Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

The Diffie-Hellman Algorithm
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Cryptography 101 Frank Hecker
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CSCI 6962: Server-side Design and Programming
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Wireless and Security CSCI 5857: Encoding and Encryption.
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Masud Hasan Secue VS Hushmail Project 2.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Pretty Good Privacy (PGP) Security for Electronic .
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Digital Signatures, Message Digest and Authentication Week-9.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Network Security Celia Li Computer Science and Engineering York University.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Computer and Network Security
BINF 711 Amr El Mougy Sherif Ismail
CS 465 TLS Last Updated: Oct 31, 2017.
The Secure Sockets Layer (SSL) Protocol
Advanced Computer Networks
Electronic Payment Security Technologies
Presentation transcript:

Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016

Content Terms Client Registration Initiating Session Setup Receiving Session Setup Exchanging Messages Transmitting Media and Other Attachments Group Messages Call Setup Verifying Keys Transport Security

Introduction WhatsApp messages and calls between a sender and receiver that use WhatsApp client software released after March 31, 2016 are end-to- end encrypted. The Signal Protocol, designed by Open Whisper Systems, is the basis for WhatsApp’s end-to-end encryption.

Terms Public Key Types Identity Key Pair A long-term Curve25519 key pair, generated at install time. Signed Pre Key A medium-term Curve25519 key pair, generated at install time, signed by the Identity Key, and rotated on a periodic timed basis. One-Time Pre Keys A queue of Curve25519 key pairs for one time use, generated at install time, and replenished as needed.

Terms Session Key Types Root Key A 32-byte value that is used to create Chain Keys. Chain Key A 32-byte value that is used to create Message Keys. Message Key An 80-byte value that is used to encrypt message contents. 32 bytes are used for an AES-256 key, 32 bytes for a HMAC-SHA256 key, and 16 bytes for an Initialization Vector.

Client Registration Whatsapp have no access on Private Keys ! CLIENT SERVER Public Identity Key Public Signed Pre Key Batch of public One-Time Pre Keys But Who Said So ?!! Whatsapp have no access on Private Keys !

Initiating Session Setup In order to communicate with another Whatsapp user, the first user needs to establish an encrypted session. Once session is established, it remains until its lost by an external event or reinstalling app. Encrypted session

Initiating Session Setup Establishing Session: 1 2 Initiator 1 2 1 : Initiator Requests : Public Identity Key Public Signed Pre Key One-Time Pre Keys Of Recipient Server returns the requested keys Note: The One-Time Pre key is removed from server storage after being requested

Initiating Session Setup Establishing Session: Initiator 3 4 saves the keys as : Generates & Loads Irecipient (Identity Key) Srecipient (Signed Pre Key) Orecipient (One-Time Pre Key) Ephemeral Curve25519 key pair Einitiator Identity Key as Iinitiator

Initiating Session Setup ECDH : Elliptic Curve Diffie-Hellman It is one of the Secure key exchange algorithms, which are used to exchange keys securely via non secure channel Establishing Session: Initiator 5 Initiator calculates the Master_Secret: ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) || ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient) Initiator uses HKDF to create a Root Key and Chain Keys from the Master_Secret. 6

Receiving Session Setup Accessing from Whatsapp?? Receiving Session Setup 7 7 Session Setup Message Session Setup Message Einitiator Iinitiator Session Setup Message Initiator Recipient

Receiving Session Setup 8 Session Setup Message Recipient calculates the Master_Secret by using his own private keys & Session Setup Message. Recipient ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) || ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient) Public Own Keys 9 Finally, Recipient uses HKDF to derive Root Key and Chain Key from Master_Secret

Exchanging Messages Every message is encrypted with a unique Message Key For encryption, AES 256 encryption with CBC mode For authentication, HMAC-SHA256 is used Message Keys are ephemeral, can not be regenerated Messages keys are generated from sender's Chain key and “ratchets” forward

Exchanging Messages Calculating a Message Key Message key is calculated as: Message Key = HMAC-SHA256(Chain Key, 0x01) Chain Key is then updated as: HMAC-SHA256(Chain Key, 0x02) Hence, Chain key will “ratchet” forward and can't be derived from a Message key

Exchanging Messages Calculating a Chain Key An ephemeral Curve25519 public key is sent with each message Ephemeral_secret =ECDH(Ephemeral sender , Ephemeral recipient ) Chain Key, Root Key =HKDF(Root Key, ephemeral_secret)

Sending Media & Other Attachments BLOB Whatsapp Server AES256 Key K1 ZMKA Sender HMAC-SHA256 BLOB Store Receiver ZMKA SHA256(ZMKA) AES256 Key K2 K1 SHA256(ZMKA) PTR to BLOB in store QWETRYAKJSJDLHGSADJGXZNBMFJYKE

Receiving Media & Other Attachments QWETRYAKJSJDLHGSADJGXZNBMFJYKE AES256 Key K2 K1 SHA256(ZMKA) PTR to BLOB in store Sender Receiver BLOB Store ZMKA SHA256(ZMKA) SHA256(ZMKA) SHA256(ZMKA) == ZMKA BLOB K1

Group Messaging: Initiation Chain Key CK Signature Key Curve25519 SK Group Member Group SK (public) CK Sender Key AES256 Key K QKOUHFBJNKGKMKM

Group Messaging: Sending Group Member Chain Key CK Group Message Message Key K AES256 SK (private) FTAKJLKJHEROPIUPIU KIUJHFRHKJHGRYLKJLJOPOPL

Call Setup When a whatsapp user initiated a call: The initiator builds an encrypted session with the recipient if one does not already exist The initiator generates a random 32-byte SRTP master secret The initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTP master secret. If the responder answers the call, a SRTP encrypted call ensues.

Verifying The Keys MITM Attack The man-in-the middle attack intercepts a communication between two systems. WhatsApp and Whisper Systems actually did implement some pretty nice encryption. Though easily may be surpassed.

Verifying The Keys But !! Why isn’t it effective? An encrypted conversation on WhatsApp needs the communication of a special  public key. The other WhatsApp client will rely on this public key to know who it’s encrypting the information to. The public key has to be sent through WhatsApp’s servers, who then deliver it to your friend’s phone.

Verifying The Keys QR scan QR code scanning user A has to scan a QR code on the device of user B, and vice versa. Scan the user identifier for both parties. Needs thefull 32-byte public Identity Key for both parties. When either user scans the other’s QR code, the keys are compared to ensure that what is in the QR code matches the Identity Key as retrieved from the server.

Verifying The Keys Comparing a 60-digit number The 60-digit number is computed by concatenating the two 30-digit numeric fingerprints for each user’s Identity Key. The 30 digit numeric finger print : Iteratively SHA-512 hash the public Identity Key and user identifier 5200 times. Take the first 30 bytes of the final hash output. Split the 30-byte result into six 5-byte chunks. Convert each 5-byte chunk into 5 digits. Concatenate the six groups of five digits into thirty digits.

Transport Security

The Nice Properties of transport Security Fast connection setup Information of identity of the connecting user is not revealed No client authentication secrets are stored on the server

Thank You!