Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook's acquisition of the hugely popular mobile messaging app WhatsApp, alternatives claiming to provide secure communication experienced a significant increase of new users.
A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TextSecure. Besides numerous direct installations, its protocol is part of Android's most popular aftermarket firmware CyanogenMod. TextSecure's successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TextSecure's complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TextSecure.
Furthermore, we formally prove that - if key registration is assumed to be secure - TextSecure's push messaging can indeed achieve most of the claimed security goals.Category / Keywords: cryptographic protocols / protocol analysis, public-key cryptography, applications, instant messaging, confidentiality, authenticity, Original Publication (with minor differences): 1st IEEE European Symposium on Security and Privacy Date: received 31 Oct 2014, last revised 5 Apr 2016 Contact author: tilman frosch at rub de Available format(s): PDF | BibTeX Citation Note: Extended, revised version including full protocol overview. Version: 20160405:210121 (All versions of this report) Short URL: ia.cr/2014/904 Discussion forum: Show discussion | Start new discussion