1. bookVolume 2018 (2018): Issue 3 (June 2018)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Copyright
© 2020 Sciendo

Consistent Synchronous Group Off-The-Record Messaging with SYM-GOTR

Published Online: 28 Apr 2018
Page range: 181 - 202
Received: 30 Nov 2017
Accepted: 16 Mar 2018
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Copyright
© 2020 Sciendo

We describe SYM-GOTR, a protocol for secure Group Off-The-Record (GOTR) messaging. In contrast to previous work, SYM-GOTR is the first protocol to offer confidential, authenticated, and repudiable conversations among a dynamic group with the additional properties of message unlinkability and the guarantee that all users see the same conversation, while providing efficient use of network and CPU resources. SYM-GOTR achieves these properties through the use of a novel optimistic consistency check protocol that either determines that all users agree on a transcript with constant-size messages or identifies at least one user that has not followed the protocol. We provide an implementation of SYM-GOTR as a Java library along with a plugin for the Jitsi instant messaging client. We analyze the performance of SYM-GOTR in a real world deployment scenario and discuss the challenges of providing a usable implementation without compromising the security of the conversation.

[1] N. Weaver, “A close look at the NSA’s most powerful internet attack tool.” http://www.wired.com/2014/03/quantum/. Accessed: 19 May 2017.Search in Google Scholar

[2] N. Borisov, I. Goldberg, and E. Brewer, “Off-the-record communication, or, why not to use pgp,” in Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES ’04, (New York, NY, USA), pp. 77-84, ACM, 2004.Search in Google Scholar

[3] I. Goldberg, B. Ustaoglu, M. D. Van Gundy, and H. Chen, “Multi-party off-the-record messaging,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, (New York, NY, USA), pp. 358- 368, ACM, 2009.Search in Google Scholar

[4] H. Liu, E. Y. Vasserman, and N. Hopper, “Improved group off-the-record messaging,” in Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES ’13, (New York, NY, USA), pp. 249-254, ACM, 2013.Search in Google Scholar

[5] O. W. Systems, Open Whisper Systems. https://whispersystems.org/.Search in Google Scholar

[6] M. Schliep, I. Kariniemi, and N. Hopper, “Is bob sending mixed signals?,” in Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, WPES ’17, (New York, NY, USA), pp. 31-40, ACM, 2017.Search in Google Scholar

[7] N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, “Sok: Secure messaging,” in Security and Privacy (SP), 2015 IEEE Symposium on, pp. 232-249, IEEE, 2015.Search in Google Scholar

[8] M. Burmester and Y. Desmedt, “A secure and efficient conference ey distribution system,” in Advances in cryptology EUROCRYPT’94, pp. 275-286, Springer, 1994.Search in Google Scholar

[9] M. Marlinspike and T. Perrin, “The x3dh key agreement protocol,” 2016.Search in Google Scholar

[10] M. Marlinspike and T. Perrin, “The double ratchet algorithm,” 2016.Search in Google Scholar

[11] T. Frosch, C. Mainka, C. Bader, F. Bergsma, J. Schwenk, and T. Holz, “How secure is textsecure?,” in Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pp. 457-472, IEEE, 2016.Search in Google Scholar

[12] K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila, “A formal security analysis of the signal messaging protocol,” in Security and Privacy (EuroS&P), 2017 IEEE European Symposium on, pp. 451-466, IEEE, 2017.Search in Google Scholar

[13] N. Kobeissi, K. Bhargavan, and B. Blanchet, “Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach,” in IEEE European Symposium on Security and Privacy (EuroS& P), 2017.Search in Google Scholar

[14] eQualit.ie, (n+1)sec protocol specification - draft. https: //equalit.ie/introducing-n1sec-a-protocol-for-distributedmultiparty- chat-encryption/.Search in Google Scholar

[15] M. Abdalla, C. Chevalier, M. Manulis, and D. Pointcheval, “Flexible group key exchange with on-demand computation of subgroup keys.,” Africacrypt, vol. 10, pp. 351-368, 2010.Search in Google Scholar

[16] M. Bellare and C. Namprempre, “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm,” J. Cryptol., vol. 21, pp. 469-491, Sept. 2008.Search in Google Scholar

[17] B. LaMacchia, K. Lauter, and A. Mityagin, “Stronger security of authenticated key exchange,” in Provable Security, pp. 1-16, Springer, 2007.Search in Google Scholar

[18] C. Alexander and I. Goldberg, “Improved user authentication in off-the-record messaging,” in Proceedings of the 2007 ACM workshop on Privacy in electronic society, pp. 41-47, ACM, 2007.Search in Google Scholar

[19] M. Di Raimondo, R. Gennaro, and H. Krawczyk, “Deniable authentication and key exchange,” in Proceedings of the 13th ACM conference on Computer and communications security, pp. 400-409, ACM, 2006.Search in Google Scholar

[20] linode, linode. https://linode.com/.Search in Google Scholar

[21] J. Ugander, B. Karrer, L. Backstrom, and C. Marlow, “The anatomy of the facebook social graph,” arXiv preprint arXiv:1111.4503, 2011.Search in Google Scholar

[22] OpenStack IRC meetings. http://eavesdrop.openstack.org/.Search in Google Scholar

[23] twitter, twitter. https://twitter.com/.Search in Google Scholar

[24] reddit, reddit. https://reddit.com/.Search in Google Scholar

[25] Facebook, Facebook. https://facebook.com/.Search in Google Scholar

[26] R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” in Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, EUROCRYPT ’01, (London, UK, UK), pp. 453- 474, Springer-Verlag, 2001.Search in Google Scholar

Plan your remote conference with Sciendo