Analysing Real-world Protocols for Secure Group Messaging

分析安全群组消息传递的现实协议

• 批准号: 2442701
• 金额: --
• 依托单位: Royal Holloway University of London
• 依托单位国家: 英国
• 项目类别: Studentship
• 财政年份: 2020
• 资助国家: 英国
• 起止时间: 2020 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=studentship-2442701
• 关键词: Analysing; Real; world; Protocols; Secure

Secure group messaging protocols allow groups of people to communicate securely over an insecure link, using end-to-end encryption.Until recently, the design and analysis of secure messaging in the literature has focused on two-party messaging protocols. The past few years has seen a number of new secure group messaging protocols being introduced, many as input into the Messaging Layer Security standardisation process.However, applications such as Matrix [0], WhatsApp [1] and Signal [2] have provided end-to-end encryption in their group messaging products since as early as 2014. The design of these systems differ considerablyfrom those being introduced in current years. In this thesis we aim to answer the following questions: 1. What are the security goals that current secure group messaging applications aim for? How do these differ from designs in the literature? * We survey the documentation and specifications of real-world secure group messaging applications to determine the security guarantees that these applications aim for. * We identify a new security model, Device-Oriented Group Messaging, to capture both the intended functionality and security guarantees of such protocols. 2. Do real-world secure group messaging protocols achieve these security goals in practice? * Focusing our analysis on Matrix, we analyse both its specification and implementation to determine whether they achieve these guarantees. * We present practically-exploitable attacks against Matrix's design and implementation, suggesting improvements to the protocol and its implementation that would remediate these issues. * We present security proofs, within the Device-Oriented Group Messaging model, determining the precise security guarantees these protocols provide.Through this process we identify a number of gaps between the security of group messaging protocols as they are deployed in practice and constructions provided in the literature. We note a number of practicalconsiderations that have lead to real-world deployments with non-optimal security, and consider how such problems might be solved without sacrificing security.Our approach combines provable security, following the code-based game-playing approach described by Bellare and Rogaway in [3], with protocol descriptions based upon their implementations.(0) https://matrix.org/(1) https://www.whatsapp.com/(2) https://signal.org/(3) https://eprint.iacr.org/2004/331.pdf

安全组消息协议允许多组人使用端到端加密在不安全的链路上安全地通信。直到最近，文献中安全消息的设计和分析一直集中在两方消息协议上。在过去的几年里，已经引入了许多新的安全群组消息协议，其中许多都是消息层安全标准化过程的输入。然而，Matrix [0]，WhatsApp [1]和Signal [2]等应用程序早在2014年就在其群组消息产品中提供了端到端加密。这些系统的设计与近年来引进的系统截然不同。在本论文中，我们旨在回答以下问题：1。当前安全群组消息应用程序的安全目标是什么？这些与文献中的设计有何不同？* 我们调查的文件和规范的真实世界的安全组消息应用程序，以确定这些应用程序的目标的安全保证。* 我们确定了一个新的安全模型，面向设备的组消息传递，以捕获这些协议的预期功能和安全保证。2.真实世界的安全组消息传递协议在实践中实现了这些安全目标吗？* 将我们的分析集中在矩阵上，我们分析了它的规范和实现，以确定它们是否实现了这些保证。* 我们提出了实际利用矩阵的设计和实施的攻击，建议改进的协议及其实施，将弥补这些问题。* 我们提出的安全性证明，在面向设备的组消息模型，确定这些协议提供的精确的安全性保证，通过这个过程中，我们确定了一些差距，因为它们在实践中部署的组消息协议和结构中提供的文献。我们注意到一些实际的考虑，导致现实世界的部署与非最佳的安全性，并考虑如何解决这些问题，而不牺牲safety.我们的方法相结合的可证明的安全性，以下Bellare和Rogaway在[3]中描述的基于代码的游戏方法，与协议描述的基础上，他们的实现。(0)https：//matrix.org/（1）https：//www.whattery.com/（2）https：//signal.org/（3）https://eprint.iacr.org/2004/331.pdf