Insights For Success

Strategy, Innovation, Leadership and Security

Secure Messaging

Is WhatsApp security Good and trustworthy?

GeneralEdward Kiledjian

Quietly and with little fanfare, Whatsapp released an update to all of its products enabling end-to-end encryption for its 1B+ end users. Funny enough, most users aren't aware that their Instant Messaging tool of choice is now powered by the worlds most secure end-to-end encryption protocol : Signal. 

Can I consider WhatsApp secure?

A couple of weeks ago, OpenWhisper systems announced that its Signal secure protocol has been imbedded into Facebook's WhatsApp instant messaging application. The question I receive daily is "should I consider my Whatsapp communications protected now?"

Before signal there was OTR

Before using the Signal protocol, it looks like the WhatsApp team evaluated the OTR (off the record protocol). OTR provides encrypted point to Point communication but it requires a real time collaboration of the users (aka both have to be online to secure the transmission) which isn't practical for WhatsApp. So they went fishing for something else and stumbled upon Signal.

The Signal difference

Signal actually created an encryption model using the text messaging approach, where messaging is encrypted but it is asynchronous (both parties don't need to be online simultaneously for it to work).

Although text messaging is simple, the complexity of the encryption is model is high.

The protocol was called axolotl. The salamander it is named for has self healing capabilities and the axolotl protocol also has self healing properties.

To simplify it for mass consumption, the procotol was renamed the Signal protocol and now has open source libraries. Cryptogrsphers have been able to build fully function encryption programs comptible with the consummer Signal apps.

Now powering Whatsapp

The integration is now complete in the latest version of Whatsapp on all platforms.

Users running these versions now get full end to end encryption for every message they send and every Whatsapp call they make. All the benefits of the signal protocol are now built in.

We have confidentiality which means the communication is encrypted.

We have integrity which means message alterations will be detected and fail the verification transaction.

Authentication is possible (which is good) but you need to take extra steps to do so. Keep reading.

Participant consistency is also important but defaults to off (has to be enabled manually).

They also claim to have destination validation, which requires the above 2 to work, so technically it is available and built in.

They have forward secrecy which means a future compromise of a private key will not allow the decryption of past messages.

They have backward secrecy, which means a past compromise of a private key will not compromise future protected communications. Keys are constantly being changed and re-negotiated.

They have message unlinkability, which means messages are independent, asynchronous, can arrive independently or be missing, without affecting the fucntioning or efficiency of the entire system.

Message repudiation is also there, which means the sender can deny sending a message. This works because the receiver can forge a message that looks like it came from the other party. Which means none of the participants can claim (to a 3rd party) that a message originated from the other party with verifiability. All that can be claimed is that the sender or the recipient sent the messages. To most this seems bad but in the world of security, this is a good think.

Simple but complex

We all know Whatsapp is a simple to use product but the actual encryption is very complicated and therefore beyond the scope of this post.

As an example, they create static Diffie Hellman encryption keys. Then they create a set of ephemeral keys. Then they use a triple Diffie Hellman protocol to exchange their ephemeral keys and they use a Diffie Hellman key agreement 3 times to take their private key and the other person's ephemeral public key and create a key agreement.

The other user takes his private key and the other persons Diffie Hellman public key to create a second agreement. Then they take the ephemeral keys and use that with Diffie Hellman to get a third set of keys and they concatenate all of these together to create a master session key.

The ratchet

In an interactive protocol a ratchet is where you evolve a key that you agree upon as you send messages back and forth. You ratchet the key forward.

The problem is that this requires real time communications. The innovation here is that they developed an offline ratchet using a hash. Each time both parties are online at the same time, an online ratchet is performed and resynchronize the offline ratchet hash.

First sessions establishment

In real time communications you can create a shared key in realtime. But how do you do this is an asynchronous model with someone you have never messaged before?

To solve for this issue, when you register your Whatsapp client with the server, your client pre seeds the server with 100 ephemeral public keys and assigns an ID to each. This means someone wanting to send you a message for a new communication stream, picks up one of those keys in order to bootstrap a secure message.

They use this public key and place it back on the server until you are online. When you come online, that blob is sent back to you. Your client will never allow the re-use of that public key (by removing it from the pending ephemeral key list). This one time use prevents certain types of attacks.

Perfect encryption

Knowing that Moxie (from OpenWhisper systems) worked on it and reading all the documentation, it looks like they implemented a perfectly designed asynchronous encrypted messaging system.

The one caveat & other thing

The one major exception is that you cannot be sure who you are talking to (authentication).

