More is Less: How Group Chats Weaken the Security of Instant Messengers Signal, WhatsApp, and Threema
نویسندگان
چکیده
Secure Instant Messaging (SIM) is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of SIM group communication. In this paper, we investigate group communication security mechanisms of three main SIM applications: Signal, WhatsApp, and Threema. We first provide a comprehensive and realistic attacker model for analyzing group SIM protocols regarding security and reliability. We then describe and analyze the group protocols used in Signal, WhatsApp, and Threema. By applying our model, we reveal multiple weaknesses, and propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
منابع مشابه
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging. To approach an inves...
متن کاملExpert and Non-Expert Attitudes towards (Secure) Instant Messaging
In this paper, we present results from an online survey with 1,510 participants and an interview study with 31 participants on (secure) mobile instant messaging. Our goal was to uncover how much of a role security and privacy played in people’s decisions to use a mobile instant messenger. In the interview study, we recruited a balanced sample of ITsecurity experts and non-experts, as well as an...
متن کاملExamining the Role of Privacy in Virtual Migration: The Case of WhatsApp and Threema
WhatsApp is a widely used instant messaging application on smartphones. However, owing to privacy deficiencies in WhatsApp, alternative services that emphasize privacy protection, such as Threema, have emerged. Thus, the question arises whether users would switch from WhatsApp to Threema for privacy reasons, and what the factors are that would affect their switching intention. To answer these q...
متن کاملForensic Analysis of Instant Messenger Applications on Android Devices
The modern day Smartphone’s have built in apps like “WhatsApp & Viber” which allow users to exchange instant messages, share videos, audio’s and images via Smartphone’s instead of relying on their desktop Computers or laptop thereby increasing the portability and convenience for a layman smart phone user. An Instant Messenger (IM) can serve as a very useful yet very dangerous platform for the v...
متن کاملs . so c - ph ] 2 4 A ug 2 01 4 1 Empirical studies on the network of social groups : the case of Tencent QQ
Participation in social groups are important but the collective behaviors of human as a group are difficult to analyze due to the difficulties to quantify ordinary social relation, group membership, and to collect a comprehensive dataset. Such difficulties can be circumvented by analyzing online social networks. In this paper, we analyze a comprehensive dataset obtained from Tencent QQ, an inst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017