a look into the mobile messaging black box
play

A look into the Mobile Messaging Black Box Roland Schilling Frieder - PowerPoint PPT Presentation

Oct 10, 2023 •524 likes •1.45k views

A look into the Mobile Messaging Black Box Roland Schilling Frieder Steinmetz December 27, 2016 Hamburg University of Technology Security in Distributed Applications 33 rd Chaos Commmunication Congress #33c3 @NerdingByDoing @twillnix

  1. A look into the Mobile Messaging Black Box Roland Schilling Frieder Steinmetz December 27, 2016 Hamburg University of Technology Security in Distributed Applications 33 rd Chaos Commmunication Congress #33c3 @NerdingByDoing @twillnix

  2. Messaging – Identifying Our Expectations You’re at a party • Friend approaches you and needs to tell you something in private • What do you expect when you say private? • You enter a separate room, you trust the location • What does a separate room offer you? party

  3. A Private Room You are now alone in a closed room with your Friend • Both of you have absolute Confidentiality that you are alone • Nobody can overhear your talk • Your exchange is completely private We call this confidentiality

  4. You Know Each Other Since you’re long-time friends, you’re absolutely sure, whom you’re talking to • Nobody can impersonate your friend or you, without the other noticing • You’re talking directly, without a phone or webcam in between We call this authenticity

  5. In Sight of Each Other The room you’re in is small enough that you can always see each other • You know that the words you speak are received just as you spoke them • There is no way either of you hears something other than the other says We call this integrity

  6. It’s a One-Time Talk Suppose somebody steps into the room • They could overhear your conversation • They would only learn the contents of this particular conversation • They would not learn anything about past conversations you had might have We call this forward secrecy → After leaving they would not be able to listen to any future conversations you We call this future secrecy

  7. It’s a One-Time Talk Forward- and Future Secrecy secret conversation overheard conversation timeline Forward Secrecy Future Secrecy third person enters room third person leaves room

  8. It’s a One-Time Talk Between Only You Two There are no witnesses in the room • Either of you can later deny to other having made any statement • Neither of you can prove to other that any of you have made a particular statement We call this deniability

  9. Messaging – Reality Check

  10. Messaging – A More Technical Analogy We started with a conversation analogy to identify our expectations of messaging of view. = > → Actually postal services are better to look at messaging from a technical point From: Alice To: Bob

  11. Example: Traditional Messaging What if our party conversation had taken place via SMS? Your providers (and other people on the same network) • would know the contents of your exchange: no confidentiality • could change the contents of your exchange: no integrity • could reroute your messages and impersonate either of you: no authentication • do not guarantee any secrecy, so we have neither forward secrecy nor future secrecy → We could argue having deniability though. → Messaging translates badly to our offline communication expectation

  12. From Postcards to Letters

  13. From Postcards to Letters

  14. The Shortest Introduction to Encryption You Will Ever Get Symmetric Encryption: Asymmetric Encryption: Encryption and decryption with different keys → Encryption and decryption with the same key Key Crypto plain text ciphertext

  15. The Shortest Introduction to Encryption You Will Ever Get Symmetric Encryption: Asymmetric Encryption: Encryption and decryption with different keys → Encryption and decryption with the same key Key Key Crypto Crypto plain text ciphertext plain text

  16. The Shortest Introduction to Encryption You Will Ever Get Asymmetric Encryption: Symmetric Encryption: → Encryption and decryption with the same key Key Key Crypto Crypto plain text ciphertext plain text → Encryption and decryption with different keys Key Key Crypto Crypto plain text ciphertext plain text

  17. The Shortest Introduction to Encryption You Will Ever Get Symmetric Encryption: Asymmetric Encryption: → Encryption and decryption with the same key Key Key Crypto Crypto plain text ciphertext plain text → Encryption and decryption with different keys Key Key key pair Crypto Crypto plain text ciphertext plain text

  18. • Both parties publish their identities and public keys Public-Key Cryptography – In a Nutshell • Any message can be encrypted with anyone’s public key and only be decrypted with its corresponding secret key Secret Key Secret Key Identity Identity Secret Key Identity Public Key Public Key Public Key

  19. Public-Key Cryptography – In a Nutshell • Both parties publish their identities and public keys • Any message can be encrypted with anyone’s public key and only be decrypted with its corresponding secret key Secret Key Secret Key Identity Identity Secret Key Identity Public Key Public Key Public Key Key Key key pair Crypto Crypto plain text ciphertext plain text

  20. Public-Key Cryptography – In a Nutshell • Both parties publish their identities and public keys • Any message can be encrypted with anyone’s public key and only be decrypted with its corresponding secret key ? Public Key Bob Secret Key Bob Crypto Crypto Bob

  21. Key Establishment . Secret Key Secret Key Public Key Public Key Identity Identity Secret Key Public Key Identity Public Key Bob Public Key Alice Key Key Key Generator Generator

