1. bookVolume 2019 (2019): Issue 3 (July 2019)
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year
access type Open Access

Circumventing Cryptographic Deniability with Remote Attestation

Published Online: 12 Jul 2019
Page range: 350 - 369
Received: 30 Nov 2018
Accepted: 16 Mar 2019
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year

Deniable messaging protocols allow two parties to have ‘off-the-record’ conversations without leaving any record that can convince external verifiers about what either of them said during the conversation. Recent events like the Podesta email dump underscore the importance of deniable messaging to politicians, whistleblowers, dissidents and many others. Consequently, messaging protocols like Signal and OTR are designed with cryptographic mechanisms to ensure deniable communication, irrespective of whether the communications partner is trusted.


[1] “ARM security technology: Building a secure system using TrustZone technology,” ARM, White paper, 2009. [Online]. Available: https://www.arm.com/products/security-onarm/trustzoneSearch in Google Scholar

[2] “Intel Software Guard Extensions programming reference,” Tech. Rep., 2014. [Online]. Available: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdfSearch in Google Scholar

[3] (2016) DKIM verification. [Online]. Available: https://wikileaks.org/DKIM-Verification.htmlSearch in Google Scholar

[4] “Intel Software Guard Extensions SDK for Linux OS: Developer reference,” Tech. Rep., 2016.Search in Google Scholar

[5] (2018) Briar: Secure messaging, anywhere. Accessed 2018-04-29. [Online]. Available: https://briarproject.org/Search in Google Scholar

[6] (2018) Messenger. Accessed 2018-05-03. [Online]. Available: https://www.messenger.com/Search in Google Scholar

[7] (2018) OTR version 4. Draft, accessed 2018-05-03. [Online]. Available: https://github.com/otrv4/otrv4/blob/master/otrv4.mdSearch in Google Scholar

[8] “Signal Protocol C library,” Code, 2018, commit 9e10362fce9072b104e6d5a51d6f56d939d1f36e. [Online]. Available: https://github.com/signalapp/libsignal-protocol-cSearch in Google Scholar

[9] N. Asokan, G. Tsudik, and M. Waidner, “Server-supported signatures,” in ESORICS’96: 4th European Symposium on Research in Computer Security, ser. Lecture Notes in Computer Science, E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds., vol. 1146. Springer, Heidelberg, Sep. 1996, pp. 131–143.Search in Google Scholar

[10] R. Bahmani, M. Barbosa, F. Brasser, B. Portela, A.-R. Sadeghi, G. Scerri, and B. Warinschi, “Secure multiparty computation from SGX,” in FC 2017: 21st International Conference on Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science, A. Kiayias, Ed., vol. 10322. Springer, Heidelberg, Apr. 2017, pp. 477–497.Search in Google Scholar

[11] J. C. Benaloh and D. Tuinstra, “Receipt-free secret-ballot elections (extended abstract),” in 26th Annual ACM Symposium on Theory of Computing. ACM Press, May 1994, pp. 544–553.Search in Google Scholar

[12] N. Borisov, I. Goldberg, and E. Brewer, “Off-the-record communication, or, why not to use PGP,” in Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES), 2004.Search in Google Scholar

[13] R. Canetti, “Universally composable security: A new paradigm for cryptographic protocols,” in 42nd Annual Symposium on Foundations of Computer Science. IEEE Computer Society Press, Oct. 2001, pp. 136–145.Search in Google Scholar

[14] ——, “Universally composable signatures, certification and authentication,” Cryptology ePrint Archive, Report 2003/239, 2003, http://eprint.iacr.org/2003/239.Search in Google Scholar

[15] I. Carmon, “How we broke the NSA story,” Salon, 2013, 2013-06-10.Search in Google Scholar

[16] M. Crispin, “Internet Message Access Protocol - Version 4rev1,” RFC 3501, Mar. 2003. [Online]. Available: https://rfc-editor.org/rfc/rfc3501.txtSearch in Google Scholar

[17] T. Dierks and C. Allen, RFC 2246 - The TLS Protocol Version 1.0, Internet Activities Board, Jan. 1999.Search in Google Scholar

[18] Y. Dodis, J. Katz, A. Smith, and S. Walfish, “Composability and on-line deniability of authentication,” in TCC 2009: 6th Theory of Cryptography Conference, ser. Lecture Notes in Computer Science, O. Reingold, Ed., vol. 5444. Springer, Heidelberg, Mar. 2009, pp. 146–162.Search in Google Scholar

[19] M. Gay, “Political world embraces encrypted-messaging app Signal amid fears of hacking,” The Wall Street Journal, 2017, 2017-01-27. [Online]. Available: https://www.wsj.com/articles/political-world-embraces-encrypted-messagingapp-amid-fears-of-hacking-1485492485Search in Google Scholar

