Articles

Instant Messaging and the Signal Protocol – Computerphile

September 6, 2019


A lot of people are communicating over the internet on their phone now not just SMS, you know
Messages like signal whatsapp Facebook Messenger, they all have some kind of end-to-end encryption these days
so this is not the same as when you go online to let’s say an online shop and
You immediately have a conversation and set up an encrypted connection. This is much slower than that and much more asynchronous
So there’s a lot of difficulties when using instant messaging or you know
Application based messaging because we don’t know really what’s going on between between the two parties
So I send you a message theoretically some trustworthy server takes that message or forwards its on onto your your phone, right?
Theoretically right how much do we trust the server? I suppose it depends on the app
but
But in any case maybe we want to try and use a protocol that means even if we don’t trust a server
There’s not a lot the server can do right and that’s what the signal protocol uses and by association
What’s app, facebook instant messenger and things like this?
I’ll put my phone down and we’ll talk about Allison Bob again because we always talk about Allison Bob, right?
So they want to have a conversation via a server
Between themselves, right? Now the problem is that maybe Bob installed the application?
so he installed signal or whatsapp or something like this six months ago and
He’s just waiting patiently for some friend to turn up and install the app as well, right?
I get lots of invites to install various different chat apps
Most of them I turned down because I don’t want that many icons on my phone
So what will happen is Bob will start by installing the app and completely aside from whoever he wants to talk to later
He’s going to send a few things to the server. He’s going to send a public key. That’s his identity
So that’s his identity public key for Bob
This is going to be a public key on an elliptic curve
Like lots of the ones we’ve talked about and it’ll have a private component or a private key associated with it
That will be kept to himself
He’s also going to sign a public key to
Verify that he’s in control of his private key
That’s kind of standard in cryptography and then he’s going to produce a list of one-time pre keys
remember that what he wants to do is have key exchange conversations between
Alice or Charlie or anyone else that comes along and he wants to do that not knowing when they’re going to come along
So he’s gonna send his parts of her messages ahead of time to the server
So he’s going to have you know, one use public key here and another one
another one
And he’s gonna numbered Eve or something like this. So this is one two, three and number four
So these are all public keys of which he has the private keys stashed on his phone ,right? On his application
Now the server is going to do this for anyone that installs the application, right? This will happen between your your
Your signal app and their service or your whatsapp and their servers and so on
What will happen next is some time down the line
Hopefully Bob’s made some friends and they’ve agreed to talk to him on their phones
So Alice comes along and she wants to set up a communication with Bob now the exact same problems that Bob faced she faces
Right. The first one is the Bob might have his phone switched off so she can’t start up a conversation
Right, and she also doesn’t know where Bob is
So the server does have a server based on Bob mobile phone number or IP address or something?
We’ll know how to get in contact with him
So she goes to the server and says I’d like to talk to Bob, but can I have a pre key bundle?
And this is a set of parameters from Bob or she can use to form a communication
So the server is going to send to Alice Bob’s identity key
Bob’s signed pre-key and one
Either at random or sequentially of these let’s say number three of these one use keys is is going to be sent three
different public keys from Bob, right? Alice is going to generate an identity key of her own for Alice and
she’s going to generate an ephemeral key, which is like a one use session key
Which is very common in diffie hellman for herself there. All right, what do all B’s going to do?
Well, let’s let’s get rid of this paper or just move for sort of flopping around
So we’ve got a I seem to change pens, but it’s not worry about that
I’ve got Bob’s identity key that should identify him
Like if we know that Bob has the private key and we know that’s Bob the fact that this key has been used means it
Must be Bob on the other end of a line
All right. That’s a really good thing to know his sign pre key for Bob
This stops the server messing about of his pre keys because he signed it and a server can’t do that and a one use
Public key for Bob and what that’s going to do is make sure that no one can replay attack Bob by sending this whole conversation again later
Bob is gonna delete this when he’s seen it for the first time
So when you fetch a pre-key bundle and you use it to talk to someone on one of these apps
They will delete that pre-key so that they can never use it again, and we’ve got Alice
We’ve got the identity key from Alice and her a femoral key now. I’m going to use a different pen
We’ve got five different public keys here
right, and we’re going to perform four Diffie-Hellman, right, which is again a little bit hairy, but you know
Bear with me to remind you
we did a video on Diffie-Hellman which you might like to watch but
