More is Less: How Group Chats Weaken the Security of Instant Messengers Signal, WhatsApp, and Threema

نویسندگان

  • Paul Rösler
  • Christian Mainka
  • Jörg Schwenk
چکیده

Secure Instant Messaging (SIM) is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of SIM group communication. In this paper, we investigate group communication security mechanisms of three main SIM applications: Signal, WhatsApp, and Threema. We first provide a comprehensive and realistic attacker model for analyzing group SIM protocols regarding security and reliability. We then describe and analyze the group protocols used in Signal, WhatsApp, and Threema. By applying our model, we reveal multiple weaknesses, and propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging. To approach an inves...

متن کامل

Expert and Non-Expert Attitudes towards (Secure) Instant Messaging

In this paper, we present results from an online survey with 1,510 participants and an interview study with 31 participants on (secure) mobile instant messaging. Our goal was to uncover how much of a role security and privacy played in people’s decisions to use a mobile instant messenger. In the interview study, we recruited a balanced sample of ITsecurity experts and non-experts, as well as an...

متن کامل

Examining the Role of Privacy in Virtual Migration: The Case of WhatsApp and Threema

WhatsApp is a widely used instant messaging application on smartphones. However, owing to privacy deficiencies in WhatsApp, alternative services that emphasize privacy protection, such as Threema, have emerged. Thus, the question arises whether users would switch from WhatsApp to Threema for privacy reasons, and what the factors are that would affect their switching intention. To answer these q...

متن کامل

Forensic Analysis of Instant Messenger Applications on Android Devices

The modern day Smartphone’s have built in apps like “WhatsApp & Viber” which allow users to exchange instant messages, share videos, audio’s and images via Smartphone’s instead of relying on their desktop Computers or laptop thereby increasing the portability and convenience for a layman smart phone user. An Instant Messenger (IM) can serve as a very useful yet very dangerous platform for the v...

متن کامل

s . so c - ph ] 2 4 A ug 2 01 4 1 Empirical studies on the network of social groups : the case of Tencent QQ

Participation in social groups are important but the collective behaviors of human as a group are difficult to analyze due to the difficulties to quantify ordinary social relation, group membership, and to collect a comprehensive dataset. Such difficulties can be circumvented by analyzing online social networks. In this paper, we analyze a comprehensive dataset obtained from Tencent QQ, an inst...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2017  شماره 

صفحات  -

تاریخ انتشار 2017