Threema, my favourite truly perfect encrypted and private messaging system, solves this by only guaranteeing authentication when you physically scan the QR code of the other participant's public key.

To solve this, Whatsapp provide a (per communication thread) QR code or 60 decimal digit user verification code. This code contains both parties encryption keys.

So the problem is you need to perform this verification at least once per conversation thread. This guarantees there is no middleman. Where you can't visually exchange codes, you can read the 60 digit code to each other. If the codes are different, it means there is a man in the middle.

For some reason if the codes change, you are not automatically notified. But under account security, you can enable this notification.

Go to Settings, then Account, then Security, and ensble the switch

Everyone needs to turn this on (participant consistency). The only time a code should should change during a conversation is if the other party installs the app on a new device (or a reset device), in which case you will already likely know and can disregard the alert.

I also want to remind readers that although the messages themselves are encrypted, there is still metadata. There is no technological way to communicate without leaving a trail of metadata today. Metadata is data about your data : such as who you communicate with, how often and how much data you exchange with each other.

Whatsapp is not open source

Many security researchers dislike closed source security applications because there is no way to independently validate the implantation (aka. Know for sure that no one has implemented a back-door or injected malicious code.)

Technology is only as good as its implementation and although the encryption math is perfect, applications rarely are. At some point we have to put our crazy hats down and trust that companies are tying to do the right thing for their users.

Conclusion

Facebook has done a very good job and with the flip of a switch, they have gifted 1B people with easy to use and powerful encryption. I still love Threema because it has better authentication but the truth is none of my contacts use it.

I am excited that more people will be brought into the wonderful world of encryption and have their discussions protected.

Using Non-US cloud providers doesn't protect data

technologyEdward Kiledjian
Image by Jaaron under Creative Commons License

Image by Jaaron under Creative Commons License

My day job is in security so I read every Snowden leak with great interest. It is fascinating to see how well funded intelligence agencies can collect the data they need. All these these leaks seem to have tickled a nerve with some non American corporate IT managers who are now demanding that their cloud providers store their data outside of the US. 

But does that really make a difference?

In my opinion, the answer is no and here's why. The US Patriot Act (link) which gives the US intelligence community its super powers, compels any US company to turn over requested data regardless of where it is stored (it is not limited to data stored in the United States). Companies that allow customers to choose where the data is stored are providing a false sense of security to customers.

So how should we do to protect our data?

If you are a non-US company that wants to leverage a cloud service provider but that still want to protect your data from the NSA then you have to use a non-american provider and ensure your data is stored outside of the US. 

But even this doesn't guarantee total privacy. Keep in mind that most countries have local intelligence organizations (CSE in Canada, GCHQ in the UK, etc) and the leaks show that many of these agencies eagerly collect data for each other and share that data with limited control.

For the time being, your super secret data should be encrypted by you before it is sent to the cloud using Trust No One encryption but then you lose most of the value of these cloud services. Ultimate security means broken functionality. Ultimate functionality means broken security. You'll have to try to find a balance somewhere in between. 

The most secure smartphone messaging app

technologyEdward Kiledjian
Threema1.png

During the NSA leaks earlier this year, we heard rumors that Apple's iMessage employs end-t-end encryption making covert interception difficult. Anytime you add a new device to your account, your iMessages are automatically downloaded which means Apple could (if compelled by a competent court) hand over an unencrypted list of your messages.

 

I know many of you have nothing to hide but privacy isn't just for the "bad guys". We should all try to be as private as possible and this instant messaging app helps with that. The app (IOS and Android versions are available) is called Threema (link) and its a great piece of code.

 

Threema provides end-to-end encryption and employs a varying trust model for each contact. A contact for whom a key has been retrieved from the server shows up as 2 yellow dots and a contact for whom the key was retrieved by scanning the users bar code from their device gets 3 green dots.

Installing the App

You download the app from the appropriate store (iTunes or Google Play) and install it. As soon as you start it up, you randomly drag your finger on the screen to help generate a random seed so the app can create your truly unique private / public keypair (don't worry, it is super simple even for non technical users).

If you allow it, Threema can scan your address book to find contacts that are already using the app (to be honest, I doubt you'll find too many unless you work with security conscious people).

For the most secure communication possible, scan the other person's public key when you physically see them.

Threema2.png

This is how the other party exposes their public key during a physical meetup.

Threema3.png

Above you see a Threema contact and because this one has a verification level with 3 green dots, we know the person's public key was physically scanned (meaning it is the highest level of trust for the key exchange).

Saving your private key

After everything is setup, you can export your private key via email for safekeeping so you can easily restore it if the app has to be re-installed. Because Threema uses true end to end encryption you control, they do not have your private key and cannot recover it.