What difficult as you both send public key to each other you exchange them you use your secrets to calculate a shared secret
So any of these two?
Public keys can be combined to create a shared secret, right?
But if you only use two of them, you’re not getting the whole picture and you’re not, you know, for example
If you only use Bob’s identity key and Alice is a ephemeral key
You aren’t guaranteeing the identity of Alice by verifying this particular identity key here. Every public version has a private one
So there’s going to be a little little private identity key for Alice
Little private ephemeral key for Alice and there you get used within the mathematic and the same on the other side
So there’s a little one for Bob. So this is identity key
for Bob
I’ve gone out too many and this one is that it’s let’s say number. This was number three, wasn’t it?
So so let’s put in number three here. Bob’s got a whole list of these right?
So he’s got a whole list of these one two, three
And this is the one he’s going to use. Alice is gonna perform Diffie-Hellman exchange four times, right?
So he’s gonna do this one here. She’s going to do this one here. She’s going to do this one here
That’s number three and she’s going to do this one here number four, right?
So she’s bringing all the keys into play then she’s going to produce one master key
Shall we say with all of these pre master secrets? So she’s going to take one and she’s going to append it to two
She’s gonna append it to three append it to four. She’s gonna put that through something called a key derivation function
Which for the sake of simplicity we’ll just say the very similar to a hash function and that’s going to produce her master secret
She can then use that to encrypt things and
theoretically when she sends a message to Bob, Bob would be able to do the same thing and no one else will
Right, so she’ll send a message including something encrypted
Her identity key and her ephemeral key
Bob will do the exact same procedure
And then he will be able to send her a message back the way that the signal protocol works with
With Alice and Bob and the server in between is called triple. Diffie-hellman
Why are we doing all these Diffie-Hellman, right?
In previous video, we just had a public key for Alice and a public key for Bob
We seem to be wasting a lot of time
Well, each of these different Diffie-Hellman exchanges gives us something different
But the really important ones I want to talk about are the ones involving these identity keys here the identity keys prove who you are
But of course if I’m Alice and you’re Bob and I send you an identity key for myself
It doesn’t prove who I am at all. I’ve just it’s just a number. It doesn’t say anything, right?
So, how do I actually how do you actually know that the message came from me?
Right and the answer is actually what you need to do is look at this number off line
Out-of-band you need to go outside of the normal line of communication over the Internet and face-to-face
Look at this number and if you see that, it’s right, then, you know, they must have been me having this conversation
Okay, so I can send you a message using signal right? You’ve installed signal your Bob. I’m Alice in this case, right?
So you’ve already sent your pre keys to the server. Just waiting to go
I
My met my phone will send a message a server and say can I get a pre key bundle and then we’ll perform an exchange
Right something like that. So I’m gonna send you a message. It’s not going to be interesting. Hello
All right, so I send you a message
Hopefully it pops up on your phone. It does. There we go. I mean this is good evidence, but it was me
I literally sent a message and it appeared on your phone, but that didn’t always happen in instant messaging so sometimes
I’m not around or you’re not around at a time
So how did you know when it pops up my name on here?
but it is me and the answer is you don’t write someone could have the server or someone else could have
Intercepted these messages and performed a man-in-the-middle attack, right the only way we can verify it
Is to check out each other’s public keys by our identity keys
so the way that signal does this is it takes the identity public key of alice and the identity public key of
Bob and it combines them using a hash function into a safety number right that safety number is essentially a summary of our two
Public identity keys, right if we have the same safety number, that means we’re having a conversation with the text
Same two identity keys, which means it must be a conversation just between us – that’s the idea. So, let’s have a look
I’m gonna go into my safety number and they’re the same and
In in signal actually, you can press this a verified button, which says we’ve looked at these out-of-band
This is called an out-of-band communication because we’re not using the normal encryption to verify our keys
So now actually when we send messages it will show as verified. So in whatsapp. It’s not called a safety number
It’s just called a security code, but you can see it’s absolutely the same now, of course what most people don’t do
It’s right. Most people say messages in assume
There isn’t a man in the middle and in all likelihood there probably isn’t but if you want to be really sure
Maybe have a look at your safety number
We’ve only covered half the story we talked about this pre key bundles and this this initial triple. Diffie-hellman
I mean, we all have phones we talk about batteries all the time. So
If you hypothetically picked four words that were in the top 500

You Might Also Like

No Comments

Leave a Reply