Presentation is loading. Please wait.

Presentation is loading. Please wait.

Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016.

Published byBertha Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016."— Presentation transcript:

1 Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016

2 Content Terms Client Registration Initiating Session Setup
Receiving Session Setup Exchanging Messages Transmitting Media and Other Attachments Group Messages Call Setup Verifying Keys Transport Security

3 Introduction WhatsApp messages and calls between a sender and receiver that use WhatsApp client software released after March 31, 2016 are end-to- end encrypted. The Signal Protocol, designed by Open Whisper Systems, is the basis for WhatsApp’s end-to-end encryption.

4 Terms Public Key Types Identity Key Pair A long-term Curve25519 key pair, generated at install time. Signed Pre Key A medium-term Curve25519 key pair, generated at install time, signed by the Identity Key, and rotated on a periodic timed basis. One-Time Pre Keys A queue of Curve25519 key pairs for one time use, generated at install time, and replenished as needed.

5 Terms Session Key Types
Root Key A 32-byte value that is used to create Chain Keys. Chain Key A 32-byte value that is used to create Message Keys. Message Key An 80-byte value that is used to encrypt message contents. 32 bytes are used for an AES-256 key, 32 bytes for a HMAC-SHA256 key, and 16 bytes for an Initialization Vector.

6 Client Registration Whatsapp have no access on Private Keys ! CLIENT
SERVER Public Identity Key Public Signed Pre Key Batch of public One-Time Pre Keys But Who Said So ?!! Whatsapp have no access on Private Keys !

7 Initiating Session Setup
In order to communicate with another Whatsapp user, the first user needs to establish an encrypted session. Once session is established, it remains until its lost by an external event or reinstalling app. Encrypted session

8 Initiating Session Setup
Establishing Session: 1 2 Initiator 1 2 1 : Initiator Requests : Public Identity Key Public Signed Pre Key One-Time Pre Keys Of Recipient Server returns the requested keys Note: The One-Time Pre key is removed from server storage after being requested

9 Initiating Session Setup
Establishing Session: Initiator 3 4 saves the keys as : Generates & Loads Irecipient (Identity Key) Srecipient (Signed Pre Key) Orecipient (One-Time Pre Key) Ephemeral Curve25519 key pair Einitiator Identity Key as Iinitiator

10 Initiating Session Setup
ECDH : Elliptic Curve Diffie-Hellman It is one of the Secure key exchange algorithms, which are used to exchange keys securely via non secure channel Establishing Session: Initiator 5 Initiator calculates the Master_Secret: ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) || ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient) Initiator uses HKDF to create a Root Key and Chain Keys from the Master_Secret. 6

11 Receiving Session Setup
Accessing from Whatsapp?? Receiving Session Setup 7 7 Session Setup Message Session Setup Message Einitiator Iinitiator Session Setup Message Initiator Recipient

12 Receiving Session Setup
8 Session Setup Message Recipient calculates the Master_Secret by using his own private keys & Session Setup Message. Recipient ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) || ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient) Public Own Keys 9 Finally, Recipient uses HKDF to derive Root Key and Chain Key from Master_Secret

13 Exchanging Messages Every message is encrypted with a unique Message Key For encryption, AES 256 encryption with CBC mode For authentication, HMAC-SHA256 is used Message Keys are ephemeral, can not be regenerated Messages keys are generated from sender's Chain key and “ratchets” forward

14 Exchanging Messages Calculating a Message Key
Message key is calculated as: Message Key = HMAC-SHA256(Chain Key, 0x01) Chain Key is then updated as: HMAC-SHA256(Chain Key, 0x02) Hence, Chain key will “ratchet” forward and can't be derived from a Message key

15 Exchanging Messages Calculating a Chain Key
An ephemeral Curve25519 public key is sent with each message Ephemeral_secret =ECDH(Ephemeral sender , Ephemeral recipient ) Chain Key, Root Key =HKDF(Root Key, ephemeral_secret)

16 Sending Media & Other Attachments
BLOB Whatsapp Server AES256 Key K1 ZMKA Sender HMAC-SHA256 BLOB Store Receiver ZMKA SHA256(ZMKA) AES256 Key K2 K1 SHA256(ZMKA) PTR to BLOB in store QWETRYAKJSJDLHGSADJGXZNBMFJYKE

17 Receiving Media & Other Attachments
QWETRYAKJSJDLHGSADJGXZNBMFJYKE AES256 Key K2 K1 SHA256(ZMKA) PTR to BLOB in store Sender Receiver BLOB Store ZMKA SHA256(ZMKA) SHA256(ZMKA) SHA256(ZMKA) == ZMKA BLOB K1

18 Group Messaging: Initiation
Chain Key CK Signature Key Curve25519 SK Group Member Group SK (public) CK Sender Key AES256 Key K QKOUHFBJNKGKMKM

19 Group Messaging: Sending
Group Member Chain Key CK Group Message Message Key K AES256 SK (private) FTAKJLKJHEROPIUPIU KIUJHFRHKJHGRYLKJLJOPOPL

20 Call Setup When a whatsapp user initiated a call:
The initiator builds an encrypted session with the recipient if one does not already exist The initiator generates a random 32-byte SRTP master secret The initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTP master secret. If the responder answers the call, a SRTP encrypted call ensues.

21 Verifying The Keys MITM Attack
The man-in-the middle attack intercepts a communication between two systems. WhatsApp and Whisper Systems actually did implement some pretty nice encryption. Though easily may be surpassed.

22 Verifying The Keys But !! Why isn’t it effective?
An encrypted conversation on WhatsApp needs the communication of a special  public key. The other WhatsApp client will rely on this public key to know who it’s encrypting the information to. The public key has to be sent through WhatsApp’s servers, who then deliver it to your friend’s phone.

23 Verifying The Keys QR scan QR code scanning
user A has to scan a QR code on the device of user B, and vice versa. Scan the user identifier for both parties. Needs thefull 32-byte public Identity Key for both parties. When either user scans the other’s QR code, the keys are compared to ensure that what is in the QR code matches the Identity Key as retrieved from the server.

24 Verifying The Keys Comparing a 60-digit number
The 60-digit number is computed by concatenating the two 30-digit numeric fingerprints for each user’s Identity Key. The 30 digit numeric finger print : Iteratively SHA-512 hash the public Identity Key and user identifier 5200 times. Take the first 30 bytes of the final hash output. Split the 30-byte result into six 5-byte chunks. Convert each 5-byte chunk into 5 digits. Concatenate the six groups of five digits into thirty digits.

25 Transport Security

26 The Nice Properties of transport Security
Fast connection setup Information of identity of the connecting user is not revealed No client authentication secrets are stored on the server

27 Thank You!

Download ppt "Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker

Similar presentations

Ads by Google