CryptoDB
Three Lessons From Threema: Analysis of a Secure Messenger
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. As another, we demonstrate a compression-based side-channel attack that recovers users' long-term private keys through observation of the size of Threema encrypted backups. From our analysis, we draw three wider lessons for developers of secure protocols. |
| Video: | https://youtu.be/sthXs4zJ5XU?t=1892 |
BibTeX
@misc{rwc-2023-35455,
title={Three Lessons From Threema: Analysis of a Secure Messenger},
note={Video at \url{https://youtu.be/sthXs4zJ5XU?t=1892}},
howpublished={Talk given at RWC 2023},
author={Kenneth G. Paterson and Matteo Scarlata and Kien Tuong Truong},
year=2023
}