Paper 2017/713
More is Less: How Group Chats Weaken the Security of Instant Messengers Signal, WhatsApp, and Threema
Paul Rösler and Christian Mainka and Jörg Schwenk
Abstract
Secure Instant Messaging (SIM) is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of SIM group communication. In this paper, we investigate group communication security mechanisms of three main SIM applications: Signal, WhatsApp, and Threema. We first provide a comprehensive and realistic attacker model for analyzing group SIM protocols regarding security and reliability. We then describe and analyze the group protocols used in Signal, WhatsApp, and Threema. By applying our model, we reveal multiple weaknesses, and propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- End-to-End EncryptionGroup CommunicationBroadcastFuture SecrecySignalWhatsAppThreema
- Contact author(s)
- paul roesler @ rub de
- History
- 2018-02-19: last of 3 revisions
- 2017-07-27: received
- See all versions
- Short URL
- https://ia.cr/2017/713
- License
-
CC BY