The Effect of Using Weak Random Source on the State Synchronization of the Signal Protocol
DOI:
https://doi.org/10.54654/isj.v1i21.1026Keywords:
signal protocol, DR Algorithm, message key, chain key, DHRatchet public keyTóm tắt
Abstract— Signal is an end-to-end security protocol used in instant messaging applications such as Facebook Messenger, Whatsapp, Zalo, etc. One of the outstanding features of the Signal protocol is its support for establishing end-to-end secure channels and conducting communications asynchronously, i.e., the sender can send messages securely even if the receiver is offline. This property is provided by maintaining synchronized states on each side. In our article, we will analyze the risk of desynchronizing states between parties in the Signal protocol if at least one of those parties in this protocol uses a weak random source.
Downloads
References
Khánh, T. V., & Vinh, N. T. (2020). Giải pháp bảo mật đầu cuối cho điện thoại di động. Journal of Science and Technology on Information Security, 9(01), 37-48. https://doi.org/10.54654/isj.v9i01.41.
Vinh, C. T., & Huong, P. V. (2023). Constructing a Model Combining Zalo and End-to-End Encryption for Application in Digital Transformation. Journal of Science and Technology on Information Security, 3(20), 95-108. https://doi.org/10.54654/isj.v3i20.1012
Nikita Borisov, Ian Goldberg, and Eric Brewer. “Off-the-record Communication, or, Why Not to Use PGP”. In: WPES. Washington DC, USA: ACM, 2004, pp. 77–84.
Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk. “Secure Off-the-record Messaging”. In: WPES. Alexandria, VA, USA: ACM, 2005, pp. 81–89.
"WhatsApp's Signal Protocol integration is now complete". Signal. Signal Blog. 2016. Archived from the original on 29 January 2021. Retrieved 5 April 2016.
Bohn, Dieter (19 November 2020). "Google is rolling out end-to-end encryption for RCS in Android Messages beta". The Verge. Vox Media, Inc. Retrieved 28 November 2020.
D. Konigsberg. “libsignal-protocol-c”, 2020.https://github.com/signalapp/libsignal
-protocol-c.
T. Perrin and M. Marlinspike, “The X3DH Key Agreement Protocol,” 2016.
https://whispersystems.org/docs/specifications/x3dh/
M. Marlinspike and T. Perrin. The double ratchet algorithm, 2016. https:// whispersystems.org/docs/specifications/doubleratchet/doubleratchet.pdf.
Marlinspike, M., & Perrin, T. (2017). The sesame algorithm: session management for asynchronous message encryption. Revision, 2, 2017.
Joseph Jaeger and Igors Stepanovs. Optimal channel security against fine-grained state compromise: The safety of messaging. In CRYPTO 2018, Part I, pages 33-62, 2018.
Bertram Poettering and Paul Ro ̈sler. Asynchronous ratcheted key exchange. Cryptology ePrint Archive, Report 2018/296, 2018. https://eprint.iacr.org/2018/296.
Alwen, J., Coretti, S., & Dodis, Y. (2019, April). The double ratchet: security notions, proofs, and modularization for the signal protocol. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 129-158). Cham: Springer International Publishing.
Krawczyk, H., & Eronen, P. (2014). Hmac-based extract-and-expand key derivation function (hkdf)(May 2010). URL: http://tools. ietf. org/html/rfc5869, accessed, 11-29.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).