3. A Formal Security Analysis of the Signal Messaging Protocol [PDF]

A Formal Security Analysis of the Signal Messaging Protocol [PDF]

Hi,

Thanks for reading our paper and asking questions!

When two parties communicate using the Signal Protocol, they share and update their state as they exchange messages. Each message has its own encryption key which is a branch of the tree you refer to. The order they exchange messages affects the way the tree is built. If all the state is exposed, then an adversary would know all the keying material and would be able to derive any message key. However, because Signal shares state that continuously updates, it has a form of "post-compromise security". This means that Alice can have a security guarantee about communication with Bob, even if Bob’s secrets have already been compromised. This is because of the ratcheting mechanism of Signal; if the adversary had access to the tree but then loses access in the future, the tree will change and the adversary will be locked out because the shared state continuously updates and contributes to keying material.

For reference, here is a link to our earlier paper that elaborates on this concept: https://eprint.iacr.org/2016/221

/r/netsec Thread Parent Link - eprint.iacr.org
Previous
Next

Recently removed from /r/netsec

Tracking Anonymized Bluetooth Devices via BLE security flaw PoC || GTFO 0x19 (Github Mirror) /r/netsec's Q1 2019 Information Security Hiring Thread The /r/netsec Monthly Discussion Thread - December 2018 /r/netsec's Q3 2018 Information Security Hiring Thread Simple hack bypasses iOS passcode entry limit, opens door to brute force hacks Google bug bounty for security exploit that influences search results Cybereason RansomFree detects and blocks WannaCry using behavioral based detection (video link, details in comment) PINs and passwords can be stolen just by watching the way a phone tilts Bella: A pure python, post-exploitation, data mining tool and remote administration tool for macOS. 2015 Vice article reveals Spotify allows for brute-force password collection. There is still no login failure/password reset to this day. More details in comments. Cryptkeeper Sets the same password "p" for everything independently of user input /r/netsec's Q1 2017 Information Security Hiring Thread Warberry Pi- Tactical Exploitation Multiple 7-Zip Vulnerabilities Discovered by Talos

More Random Comments

Got this Smith Corona Galaxie Deluxe for $40 on FB marketplace for my partner for Christmas. The person I got it from put so much WD40 in it that it leaked into the case and is still seeping after I wiped a lot out of many crevices. Thoughts on cleaning it out? When you and a man start going on dates, what makes you decide you want to sleep with him? I'm getting mixed signals from him and me and my anxiety need some help with perspective. Did he steal my v card and is now played me? Redditors who have hired a private investigator...what did you find out? Tech Support and Basic Questions Thread - November 30, 2020 Redditors who have hired a private investigator...what did you find out? Erin O’Toole must stop pandering to the worst in the Conservative party RV Park Design / Feedback OTPs, exes, and double standards Can DMT help me process traumatic events? Multiple names Who likes Germany? (2019 poll PEW research center) My paranormal experiences that changed my life. What do you want for Christmas?