A Review of Signal Security Protocols Suitable for Power-Limited Hardware
Subject Areas :
Communication Engineering
Mohsen Mousavi
1
1 - Faculty of Applied Sciences, Malek-Ashtar University of Technology, Isfahan, Iran
Received: 2023-10-24
Accepted : 2024-01-18
Published : 2024-05-21
Keywords:
Security protocols,
Instant messengers,
Signal protocol,
Key agreement protocols,
Post-Quantum cryptography,
Abstract :
Instant messengers have been popularized by users for private and business communication as an alternative to the cheap short message system in mobile phones with limited computing power. However, until recently, most mobile messaging applications did not protect the confidentiality or integrity of messages. Due to reports of communications being intercepted by intelligence services such as the NSA, people have been motivated to look for alternative messengers to maintain the security and privacy of their communications on the Internet. Initially, with Facebook's purchase of the popular messaging app WhatsApp, other apps claiming to offer secure communications gained significant new users. One messaging app that claims to offer secure instant messaging features and has garnered a lot of attention is TextSecure Messenger. Next, Signal Messenger, which is considered the successor of TextSecure, uses the protocols available in this messenger to exchange text messages. Considering that the WhatsApp messenger is based on the signal protocol, in this article a complete description of the encryption complexity of the signal protocol is presented. In the following, a security analysis of the three main components of this protocol including: key exchange, key extraction and authentication in encrypted messages is described. It has also been shown that the process of sending and displaying messages in this protocol can achieve most of the security goals. Finally, the role of quantum attacks that resulted from the computing power of quantum computers in solving classical asymmetric cryptography problems in the security of the key agreement protocol used in the Signal was checked. It is also shown that the use of Post-Quantum key exchange cryptographic protocols can secure the key agreement part of the Signal protocol against attacks by quantum algorithms.
References:
K. Siau and Z. Shen, “Mobile communications and mobile services,” International Journal of Mobile Communications, vol. 1, no. 2, pp. 3-14, Jan. 2003, doi: 10.1504/ijmc.2003.002457.
M. Mannan and P.C. Oorschot, “A Protocol for Secure Public Instant Messaging”, in International Conference on Financial Cryptography and Data Security, 2006, pp. 20-35, doi: 10.1007/11889663_2.
R. Alkhulaiwi, A. Sabur, K. Aldughayem and O. Almanna, “Survey of secure anonymous peer to peer Instant Messaging protocols,” in 14th Annual Conference on Privacy, Security and Trust (PST), 2016, pp. 294-300, doi: 10.1109/PST.2016.7906977.
C. Gloor and A. Perrig, “Trusted Introductions for Secure Messaging,” in Cambridge International Workshop on Security Protocols, 2023, pp. 123-135, doi: 10.1007/978-3-031-43033-6_13.
M.H. Eldefrawy, K. Alghathbar, M.K. Khan and H. Elkamchouchi, “Secure Instant Messaging Protocol for Centralized Communication Group,” in 4th IFIP International Conference on New Technologies, Mobility and Security, 2011, pp. 1-4, doi: 10.1109/ntms.2011.5720590.
P. Bug, “Privacy hole in Windows/MSN Messenger,” Computer Fraud and Security, vol. 2002, no. 3, pp. 1-3, Mar. 2002, doi: 10.1016/s1361-3723(02)00304-4.
W. Goucher, “Shooting the messenger,” Computer Fraud and Security, vol. 2008, no. 7, pp. 19-20, Jul. 2008, doi: 10.1016/s1361-3723(08)70115-5.
D.C. Ranasinghe, “Lightweight Cryptography for Low Cost RFID,” in Networked RFID Systems and Lightweight Cryptography, Springer, 2008, pp. 311-346, doi: 10.1007/978-3-540-71641-9_18.
T.Durden, “Wikileaks Unveils Vault 7” in The Largest Ever Publication of Confidential CIA Documents, Another Snowden Emerges, Zerohedge, 2017.
S. Osullivan, “Instant Messaging vs. instant compromise,” Network Security, vol. 2006, no. 7, pp. 4-6, Jul. 2006, doi: 10.1016/s1353-4858(06)70408-1.
