption?

  12. Each participant encrypts messages directly from one device to another

    [Source]

  13. Benefits of E2EE 1. Reduces need to trust provider’s infrastructure

    2. Added assurance against malicious service providers and attackers

  14. Comes

  15. Telegram 1. Gains widespread attraction for their custom cryptographic protocol

    - MTProto 2. Claims to have the safest and the most secure encryption infrastructure Initial release: 14th August, 2013 [Source]

  16. $200,000 reward [Source]

  17. Let’s talk about MTProto

  18. MTProto versions

  19. Components of MTProto protocol 1. High level component - API

    2. Transport component - HTTPS, TCP, HTTP 3. Cryptographic layer - encryption/decryption [Source]

  20. Components of MTProto protocol

  21. Types of MTProto encryption used Cloud chats, client-server encrypted Secret

    chats, end-to-end encrypted

  22. Types of MTProto encryption used

  23. Case Study: MTProto v1.0 secret chats

  24. MTProto v1.0 secret chats

  25. MTProto v1.0 secret chats 1. Key Generation 2. Sending and

    receiving messages in a secret chat
  26. None

  27. [Source]

  28. What can happen if Secret Chat key is revealed?

  29. [Source]

  30. How is the Secret Chat key generated? Custom DHKX!

  31. MTProto v1.0 secret chats 1. Key Generation 2. Sending and

    Receiving messages in a secret chat

  32. DHKX in MTProto v1.0

  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None
  41. None
  42. None
  43. None

  44. Potential backdoor

  45. None
  46. None
  47. None
  48. None
  49. None
  50. None
  51. None
  52. None
  53. None
  54. None
  55. None
  56. None
  57. None
  58. None
  59. None
  60. None
  61. None
  62. None
  63. None

  64. [Source]

  65. Other privacy/security issues around Telegram Previous: 1. Replay attack vulnerability

    [source] 2. Availability exploit [source] Existing: 1. End-to-end encryption not enabled by default [source] 2. Uses SHA-1 instead of SHA-256 in some parts of the protocol [source]

  66. Widespread adoption of E2E encryption

  67. [Source]

  68. E2EE myths

  69. None

  70. E2EE challenges 1. Key distribution in group chats is still

    a difficult problem 2. Protection against state-level backdoors 3. Untraceability - metadata unencrypted? On ghost users and messaging backdoors - Dr. Matthew Green

  71. Source: Scoping law enforcement’s encrypted messaging problem

  72. Trade-offs

  73. Source: Balancing privacy, security and freedom - Alex Stamos

  74. QnA @ashutosha_

  75. Thank you! @ashutosha_