Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that implement end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world adversaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model.
|Original language||English (US)|
|Title of host publication||WPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017|
|Publisher||Association for Computing Machinery, Inc|
|Number of pages||10|
|State||Published - Oct 30 2017|
|Event||16th ACM Workshop on Privacy in the Electronic Society, WPES 2017 - Dallas, United States|
Duration: Oct 30 2017 → …
|Name||WPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017|
|Other||16th ACM Workshop on Privacy in the Electronic Society, WPES 2017|
|Period||10/30/17 → …|
Bibliographical noteFunding Information:
This work was sponsored by the National Science Foundation under grant 1314637.