Messaging in Times of Surveillance

Transcript

1. Messaging in Times of Surveillance Frederic Jacobs Security in Times

   of Surveillance 26 May 2016 @ TU/e

2. – Ed Snowden "The greatest fear that I have regarding

   the outcome for America of these disclosures is that nothing will change" 2013

3. Many articles later …

4. – James Clapper "Snowden disclosures sped up adoption of strong

   encryption by about 7 years, according to NSA analysis" 2016

5. What changed (in the messaging space) ?

6. Email

7. 2013 Email encryption in transit 39% 27% of outbound traffic

   of inbound traffic

8. How much (Gmail) email was encrypted in transit? 18% 36%

   54% 72% 90% 2013-12-12 2014-06-11 2014-12-09 2015-06-08 2015-12-25 2016-05-18 Gmail Inbound Gmail Outbound Data Source: Google Transparency Report

9. 2016 Email encrypKon in transit 84% 74% of outbound traffic

   of inbound traffic

10. Addressing Downgrade Attacks & DNS Attacks

11. SMTP STS: HSTS for email • TOFU trust model •

    Tells email server that encryption is supported, thus emails in future should always be encrypted with • The TOFU trust model doesn’t address an active attacker that can intercept, and downgrade the first connection, removing the STS policy.

12. Messaging Applications

13. You said messaging? • Email environment large & complex to

    operate in. • Messaging apps on mobile & desktop have provided a be:er environment to experiment.

14. Messaging Landscape in 2013 • WeChat: focuses on Chinese/Asian Market

    - 600 million registered users. • WhatsApp: Worldwide - 590 million registered users. • Facebook Messenger: Worldwide - 500 million registered users. • Line: Asian Market - 300 million registered users. • Viber: Worldwide (popular in the ME) - 200 million registered users.

15. 2016 End-to-end Crypto in messaging apps • ❌ WeChat •

    ✅ WhatsApp • ❌ Facebook Messenger • ✅ Line • ✅ Viber • A lot of new encrypted messaging platforms were developed since 2013, not all snake oil.

16. AI/Cloud Chats End-to-End Encrypted Chats Examples WeChat Telegram Google Allo

    Facebook Messenger Viber Signal Threema WhatsApp Telegram Secret Chats Advantages - UX on multi-device provisioning (nothing prevents e-2-e) - Better UX thanks to AI? Security Privacy No selling out or mining of content How useful is the AI? Does the user experience improvement from AI justify the loss of privacy?

17. If “AI chats” are useful: • Is it possible to

    reconcile “AI chats” with privacy? • How efficient can neural networks be if trained locally? • How can we provide both enough data to train the neural networks on the device and at the same time promote ephemerality?

18. Ratcheting

19. Hash-Based Ratcheting

20. Alice Master Key Bob Master Key A Message Key 1

    KDF B Message Key 1 KDF … ✉ ✉

21. Hash-Based Ratcheting • Provides Perfect Forward Secrecy • Simple implementaAon,

    no round trip required • How to deal with out-of-order messages? Keeping a key results in losing PFS from that point. • ⚠ Any key compromise will compromise all future messages

22. DH-Based Ratcheting

23. Alice Encrypted Message — Next DH Ephemeral Key ✉ Bob

    ✉ Encrypted Message — Next DH Ephemeral Key Encrypted Message — Next DH Ephemeral Key ✉

24. DH-Based Ratcheting • Implemented in the OTR protocol • Provides

    Perfect Forward Secrecy • Self-healing properAes • ⚠ Synchronous protocol - not suited for mobile use or high-latency messaging

25. Double Ratchet (previously called Axolotl Ratchet)

26. Message Protocols Session Protocols Examples : PGP, S/MIME Asynchronous Lacks:

    conversation Integrity, forward secrecy, deniability Examples: OTR, SSL, SSH Synchronous Short-lived session Double Ratchet Asynchronous with all great features of short lived protocols Forward secrecy, deniability, conversation integrity …

27. HI BOB? WOKEN UP ALREADY? MIGHT NEED SOME COFFEE BUT

    I LIKE RATCHING! = Diffie-Hellman Exchange = Hash Function Alice Alice Bob Bob Double-Ratchet

28. Back to where we are in 2016

29. Some things got better • (Free) large scale deployments of

    end-to-end crypto with PFS • Market demand for encrypAon. Services trying to one up each other on security

30. What still sucks • AuthenAcaAon • Group messaging protocols •

    Metadata

31. What got worse • CentralizaAon • PercepAon of security on

    messaging apps might prevent adopAon of more privacy- preserving opAons

32. Thanks! Questions?