N. Unger et al., “SoK: Secure Messaging,” in IEEE Symposium on Security and Privacy, 2015, pp. 232-249, doi: 10.1109/SP.2015.22.
T. Frosch et al., “How Secure is TextSecure,” in IEEE European Symposium on Security and Privacy, 2016, pp. 457-472, doi: 10.1109/EuroSP.2016.41.
S. Schr, M. Huber, D. Wind and C. Rottermanner, “When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging,” in Proceedings 1st European Workshop on Usable Security, 2016, pp. 1-7, doi: 10.14722/eurousec.2016.23012.
N. Kobeissi, K. Bhargavan and B. Blanchet, “Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach,” in IEEE European Symposium on Security and Privacy, 2017, pp. 435-450, doi: 10.1109/EuroSP.2017.38.
K. Cohn-Gordon, C. Cremers and L. Garratt, “On Post-compromise Security,” in IEEE 29th Computer Security Foundations Symposium, 2016, pp. 164-178, doi: 10.1109/csf.2016.19.
M.D. Green and I. Miers, “Forward Secure Asynchronous Messaging from Puncturable Encryption,” in IEEE Symposium on Security and Privacy, 2015, pp. 305-320, doi: 10.1109/sp.2015.26.
M. Bellare, A.C. Singh, J. Jaeger, M. Nyayapati and I. Stepanovs, “Ratcheted Encryption and Key Exchange: The Security of Messaging,” in Annual International Cryptology Conference, 2017, pp. 619-650, doi: 10.1007/978-3-319-63697-9_21.
B. Poettering and P. Rösler, “Towards Bidirectional Ratcheted Key Exchange,” in Annual International Cryptology Conference, 2018, pp. 3-32, doi: 10.1007/978-3-319-96884-1_1.
K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt and D. Stebila, “A formal security analysis of the signal messaging protocol,” Journal of Cryptology, vol. 33, pp. 1914-1983, Sep. 2020, doi: doi.org/10.1007/s00145-020-09360-1.
P. Rosler, C. Mainka and J. Schwenk, “More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema,” in IEEE European Symposium on Security and Privacy, 2018, pp. 415-429, doi: 10.1109/eurosp.2018.00036.
R. Endeley, “End-to-End Encryption in Messaging Services and National Security Case of WhatsApp Messenger,” Journal of Information Security, vol. 09, no. 1, pp. 95-99, Jan. 2018, doi: 10.4236/jis.2018.91008.
T. Perrin and M. Marlinspike, “The Double Ratchet Algorithm”, 2016, [online] Available: https://signal.org/docs/specifications/doubleratchet/.
J. Jiang, Y. Zhu, X. Yang, J. Xu and Y. Xie, “The Research on Secure Communication Scheme Based on Double Ratchet Algorithm with Forward Secrecy for IoT Perception Layer Device,” in 7th International Conference on Computer and Communication Systems, 2022, pp. 660-664, doi: 10.1109/ICCCS55155.2022.9846271.
M. Marlinspike and T. Perrin, “The X3DH key agreement protocol,” 2016, [online] Available: https://whispersystems.org/docs/specifications/x3dh/.
T. Perrin, “The xeddsa and vxeddsa signature schemes,” 2016, [online] Available: whispersystems.org/docs/specifications/xeddsa.
P. Rogaway, “Authenticated encryption with associated data,” in Proceedings of the 9th ACM conference on Computer and communications security, 2002, pp. 98-107, doi: 10.1145/586110.586125.
J. Chan and P. Rogaway, “On Committing Authenticated Encryption,” in European Symposium on Research in Computer Security, 2022, pp. 275-294, doi: 10.1007/978-3-031-17146-8_14.
B.Toulas, “Signal adds quantum-resistant encryption to its E2EE messaging protocol,” 2023, [online] Available: signal.org/blog/pqxdh.
N. Alnahawi et al., “SoK: Post-Quantum TLS Handshake,” 2023, [online] Available: eprint.iacr.org/2023/1873.
A. Petcher and M. Campagna,, “Security of Hybrid Key Establishment using Concatenation,” 2023, [online] Available: eprint.iacr.org/2023/972.
M. Barbosa et al, “X-Wing: The Hybrid KEM You've Been Looking For,” 2024, [online] Available: eprint.iacr.org/ 2024/039.
_||_
