Analysing Real-world Protocols for Secure Group Messaging
Lead Research Organisation:
Royal Holloway University of London
Department Name: Information Security
Abstract
Secure group messaging protocols allow groups of people to communicate securely over an insecure link, using end-to-end encryption.
Until recently, the design and analysis of secure messaging in the literature has focused on two-party messaging protocols. The past few years has seen a number of new secure group messaging protocols being introduced, many as input into the Messaging Layer Security standardisation process.
However, applications such as Matrix [0], WhatsApp [1] and Signal [2] have provided end-to-end encryption in their group messaging products since as early as 2014. The design of these systems differ considerably
from those being introduced in current years. In this thesis we aim to answer the following questions:
1. What are the security goals that current secure group messaging applications aim for? How do these differ from designs in the literature?
* We survey the documentation and specifications of real-world secure group messaging applications to determine the security guarantees that these applications aim for.
* We identify a new security model, Device-Oriented Group Messaging, to capture both the intended functionality and security guarantees of such protocols.
2. Do real-world secure group messaging protocols achieve these security goals in practice?
* Focusing our analysis on Matrix, we analyse both its specification and implementation to determine whether they achieve these guarantees.
* We present practically-exploitable attacks against Matrix's design and implementation, suggesting improvements to the protocol and its implementation that would remediate these issues.
* We present security proofs, within the Device-Oriented Group Messaging model, determining the precise security guarantees these protocols provide.
Through this process we identify a number of gaps between the security of group messaging protocols as they are deployed in practice and constructions provided in the literature. We note a number of practical
considerations that have lead to real-world deployments with non-optimal security, and consider how such problems might be solved without sacrificing security.
Our approach combines provable security, following the code-based game-playing approach described by Bellare and Rogaway in [3], with protocol descriptions based upon their implementations.
(0) https://matrix.org/
(1) https://www.whatsapp.com/
(2) https://signal.org/
(3) https://eprint.iacr.org/2004/331.pdf
Until recently, the design and analysis of secure messaging in the literature has focused on two-party messaging protocols. The past few years has seen a number of new secure group messaging protocols being introduced, many as input into the Messaging Layer Security standardisation process.
However, applications such as Matrix [0], WhatsApp [1] and Signal [2] have provided end-to-end encryption in their group messaging products since as early as 2014. The design of these systems differ considerably
from those being introduced in current years. In this thesis we aim to answer the following questions:
1. What are the security goals that current secure group messaging applications aim for? How do these differ from designs in the literature?
* We survey the documentation and specifications of real-world secure group messaging applications to determine the security guarantees that these applications aim for.
* We identify a new security model, Device-Oriented Group Messaging, to capture both the intended functionality and security guarantees of such protocols.
2. Do real-world secure group messaging protocols achieve these security goals in practice?
* Focusing our analysis on Matrix, we analyse both its specification and implementation to determine whether they achieve these guarantees.
* We present practically-exploitable attacks against Matrix's design and implementation, suggesting improvements to the protocol and its implementation that would remediate these issues.
* We present security proofs, within the Device-Oriented Group Messaging model, determining the precise security guarantees these protocols provide.
Through this process we identify a number of gaps between the security of group messaging protocols as they are deployed in practice and constructions provided in the literature. We note a number of practical
considerations that have lead to real-world deployments with non-optimal security, and consider how such problems might be solved without sacrificing security.
Our approach combines provable security, following the code-based game-playing approach described by Bellare and Rogaway in [3], with protocol descriptions based upon their implementations.
(0) https://matrix.org/
(1) https://www.whatsapp.com/
(2) https://signal.org/
(3) https://eprint.iacr.org/2004/331.pdf
Planned Impact
People. The most obvious impact of RHUL's cyber security CDT will be its production of 50 PhD-level graduates during its lifetime. CDT graduates will be "industry-ready": through industry placements, they will have exposure to real-world cyber security problems and working environments; because of the breadth of our training programme, they will gain exposure to cyber security in all its forms; through involvement of our external partners at all stages of the CDT, the students will be exposed to the language and culture of industry, government and other sectors. At the same time, they will benefit from generic skills training, equipping them with a broad set of skills that will be of use in their subsequent workplaces. They will also engage in PhD-level research projects that will lead to them developing deep topic-specific knowledge as well as general analytical skills. There is a growing demand for graduates with these skill-sets. While RHUL already has demonstrably close relationships with key external players, our CDT represents an opportunity for us to enhance our existing links and develop new ones. Moreover, our own research will be strengthened by working with the best external researchers.
