Paper 2018/424

On The Use of Remote Attestation to Break and Repair Deniability

Lachlan J. Gunn and Ricardo Vieitez Parra and N. Asokan

Abstract

Deniable messaging protocols allow two parties to have `off-the-record' conversations without leaving any record that can convince external verifiers about what either of them said during the conversation. Recent events like WikiLeaks email dumps underscore the importance of deniable messaging to whistleblowers, politicians, dissidents and many others. Consequently, messaging protocols like Signal and OTR are expressly designed to provide deniability. Many commodity devices today support hardware-assisted remote attestation which can be used to convince a remote verifier of some property locally observed on the device. We show how an adversary can use remote attestation to undetectably break deniability in any deniable protocol (including messaging protocols) that provide an authenticated channel. We prove that our attack allows an adversary to convince skeptical verifiers and describe a concrete implementation of the attack against the Signal messaging protocol. We then show how attestation itself can be used to restore deniability by thwarting a realistic class of adversaries from mounting such attacks. Hardware-based attestation changes the adversary model for deniable protocols, and its availability has now made it entirely practical for well-resourced attackers to break deniability, completely unbeknownst to the victim.