Security Analysis of a Closed-Source Signal Protocol Implementation

Master thesis English OPEN
João Diogo Gaspar Alves;
(2018)
  • Subject: Natural sciences | Ciências exactas e naturais
  • References (32)
    32 references, page 1 of 4

    3.1 KDF chain example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.2 KDF chain implementing a symetric-key ratchet example. . . . . . . . . . . . . . . . 22 3.3 DHR example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.4 DHR example. (cont.) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.5 KDF chain using a symmetric-key ratchet and a DHR example. . . . . . . . . . . . . 25 3.6 DRA in action for one of the parties. . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.7 DRA with header encryption in action. . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.1 The WhatsApp application home screen. . . . . . . . . . . . . . . . . . . . . . . . . 30 4.2 Frida component interaction in a remote target host scenario. . . . . . . . . . . . . 32 5.1 Recovered pseudo-code filename correspondance with the open-source Java implementation filenames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 5.2 Authentication on devices A and B . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 5.3 Scenario testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 5.4 Scenario testing. (cont.) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 5.5 Scenario testing. (cont..) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

    [4] Lee Benfield. CFR - another java decompiler. Website: http://www.benf.org/other/cfr/, 2018.

    [5] Daniel J. Bernstein. Curve25519: new Diffie-Hellman speed records. In Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin, editors, Public Key Cryptography - PKC 2006, pages 207-228. 2006.

    [6] Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt, and Douglas Stebila. A Formal Security Analysis of the Signal Messaging Protocol. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, Nov, 2017.

    [7] Katriel Cohn-Gordon, Cas Cremers, and Luke Garratt. On Post-compromise Security. In 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pages 164-178. IEEE, 2016.

    [11] Whitfield Diffie, Paul C. Van Oorschot, and Michael J. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes and Cryptography, 2:107-125, Jun, 1992.

    [12] Emmanuel Dupuy. Java Decompiler. Website: http://jd.benow.ca/, 2018.

    [13] Google Inc. Android keystore system. Website: https://developer.android.com/training/articles/ keystore, 2018.

    [14] Google Inc. Application Sandbox. Website: https://source.android.com/security/app-sandbox, 2018.

    [15] Google Inc. Protocol Buffers. Website: https://developers.google.com/protocol-buffers/, 2018.

  • Related Research Results (3)
  • Metrics
Share - Bookmark