  22. Recap Symmetric Encryption is cheap, but a key has to keys based on asymmetric key pairs. Asymmetric Encryption gives us IDs but is very ex- tion starts. Key Establishment allows us to create symmetric But there’s more… pensive. Key Key key pair Crypto Crypto plain text ciphertext plain text Key Key be shared by all participants before communica- Crypto Crypto plain text ciphertext plain text Secret Key Secret Key Public Key Public Key Identity Identity Secret Key Public Key Identity Public Key Bob Public Key Alice Key Key Key Generator Generator

  23. Confidentiality Key Key Crypto Crypto plain text ciphertext plain text ?

  24. Deniability From: either of us To: both of us

  25. But What About Forward- and Future Secrecy? secret conversation overheard conversation timeline Forward Secrecy Future Secrecy third person enters room third person leaves room

  26. But What About Forward- and Future Secrecy? secret messages compromised messages timeline Forward Secrecy Future Secrecy key compromise key renegotiation

  27. But What About Forward- and Future Secrecy? Key Key Crypto Crypto Bob

  28. But What About Forward- and Future Secrecy? Key Key Crypto Crypto Bob Key

  29. Recap Our key establishment protocol gives us: • Confidentiality • Deniability • Authenticity We don’t have: • Forward Secrecy • Future Secrecy → We are ignoring Integrity here, but we have that, too.

  30. Key and ID Management Cryptography is rarely, if ever, the solution to a security problem. Cryptography is a translation mechanism, usually converting a communications security problem into a key management problem. —Dieter Gollmann

  31. Key and ID Management Messenger Server Public Key Bob Public Key Alice Alice? Bob? Public Key b o B y e Alice K c l i b u P Secret Key Public Key Identity Secret Key Public Key Identity

  32. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? Can identify a user. But is also considered personal information. • An email address? Same thing as with phone number. But a temporary email can be used. • Something else? Dedicated IDs offer anonymous usage, but ID ownership must be verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership

  33. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? Same thing as with phone number. But a temporary email can be used. • Something else? Dedicated IDs offer anonymous usage, but ID ownership must be verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership → Can identify a user. But is also considered personal information.

  34. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? • Something else? Dedicated IDs offer anonymous usage, but ID ownership must be verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership → Can identify a user. But is also considered personal information. → Same thing as with phone number. But a temporary email can be used.

  35. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? • Something else? verifyable. Dedicated IDs are preferrable. But only if we find a way to verify ID ownership → Can identify a user. But is also considered personal information. → Same thing as with phone number. But a temporary email can be used. → Dedicated IDs offer anonymous usage, but ID ownership must be

  36. Key and ID Management We can ask for IDs, but what is an ID? • A phone number? • An email address? • Something else? verifyable. → Can identify a user. But is also considered personal information. → Same thing as with phone number. But a temporary email can be used. → Dedicated IDs offer anonymous usage, but ID ownership must be → Dedicated IDs are preferrable. But only if we find a way to verify ID ownership

Recommend

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil Software Engineer at Red Hat Core developer on WildFly Application Server, lead for its messaging component Developed messaging brokers (HornetQ,

965 views • 82 slides
Mobile Health in Two Populations: Addressing Chronic Disease Management Through Text Messaging

Mobile Health in Two Populations: Addressing Chronic Disease Management Through Text Messaging

Mobile Health in Two Populations: Addressing Chronic Disease Management Through Text Messaging Keith McInnes, ScD, MS BUSPH HLPM & VA Center for Health Outcomes and Implementation Research (CHOIR) 1 Value of text messaging in

480 views • 33 slides
Mobile messaging service framework for location-based communities T-106.5820 Seminar on

Mobile messaging service framework for location-based communities T-106.5820 Seminar on

Mobile messaging service framework for location-based communities T-106.5820 Seminar on Distributed Systems, Autumn 2008 Harri Hlikk Synopsis of the study Goals are to describe the concept and basic characteristics of the service on

481 views • 7 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning & WAP primer Forging Messages Demo: Remote provisioning Provisioning: Process and Issues Attack scenario and exploiting Final

713 views • 59 slides
YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I here? Hundreds of product launches. Dozens of corporate launches. One top-funded Kickstarter campaign The Tool: The Message Map

655 views • 22 slides
Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple communication channels of phone messaging, web, and social network January 2016 www.zappix.com 1 Company Profile Zappixs Visual IVR Platform

543 views • 37 slides
CS 525M Mobile Computing Emmanuel Agu Database Management in Mobile Environments Last week,

CS 525M Mobile Computing Emmanuel Agu Database Management in Mobile Environments Last week,

CS 525M Mobile Computing Emmanuel Agu Database Management in Mobile Environments Last week, talked about applications: wireless web, messaging, MPEG, application-aware adaptation Today focus on data management issues First,

