The Effect of Using Weak Random Source on the State Synchronization of the Signal Protocol

Authors

  • Trieu Quang Phong
  • Pham Duc Hung
  • Ngo Phuong Tuan

DOI:

https://doi.org/10.54654/isj.v1i21.1026

Keywords:

signal protocol, DR Algorithm, message key, chain key, DHRatchet public key

Tóm tắt

Abstract— Signal is an end-to-end security protocol used in instant messaging applications such as Facebook Messenger, Whatsapp, Zalo, etc. One of the outstanding features of the Signal protocol is its support for establishing end-to-end secure channels and conducting communications asynchronously, i.e., the sender can send messages securely even if the receiver is offline. This property is provided by maintaining synchronized states on each side. In our article, we will analyze the risk of desynchronizing states between parties in the Signal protocol if at least one of those parties in this protocol uses a weak random source.

Downloads

Download data is not yet available.

References

Khánh, T. V., & Vinh, N. T. (2020). Giải pháp bảo mật đầu cuối cho điện thoại di động. Journal of Science and Technology on Information Security, 9(01), 37-48. https://doi.org/10.54654/isj.v9i01.41.

Vinh, C. T., & Huong, P. V. (2023). Constructing a Model Combining Zalo and End-to-End Encryption for Application in Digital Transformation. Journal of Science and Technology on Information Security, 3(20), 95-108. https://doi.org/10.54654/isj.v3i20.1012

Nikita Borisov, Ian Goldberg, and Eric Brewer. “Off-the-record Communication, or, Why Not to Use PGP”. In: WPES. Washington DC, USA: ACM, 2004, pp. 77–84.

Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk. “Secure Off-the-record Messaging”. In: WPES. Alexandria, VA, USA: ACM, 2005, pp. 81–89.

"WhatsApp's Signal Protocol integration is now complete". Signal. Signal Blog. 2016. Archived from the original on 29 January 2021. Retrieved 5 April 2016.

Bohn, Dieter (19 November 2020). "Google is rolling out end-to-end encryption for RCS in Android Messages beta". The Verge. Vox Media, Inc. Retrieved 28 November 2020.

D. Konigsberg. “libsignal-protocol-c”, 2020.https://github.com/signalapp/libsignal

-protocol-c.

T. Perrin and M. Marlinspike, “The X3DH Key Agreement Protocol,” 2016.

https://whispersystems.org/docs/specifications/x3dh/

M. Marlinspike and T. Perrin. The double ratchet algorithm, 2016. https:// whispersystems.org/docs/specifications/doubleratchet/doubleratchet.pdf.

Marlinspike, M., & Perrin, T. (2017). The sesame algorithm: session management for asynchronous message encryption. Revision, 2, 2017.

Joseph Jaeger and Igors Stepanovs. Optimal channel security against fine-grained state compromise: The safety of messaging. In CRYPTO 2018, Part I, pages 33-62, 2018.

Bertram Poettering and Paul Ro ̈sler. Asynchronous ratcheted key exchange. Cryptology ePrint Archive, Report 2018/296, 2018. https://eprint.iacr.org/2018/296.

Alwen, J., Coretti, S., & Dodis, Y. (2019, April). The double ratchet: security notions, proofs, and modularization for the signal protocol. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 129-158). Cham: Springer International Publishing.

Krawczyk, H., & Eronen, P. (2014). Hmac-based extract-and-expand key derivation function (hkdf)(May 2010). URL: http://tools. ietf. org/html/rfc5869, accessed, 11-29.

Downloads

Abstract views: 111 / PDF downloads: 19

Published

2024-06-27

How to Cite

Phong, T. Q., Hùng, P. Đức, & Tuấn, N. P. (2024). The Effect of Using Weak Random Source on the State Synchronization of the Signal Protocol . Journal of Science and Technology on Information Security, 1(21), 40-47. https://doi.org/10.54654/isj.v1i21.1026

Issue

Section

Papers