A messaging app that has attracted a lot of attention lately is TextSecure, an app that claims to provide secure instant messaging and has a large number of installations via Google's Play Store. It's protocol is part of Android's most popular aftermarket firmware CyanogenMod. In this paper, we present the first complete description of TextSecure's complex cryptographic protocol and are the first to provide a thorough security analysis of TextSecure. Among other findings, we present an Unknown Key-Share Attack on the protocol, along with a mitigation strategy, which has been acknowledged by TextSecure's developers. Furthermore, we formally prove that---if our mitigation is applied---TextSecure's push messaging can indeed achieve the goals of authenticity and confidentiality.
Category / Keywords: cryptographic protocols / protocol analysis, public-key cryptography, applications, instant messaging, confidentiality, authenticity, Date: received 31 Oct 2014, last revised 5 Nov 2014 Contact author: tilman frosch at hgi rub de Available format(s): PDF | BibTeX Citation Version: 20141105:123328 (All versions of this report) Short URL: ia.cr/2014/904 Discussion forum: Show discussion | Start new discussion