Secure Instant Messaging End-to-End - Analysis of Security Protocols
MetadataVis full innførsel
Secure instant messaging aims to protect private communication messages against surveillance. Organisations, individuals, and vendors have released instant messaging applications claiming to be secure from surveillance. The goal of these secure instant messaging applications is to encrypt the private messages end-to-end. Signal Private Messenger, the Secret Conversation feature of Facebook Messenger, and Crypho are the three secure instant messaging applications presented and analysed in this project. All three claim to provide end-to-end encryption of messages. The Signal protocol and the Crypho protocol are two end-to-end encryption protocols used by these applications. Before conducting the analysis of the protocols, it is necessary to understand them. Thus, an overview of both protocols are first presented before a more detailed description follows for registration and conversation. In this thesis, an analysis of the end-to-end encryption of protocols and their cryptographic composition is studied. The analysis of the Signal protocol is based on former research, since teams of researchers have been interested in analysing the protocol for the last couple of years. The Crypho protocol has no known or published analysis. In addition to the manual correctness analysis conducted for the Crypho protocol, the protocol is also analysed with a tool that verifies the cryptographic composition of protocols. The analysis reveals that without the correct countermeasures, an adversary can possibly attack both protocols vulnerabilities. The Signal protocol can be vulnerable to the Man-in-the-Middle attack, Unknown Key-Share attack, and replay attack. The Crypho protocol can be vulnerable to the Man-in-the-Middle attack and replay attack. Security criteria for Signal Private Messenger, the Secret Conversation feature of Facebook Messenger, and Crypho are compared. Comparison criteria are presented in a scoreboard, and the result for each application is explained. Two user surveys were conducted on Norwegian University of Science and Technology (NTNU) students at Gløshaugen. The goal of the surveys is both to make students aware of more secure messaging applications that can protect their private messages, and evaluate the popularity of end-to-end applications among the students. The first survey was intended to map the students knowledge on secure instant messaging and their use of secure applications. Those students who have used at least one of the target applications (Signal Private Messenger, the Secret Conversation feature of Facebook Messenger, and Crypho) participated in a more in-depth user survey.