Secure Messaging Protocols Part 1: A Brief History | Wickr

What is a “Secure Messaging Protocol”?

A secure messaging protocol (SMP) allows remote users to send messages (and more) to each other securely over an untrusted (and possibly adversarial) network such as the Internet. In general, to use an SMP, participants first have to go through some type of trusted setup, often called “contact discovery”. The type of security that is provided differs between SMPs and must be balanced against other costs such as the resources required to run the protocol, the flexibility of the protocol, and its implementation cost. Given all of these considerations, it is probably not surprising that we find ourselves with a large and growing collection of candidate SMPs out there.

PGP: A First Step

As long as there has been writing, there has been some form of “secret” writing used to secure the exchange of messages, so choosing a starting point for this story is a bit arbitrary. Nevertheless, I think the Pretty Good Privacy protocol (PGP) is probably a good place to begin. First introduced in 1991 by Phil Zimmerman, it allows users to encrypt and digitally sign emails which are then delivered via the standard email protocol (i.e. SMTP). What makes PGP interesting for this post is that it was one of the very first SMPs to be (at least somewhat) widely implemented, deployed, and used. In fact, PGP and a similar protocol called S/MIME developed a decade later are still used in some communities to this day. As such, PGP has had a huge influence on future SMPs, not least of which by setting the initial bar against which we measure newer protocols. I’d like to highlight the following features of PGP (and S/MIME).

  • End-to-End Security: From a security standpoint, PGP is built around an E2E security model. Essentially, this means that users can communicate securely, even via an adversarially controlled network and server infrastructure. The worst the network/infrastructure can do is deny service to a user. Crucially though, this means that all intermediary devices tasked with transferring a message from Alice to Bob are incapable of reading the message or modifying it. That is, PGP provides both E2E privacy and E2E authenticity. So, for example, as long as Alice keeps her PGP keys safe, no one other than Alice can create a PGP message that would be accepted by Bob as having been sent by Alice. This stands in contrast to other contemporary (and even quite modern) messaging systems such as SMS, normal emails, and even Facebook Messenger or Google Hangouts. PGP showed us that this level of exposure to malicious infrastructure is not necessarily incompatible with messaging services (even asynchronous ones).

OTR: Security++

Another major milestone in the story of SMPs took place with the introduction of the Off-the-Record protocol (OTR) in 2004 by Nikita Borisov, Ian Avrum Goldberg, and Eric A. Brewer. With the goals of deniability and long-term security in mind, the protocol introduced two new security features to the world of SMPs.

  • Deniable Authentication: As mentioned above, an SMP provides authentication if it is impossible to forge the origin of a message; that is, no one but Alice can create messages that Bob will accept as having been sent by Alice. Deniable authentication goes a step further by also guaranteeing that once an encrypted and authenticated message is delivered, anyone is capable of producing a “fake” encrypted message that looks like it came from Alice. In other words, during a conversation between Alice and Bob, only Alice can produce messages that Bob will accept. Yet, once the conversation is complete, anyone (not just Bob) can produce a fake encrypted message (with arbitrary content) that looks like it came from Alice in that conversation. In effect, this means that a transcript of OTR encrypted messages does not provide any (at least cryptographic) evidence that the conversation took place, let alone what was actually said and by whom, since it’s easy to fake such transcripts. It is in this sense that OTR provides a type of deniability.

Wickr: The Best of Both Worlds.

Both PGP and OTR provided E2E security. However, neither quite fulfills all the requirements we have come to expect from today’s secure messaging protocols. On the one hand, PGP allows for asynchronous communication but lacks forward secrecy, while OTR provides forward secrecy but doesn’t support asynchronousity. Thus, a new milestone was reached in 2013 with the public release of the new Wickr SMP, which combined all 3 of these properties into a single protocol. To the best of my knowledge, this makes Wickr the first publicly available SMP meeting today’s basic standard of security, now commonly expected of any SMPs.

The Double Ratchet: A Trade-Off

In 2014, Open Whisper Systems released the Signal SMP, whose main component is the novel key agreement (sub)protocol later dubbed the Double Ratchet. In fact, the Double Ratchet remains a central piece in many of today’s modern SMPs (e.g. Viber, Wire, WhatsApp, Signal, and more). Like Wickr’s SMP, the ones based on the Double Ratchet are designed to achieve both E2E security and FS while still allowing for asynchronous messaging. However, in other ways, these two types of SMPs are simply incomparable.

Stay Tuned

As our digital infrastructure becomes ever more complicated (while often also staying in use for years at a time), being “secure” is more and more a process rather than some kind of fixed state. A big part of that process is how we respond to and recover from breaches. It is within this context that forward secrecy and Post Compromise Security have become such interesting security goals for modern SMPs. While forward secrecy is, by now, a well-understood security property, cryptographers and security engineers are now pushing the boundaries of what we can achieve in terms of PCS and other types of security for SMPs. To read more about the bleeding edge of research and development on SMPs, both in industry and in academia, stay tuned for the next part in this series.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store