507 views • 7 slides
BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every

BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every

BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every day Why 13-34 year olds love messaging 1. Trust Young adults dont trust social networks 2. Intimacy They want to be able to share

465 views • 34 slides
Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Chair for Network Architectures and Services Technische Universit at M unchen Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures and Services Department of Informatics Technische Universit

519 views • 28 slides
PERSONALIZATION Customers expect personalized, tailored messaging no matter which channel or

PERSONALIZATION Customers expect personalized, tailored messaging no matter which channel or

THE STRUGGLE FOR SMART PERSONALIZATION Customers expect personalized, tailored messaging no matter which channel or device. SO WHY AREN'T MARKETERS DELIVERING? Take a look at why personalization is top priority in the mobile era, and why

411 views • 22 slides
SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel Solutions What are we covering off today? Who we are - communigator relationship Power of using SMS What does good look like? What is

342 views • 19 slides
STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS:

STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS:

STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS: Andy Raskin Andy Raskin Strategic Messaging & Positioning Strategic Messaging & Positioning http://andyraskin.com The great

690 views • 45 slides
MQTT IoT Messaging Protocol Francisco Quintero Lead Firmware Engineer - Internet of Things:

MQTT IoT Messaging Protocol Francisco Quintero Lead Firmware Engineer - Internet of Things:

MQTT IoT Messaging Protocol Francisco Quintero Lead Firmware Engineer - Internet of Things: The next frontier - Evolution of the net: Military and academic use (Mainframes, Minicomputers) General, personal use (Mobile, cloud)

691 views • 33 slides
in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Messaging is Popular 2 Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

585 views • 40 slides
BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha Introduction Messaging Matters OUTLINE Research Observations Recommendations Small Group Discussion Large Group Q&A Introduction Messaging

580 views • 25 slides
Todays topics Trevor Perrier, SMS Computing and Global Health Phone messaging Lecture

Todays topics Trevor Perrier, SMS Computing and Global Health Phone messaging Lecture

2/11/2015 Todays topics Trevor Perrier, SMS Computing and Global Health Phone messaging Lecture 6 Messaging technologies Patient Support Example Projects Messaging studies Winter 2015 Adherence Richard Anderson

765 views • 7 slides
MOBILE ADVERTISING Agenda Get off to a mobile start with Media Impact! Why mobile? MI

MOBILE ADVERTISING Agenda Get off to a mobile start with Media Impact! Why mobile? MI

MOBILE ADVERTISING Agenda Get off to a mobile start with Media Impact! Why mobile? MI Portfolio Mobile programmatic Mobile targeting Mobile formats Specials 2 Mobile Advertising @ MI WHY MOBILE? Traffic shift to the mobile web

862 views • 30 slides
Key Messaging Exploration Talking about trueU and communicating with trueU members Why was this

Key Messaging Exploration Talking about trueU and communicating with trueU members Why was this

Key Messaging Exploration Talking about trueU and communicating with trueU members Why was this document created? Establish messaging consistencynow and in the future Help trueU partners/vendors align with the brand Understand the

598 views • 43 slides
WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable

WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable

WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable Messaging Distributed Message Brokers WSO2 MB Architecture o Distributed Pub/sub architecture o Distributed Queues architecture User Story

1.12k views • 33 slides
Matteo Merli What is Apache Pulsar? Distributed pub/sub messaging Backed by a scalable log

Matteo Merli What is Apache Pulsar? Distributed pub/sub messaging Backed by a scalable log

Guaranteed e ff ectively-once messaging semantic Matteo Merli What is Apache Pulsar? Distributed pub/sub messaging Backed by a scalable log store Apache BookKeeper Streaming & Queuing Low latency Multi-tenant

531 views • 37 slides
Hybrid Messaging Solutions OpenStack Summit Boston 2017 About Us... Ken Giusti

Hybrid Messaging Solutions OpenStack Summit Boston 2017 About Us... Ken Giusti

Hybrid Messaging Solutions OpenStack Summit Boston 2017 About Us... Ken Giusti (kgiusti@gmail.com) irc: kgiusti Apache Qpid Project Oslo.Messaging Developer Software Engineer at Red Hat Mark Wagner (mwagner@redhat.com)

471 views • 34 slides
Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

577 views • 32 slides
Lecture 12.1 MPI Messaging and Deadlock EN 600.320/420 Instructor: Randal Burns 7 March 2018

Lecture 12.1 MPI Messaging and Deadlock EN 600.320/420 Instructor: Randal Burns 7 March 2018

Lecture 12.1 MPI Messaging and Deadlock EN 600.320/420 Instructor: Randal Burns 7 March 2018 Department of Computer Science, Johns Hopkins University Point-to-Point Messaging This is the fundamental operation in MPI Send a message from

726 views • 13 slides

More recommend