Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice

Cremers, Cas and Fairoze, Jayden and Kiesl, Benjamin and Naska, Aurora
(2020) Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice.
In: CCS 2020, November 09-13, 2020.
Conference: CCS ACM Conference on Computer and Communications Security
(In Press)

WarningThere is a more recent version of this item available.
[img]
Preview
Text
CFKN2020-messaging_cloning.pdf

Download (657kB) | Preview

Abstract

We investigate whether modern messaging apps achieve the strong post-compromise security guarantees offered by their underlying protocols. In particular, we perform a black-box experiment in which a user becomes the victim of a clone attack; in this attack,the user’s full state (including identity keys) is compromised by an attacker who clones their device and then later attempts to impersonate them, using the app through its user interface.Our attack should be prevented by protocols that offer post-compromise security, and thus, by all apps that are based on Signal’s double-ratchet algorithm (for instance, the Signal app, WhatsApp,and Facebook Secret Conversations). Our experiments reveal that this is not the case: most deployed messaging apps fall far short of the security that their underlying mechanisms suggest. We conjecture that this security gap is a result of many apps trading security for usability, by tolerating certain forms of desynchronization. We show that the tolerance of desynchronization necessarily leads to loss of post-compromise security in the strict sense, but we also show that more security can be retained than is currently offered in practice. Concretely, we present a modified version of the double-ratchet algorithm that tolerates forms of desynchronization while still being able to detect cloning activity.Moreover, we formally analyze our algorithm using the Tamarin prover to show that it achieves the desired security properties.

Available Versions of this Item

Actions

Actions (login required)

View Item View Item