Economy. The nature of our cyber security research and the planned industrial involvement in influencing the selection of research topics means that there will be significant commercialisation opportunities arising from the research produced by this CDT. RHUL cyber security researchers have more than 80 years of experience working in industry, either in research, development or customer-facing environments, and are named inventors on more than 30 patents. We are closely supported by the Royal Holloway Enterprise Centre, who have expertise in business development, securing venture capital funding, and IPR protection. RHUL's Institute for Cyber Security Innovation provides business research and training support. We also have an on-campus incubation centre which has hosted a number of spin-out companies. We are thus thoroughly prepared to identify and exploit commercialisation opportunities arising from the CDT.
Knowledge. The CDT will make substantial and original contributions to knowledge in cyber security. Following institutional policy, all research is made available to the public for free in some form, either through open access publishing,the institution's research repository or via subject-specific on-line archives. The research will also published in conference venues which, by their nature, are regularly attended by large numbers of delegates from outside of academia. Other impact routes for our knowledge include Industry Fora (RHUL is an active academic member of the I4 and ISF organisations, which are influential industry fora), Business Events (RHUL researchers regularly speak at events such as InfoSec London, RSA Conference), Standards Bodies (several staff are active in international standards bodies), Consulting (staff have consulted for more than 100 organisations in the last 30 years), Industry-focused Events (RHUL hosts several external facing events each year, including the annual CDT Showcase, HP Colloquium, and ISG Open Day).
Society. One of the longer-term impacts of our research is to provide mechanisms that help to enhance confidence and trust in the on-line society for ordinary citizens, leading in turn to quality of life enhancement. Our work on the socio-technical dimensions of security and privacy gives us a means to influence government policy to the betterment of society at large. We work closely with government departments such as the Cabinet Office to provide advice on privacy, security and design issues. We also communicate research findings through more widely accessible media, press engagement, speaking at public events, and working with schools (CDT students will take part in the annual Smallpeice Trust Cyber Security residential for Year 9 students).
Economy. The nature of our cyber security research and the planned industrial involvement in influencing the selection of research topics means that there will be significant commercialisation opportunities arising from the research produced by this CDT. RHUL cyber security researchers have more than 80 years of experience working in industry, either in research, development or customer-facing environments, and are named inventors on more than 30 patents. We are closely supported by the Royal Holloway Enterprise Centre, who have expertise in business development, securing venture capital funding, and IPR protection. RHUL's Institute for Cyber Security Innovation provides business research and training support. We also have an on-campus incubation centre which has hosted a number of spin-out companies. We are thus thoroughly prepared to identify and exploit commercialisation opportunities arising from the CDT.
Knowledge. The CDT will make substantial and original contributions to knowledge in cyber security. Following institutional policy, all research is made available to the public for free in some form, either through open access publishing,the institution's research repository or via subject-specific on-line archives. The research will also published in conference venues which, by their nature, are regularly attended by large numbers of delegates from outside of academia. Other impact routes for our knowledge include Industry Fora (RHUL is an active academic member of the I4 and ISF organisations, which are influential industry fora), Business Events (RHUL researchers regularly speak at events such as InfoSec London, RSA Conference), Standards Bodies (several staff are active in international standards bodies), Consulting (staff have consulted for more than 100 organisations in the last 30 years), Industry-focused Events (RHUL hosts several external facing events each year, including the annual CDT Showcase, HP Colloquium, and ISG Open Day).
Society. One of the longer-term impacts of our research is to provide mechanisms that help to enhance confidence and trust in the on-line society for ordinary citizens, leading in turn to quality of life enhancement. Our work on the socio-technical dimensions of security and privacy gives us a means to influence government policy to the betterment of society at large. We work closely with government departments such as the Cabinet Office to provide advice on privacy, security and design issues. We also communicate research findings through more widely accessible media, press engagement, speaking at public events, and working with schools (CDT students will take part in the annual Smallpeice Trust Cyber Security residential for Year 9 students).
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S021817/1 | 01/10/2019 | 31/03/2028 | |||
| 2442701 | Studentship | EP/S021817/1 | 01/10/2020 | 30/09/2024 | Daniel Jones |