Messaging Service Security

Shiting Pan Sicheng Peng

Motivation

Are You Concerned That The People You Talk With Is Not The One You Want To

Are You Afraid Of Your Sensitive Information Being Leaked Out

Are You Worried About Some Organizations Spying On You All The Time

Content

1 • SMS

2 • WhatsApp

3 • iMessage

Evaluation Criteria • Supported input types • Supported message and file sizes • Support for broadcasting messages to multiple users

• Ease of use

• Implementation of secure communication protocol

• Methods for generation, exchange and storage of encryption keys

Messaging Service Comparison

Criteria SMS WhatsApp iMessage Supported input Texts Texts, images,

voice, video Texts, documents,

images, videos Support

broadcasting Yes Yes Yes

File sizes Up to 160 letters Unlimited Unlimited Cost Pay per message $0.99 annual fee Free

Ease of use All plat-forms Symbian, Android, iOS,

windows, BlackBerry

iOS5 or later

How SMS works? •  In GSM Network:

•  GSM Network: ü Standards governed by the European Telecommunication Standards Institute(ETSI) ü Comprised of three subsystems: Mobile Station, Base Station Subsystem, Network Subsystem

Security Flaws of SMS

•  SMS messages are stored unencrypted at the SMSC ü  Employees of SMSC operators ü  Others who can hack into SMSC

• Encryption flaws of GSM network

GSM Security Features(Authentication) A3 is used to authenticate the MS to the network

GSM Security Features(Confidentiality) Data confidentiality is achieved through A8(key generation) and A5(encryption)

GSM Network Vulnerabilities •  Codes for A3,A5 and A8 were leaked or crypto-analyzed •  Most GSM providers use the COMP128 algorithm to implement A3

and A8

Generated by HLR

Input for A5 Present in SIM

card

Ki is encrypted by DES and then sent to HLR; HLR uses the same key codes for decryption and stores Ki.

Examples of Attacks on SMS

• April 13, 1998: Marc Briceno (Director of the Smartcard Developer Association and two U.C.Berkeley researchers-David Wagner and Ian Goldberg The 128bit Ki could be deduced by collecting around 150,000 chosen RAND-SRES pairs.

Developments of A5 •  A5 is a stream cipher protecting SMS transmission

ü  A5/0: no encryption ü  A5/1: original algorithm used in Europe ü  A5/2: weaker encryption, used outside Europe ü  A5/3: strong , created for 3G systems

Although A5/3 is strong, but lack of network authentication makes MITM attack possible.

WhatsApp Flaws •  Same random RC4 encryption key

Results: Xored of 2 ciphertexts=Xored of 2 messages

WhatsApp Flaws •  SSLv2 Protocol Support (Before 02/21/2014) Ø No protection for the handshake Ø Weak MAC construction Ø Same keys for authentication and encryption

•  Vulnerable to Man-In-The-Middle attack

SSL/TLS

How does SSL /TLS work? •  Handshake phase(From TechNet by Microsoft)

•  Data exchange phase

Server Hello

Client Hello

iMessage encryption algorithm RSA(1280-bit) used to encrypt iMessages ECDSA(256-bit)used to generate and verify the signature of messages Step 1 Alice gets Bob’s public key from Apple Sever. Step 2 Alice encrypt M with Bob’s RSA public key and sign with her ECDSA private key Step 3 Bob receive the message, verify the signature with Alice’s Public key and decrypt C with his Private key. Advantage: end to end encryption Limitation: Apple has full control of public key

Results of Comparison Criteria SMS WhatsApp iMessage

Supported input Texts Texts, images, voice, video

Texts, documents, images, videos

File sizes Up to 160 letters Unlimited Unlimited

Cost Pay per message $0.99 annual fee Free

Ease of use All plat-forms Symbian, Android, iOS, windows,

BlackBerry

iOS5 or later

Secured Protocol for key exchange

No SSLv2(Before) TLS(Current)

TLS

Encryption Algorithm A3, A5, A8 RC4 RSA, ECDSA

Key Storage SIM WhatsApp servers and user’s phone

PU: Apple Server PR: iOS device

Key Generation 128-bit Random Key 128-bit individual Subscribe key

160-bit Random Key 1280-bit RSA key 256-bit ECDSA key

Conclusion Secured communication needs end-to-end

encryption •  SMS: No.

•  Whatsapp: Wait for a response. Weakest encryption among the three. However, after joining Facebook, it works on end-to-end encryption.

•  iMessage: Yes. Strong encryption. Assumed as the safest one.

Q&A