are our messages private? whatsapp end-to-end …delaat/rp/2018-2019/p25/...whatsapp end-to-end...
TRANSCRIPT
![Page 1: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/1.jpg)
WhatsApp End-to-End Encryption:Are Our Messages Private?
Research project by:Pavlos LontorfosTom Carpaij
1
Supervisors:Ruben De Vries Soufiane el Aissaoui
![Page 2: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/2.jpg)
Introduction
2
![Page 3: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/3.jpg)
Introduction
● 1.5 billion users● “Black box” application● Security vs. end-to-end encryption ● Can we trust Facebook's claim of End-to-End
encryption?3
![Page 4: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/4.jpg)
Research questions
Is user-to-user message exchange via WhatsApp End-to-End
encrypted?
● What are the algorithms used to create the Signal protocol?● What are the differences between Signal and WhatsApp network traffic?● To what extent are WhatsApp messages encrypted to the Signal protocol
specifications?
4
![Page 5: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/5.jpg)
Literature review
● Breach of End-to-End encryption in group messages [1]● Non-blocking WhatsApp implementation [2]● Voicemail account verification hijack [3]● Signal protocol papers [4] [5]● WhatsApp End-to-End encryption implementation whitepaper [6]● Formal proof of Signal protocol security [7]
5
![Page 6: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/6.jpg)
Background: Extended Triple Diffie-Hellman (X3DH)
X3DH illustration. From Open Whisper Systems, by Marlinspike and Perrin, 2016. Retrieved from https://signal.org/docs/specifications/x3dh/
6
![Page 7: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/7.jpg)
Background: Single ratchet algorithm
Single ratchet illustration. From Open Whisper Systems, by Perrin and Marlinspike , 2016. Retrieved from https://signal.org/docs/specifications/doubleratchet/
7
![Page 8: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/8.jpg)
Background: Double ratchet algorithm
Double ratchet illustration. From Open Whisper Systems, by Perrin and Marlinspike , 2016. Retrieved from https://signal.org/docs/specifications/doubleratchet/Set3_2.png
8
![Page 9: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/9.jpg)
Blocking-Non blocking mechanism
Signal: Blocking Mechanism
● No message retransmission● Smaller User Base● Secure
WhatsApp: Non-blocking Mechanism
● Messages are retransmitted● Friendly user experience/ convenience● Security issues - Attack scenario
9
![Page 10: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/10.jpg)
Methods
Assumptions made:
● If Signal is implemented correctly, the protocol is secure● Signal Application implements their protocol correctly
WhatsApp is proprietary software
Android version was analyzed. Protocol implementation remains the same for IOS
Latest available version of WhatsApp(2.18.380) and Signal(4.32.8)
10
![Page 11: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/11.jpg)
Experiments
11
![Page 12: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/12.jpg)
12
Experiment: Traffic comparison
![Page 13: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/13.jpg)
13
Results: Traffic comparison
![Page 14: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/14.jpg)
Experiment: Packet decryption
14
![Page 15: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/15.jpg)
Results: Packet decryption
15
![Page 16: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/16.jpg)
Results: Packet decryption
16
![Page 17: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/17.jpg)
Results: Packet decryption
Unfortunately no packets captured from WhatsApp
Noise Pipes : Custom protocol instead of TLS
Burp Suite couldn’t recognise those packets
17
![Page 18: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/18.jpg)
Experiment: Basic blocking
18
![Page 19: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/19.jpg)
Experiment: Basic blocking
19
![Page 20: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/20.jpg)
Experiment: Basic blocking
20
![Page 21: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/21.jpg)
Experiment: Basic blocking
21
![Page 22: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/22.jpg)
Experiment: Basic blocking
22
![Page 23: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/23.jpg)
Experiment: Basic blocking
23
![Page 24: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/24.jpg)
Experiment: Basic blocking
24
![Page 25: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/25.jpg)
Results: Basic blocking
25
![Page 26: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/26.jpg)
Experiment:Sender offline blocking
26
![Page 27: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/27.jpg)
Experiment:Sender offline blocking
27
![Page 28: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/28.jpg)
Experiment:Sender offline blocking
28
![Page 29: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/29.jpg)
Experiment:Sender offline blocking
29
![Page 30: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/30.jpg)
Experiment:Sender offline blocking
30
![Page 31: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/31.jpg)
Results: Sender offline blocking
31
![Page 32: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/32.jpg)
Experiment:Sender offline blocking
32
![Page 33: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/33.jpg)
Experiment: Sender offline blocking
33
![Page 34: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/34.jpg)
Results: Sender offline blocking
34
![Page 35: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/35.jpg)
35
Experiment: Sender migration blocking
![Page 36: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/36.jpg)
Results: Sender migration blocking
36
![Page 37: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/37.jpg)
Discussion
● We expected the traffic of both applications to be more similar● Decryption could verify the correct use of the Signal protocol
37
![Page 38: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/38.jpg)
Future work
● Key extraction and message decryption (reverse engineering)● Phone call verification abuse● Metadata collection● WhatsApp, Instagram and Messenger integration
38
![Page 39: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/39.jpg)
Conclusion
● What are the algorithms used to create the Signal protocol?● What are the differences between Signal and WhatsApp network
traffic?● To what extent are WhatsApp messages encrypted to the Signal
protocol specifications?
Is user-to-user message exchange via WhatsApp end-to-end
encrypted? Probably yes
39
![Page 40: Are Our Messages Private? WhatsApp End-to-End …delaat/rp/2018-2019/p25/...WhatsApp End-to-End encryption implementation whitepaper [6] Formal proof of Signal protocol security [7]](https://reader034.vdocuments.site/reader034/viewer/2022050118/5f4e5de1e98f330cdc15a627/html5/thumbnails/40.jpg)
● [1] P. R ̈osler, C. Mainka, and J. Schwenk, “More is less: On the end-to-end security of group chats in signal, whatsapp, and threema,” 2018.
● [2] M. Marlinspike, “ There is no WhatsApp ’backdoor’),” 2017, last accessed 22 January 2019. [Online]. Available: https://signal.org/blog/there-is-no-whatsapp-backdoor/
● [3] M. Vigo, “Compromising online accounts by cracking voicemail systems),” 2018, last accessed 21 January 2019. [Online]. Available: https://www.martinvigo.com/voicemailcracker/
● [4] K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila, “A formal security analysis of the signal messaging protocol,” in Security and Privacy (EuroS&P), 2017 IEEE European Symposium on. IEEE, 2017, pp. 451–466.
● [5] WhatsApp, “Whatsapp encryption overview,” April 5, 2016, p. 12.
References
40