Know the status of your message

Threema offers these message indicators

Threema5.png

Which means you will always know what happened with your message. Was it received? Was it read?

What can you send?

Threema is great because it allows you to send text messages, Emoji (handled by your OS), photos, videos and current location.

It handles everything you may want to send.

More technical stuff

Threema uses Elliptic Curve Cryptography (ECC) with the NaCl Cryptography Library. Which is fast and super secure. Threema uses asymmetric ECC based encryption with a strength of 255 bits (which would be the equivalent of a 2048 bit RSA key). Threema provides this additional clarification about the encryption:

"ECDH on Curve25519 is used in conjunction with a hash function and a random nonce to derive a unique 256 bit symmetric key for each message, and the stream cipher XSalsa20 is then used to encrypt the message. A 128 bit message authentication code (MAC) is also added to each message to detect manipulations/forgeries."

Threema actually has 2 layers of security protection:

  1. End to end encryption between the participants (participants hold the private keys)
  2. Protection for all communication between a client and the server

Threema has an encryption validation feature which allows anyone to verify the encryption quality . You can read up on how to log the encrypted stream and them validate it here (link). This is a good thing because it gives you piece of mind that they are doing what they say they are doing.

Verdict

I've spent the last 2 months looking at the various cross platform instant messaging apps trying to find one that was secure and easy. Threema is the only one that fit all my requirements. It does cost $1.99 but it is well worth the small investment.

Silent Circle enables secure VOIP calling from Android

InfoSecEdward Kiledjian

I wrote about Silent Circle in October and was excited to learn that they recently released an Android app and enabled Out of Circle calling. Silent Circle will enable secure voice, text, email and video chatting from any Silent Circle client to another (Android -> Android or Android -> iPhone).

The app can be downloaded from the Google Play Store. Using their service is simple and straightforward. You download the app, create an account and then pay the $20 monthly service fee. As soon as this is done, you will be able to call Silent Circle to Silent Circle securely regardless of where in the world you are (over WIFI, 3G or 4G).  

They also added an "Out-Circle Access" which will enable Silent Circle users to call regular phone lines. You link is encrypted from the device until the Silent Circle boundary (which is a nice feature for people working in some questionable countries). This feature costs an additional $29 a month but includes unlimited calling to Canada, US and Puerto Rico.

Here is the full Press Release

 

Silent Circle Releases Silent Phone For Android And Out-Circle Access (via PR Newswire)

Private encryption service developed by PGP inventor Phil Zimmermann protects voice and video calls on both Android and iOS devices across cellular and Wi-Fi networks Download image WASHINGTON, Jan. 16, 2013 /PRNewswire/ -- Silent Circle, a global private encrypted communications firm revolutionizing…

 

 

 

SilentCircle protects you from espionage or government monitoring

SecurityEdward Kiledjian

I not only work in Information Security, I love it. In the era of “everything digital”, nothing else is as important. Well imagine my excitement when I learned of a newly formed company, called SilentCircle, which was promising a very secure yet easy to use communication product.

The company

The company says that it was started by 2 former Nacy Seals and the world-renown creator of PGP, Phil Zimmermann. It wanted to create a military grade encryption product for securing phone calls (VOIP), text messages, emails and video. It’s goal was to create a secure product, with the ease of use of an iPhone app (all for $20 per subscriber per month).

Services include:

 

  • Encrypted voice
  • Encrypted text
  • Encrypted Video
  • Encrypted email
  • Ability to call anyone (non subscriber). Your session is encrypted until the SilentCircle servers

 

The need

Anyone with a public profile has a need for secure communication. Secure from whom? Secure from competitors, government agencies and foreign nations.

How

The design of the solution has been well thought out and all encryption is performed on the end device. Once a communication stream is completed, the keys used to encrypt that communication are securely deleted making future decoding more difficult. They store only minimal system logs (required to maintain the service) and these logs are stored in Canada and Switzerland (who have stricter privacy laws).

They offer a service called Burn Notice which automatically destroys the sent information (photo, message, email, etc) after a pre-determine timeframe.

Resistance

Current US wiretapping laws do not apply to VOIP but some officials are pushing to have these older laws amended to include VOIP. It is conceivable that future laws may make this type of service illegal or highly regulated but [for now] you can rest assured that your discussing with nana about her top secret apple pie recipe will stay confidential.

Verdict

Since I haven’t tested the service, I can’t vouch for how it will actually work but it looks great on paper. If you are concerned about eavesdropping or espionage, take a look at this new tool.