[20] “Trusted Platform Module library,” Standard, 2015.Search in Google Scholar

[21] D. Kim, B. J. Kwon, and T. Dumitras, “Certified malware: Measuring breaches of trust in the windows code-signing PKI,” in ACM CCS 17: 24th Conference on Computer and Communications Security, B. M. Thuraisingham, D. Evans, T. Malkin, and D. Xu, Eds. ACM Press, Oct. / Nov. 2017, pp. 1435–1448.Search in Google Scholar

[22] J. C. Klensin, “Simple Mail Transfer Protocol,” RFC 5321, Oct. 2008. [Online]. Available: https://rfc-editor.org/rfc/rfc5321.txtSearch in Google Scholar

[23] N. Kobeissi, K. Bhargavan, and B. Blanchet, “Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach,” in Proceedings of the IEEE European Symposium on Security and Privacy, 2017.Search in Google Scholar

[24] P. Kotzias, S. Matic, R. Rivera, and J. Caballero, “Certified PUP: Abuse in authenticode code signing,” in ACM CCS 15: 22nd Conference on Computer and Communications Security, I. Ray, N. Li, and C. Kruegel:, Eds. ACM Press, Oct. 2015, pp. 465–478.Search in Google Scholar

[25] H. Krawczyk, “SKEME: A versatile secure key exchange mechanism for Internet,” in Proceedings of the Symposium on Network and Distributed System Security, 1996.Search in Google Scholar

[26] M. Kucherawy, D. Crocker, and T. Hansen, “DomainKeys Identified Mail (DKIM) Signatures,” RFC 6376, Sep. 2011. [Online]. Available: https://rfc-editor.org/rfc/rfc6376.txtSearch in Google Scholar

[27] A. Kurnikov, A. Paverd, M. Mannan, and N. Asokan, “https://arxiv.org/abs/1804.08569,” 2018. [Online]. Available: https://arxiv.org/abs/1804.08569Search in Google Scholar

[28] M. Marlinspike. (2013) Simplifying OTR deniability. Accessed 2018-05-01. [Online]. Available: https://signal.org/blog/simplifying-otr-deniability/Search in Google Scholar

[29] OTRv4 team, “Personal communication,” May 2018.Search in Google Scholar

[30] T. Perrin and M. Marlinspike, “The Double Ratchet algorithm,” Open Whisper Systems, Standard, 2016. [Online]. Available: https://signal.org/docs/specifications/doubleratchet/Search in Google Scholar

[31] ——, “The X3DH key agreement protocol, revision 1,” Open Whisper Systems, Standard, 2016. [Online]. Available: https://signal.org/docs/specifications/x3dh/Search in Google Scholar

[32] H. Ritzdorf, K. Wüst, A. Gervais, G. Felley, and S. Capkun, “TLS-N: Non-repudiation over TLS enabling - ubiquitous content signing for disintermediation,” Cryptology ePrint Archive, Report 2017/578, 2017, http://eprint.iacr.org/2017/578.Search in Google Scholar

[33] B. Schneier, Applied Cryptography. Wiley, 1996.Search in Google Scholar

[34] security@signal.org, “Personal communication,” May 2018.Search in Google Scholar

[35] A. Serhrouchni and I. Hajjeh, “Intégration de la signature numérique au protocole SSL/TLS,” Annales Des Télécommunications, vol. 61, no. 5–6, pp. 522–541, 2006.Search in Google Scholar

[36] Y. Swami, “SGX remote attestation is not sufficient,” Cryptology ePrint Archive, Report 2017/736, 2017, http://eprint.iacr.org/2017/736.Search in Google Scholar

[37] Twitter. (2018) About direct messages. Accessed 2018-05-03. [Online]. Available: https://help.twitter.com/en/using-twitter/direct-messagesSearch in Google Scholar

[38] N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, “SoK: Secure messaging,” in 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2015, pp. 232–249.Search in Google Scholar

[39] N. Unger and I. Goldberg, “Deniable key exchanges for secure messaging,” in ACM CCS 15: 22nd Conference on Computer and Communications Security, I. Ray, N. Li, and C. Kruegel:, Eds. ACM Press, Oct. 2015, pp. 1211–1223.Search in Google Scholar

[40] ——, “Improved strongly deniable authenticated key exchanges for secure messaging,” Proceedings on Privacy Enhancing Technologies, vol. 2018, 2018.Search in Google Scholar

[41] F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi, “Town crier: An authenticated data feed for smart contracts,” in ACM CCS 16: 23rd Conference on Computer and Communications Security, E. R. Weippl, S. Katzenbeisser, C. Kruegel, A. C. Myers, and S. Halevi, Eds. ACM Press, Oct. 2016, pp. 270–282.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo