CryptoDB
Secure Messaging Authentication against Active Man-in-the-Middle Attacks
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Current messaging protocols are incapable of detecting active man-in-the-middle threats after a state compromise. Even strongly-secure protocols such as Signal, which offers forward secrecy and post-compromise security, are dependent on the adversary being passive immediately following state compromise, and healing guarantees are lost if the attacker is not. In addition, despite a great deal of research analyzing the confidentiality properties of secure messaging, entity authentication has largely been abstracted away. Modern messaging applications often rely on out-of-band communication to achieve entity authentication, with human users actively engaging with the protocol, verifying and attesting to long-term public keys. This is done primarily to reduce reliance on trusted third parties (by replacing that role with the user), but this implies that an accurate picture such messaging application's security must take this interaction into account. In this presentation, we examine these gaps by formalizing user-mediated entity authentication, introducing a security model for capturing user authentication in real-world ratcheted messaging protocols. We further demonstrate that the Signal application’s user-mediated authentication protocol cannot be proven secure in this strong model and suggest a new solution that allows the detection of an active state-compromising adversary. Our solution – the MoDUSA protocol – achieves active post-compromise entity authentication security, under certain assumptions on the out-of-band communication channel. These results have direct implications for existing and future ratcheted secure messaging applications. |
BibTeX
@misc{rwc-2022-35494,
title={Secure Messaging Authentication against Active Man-in-the-Middle Attacks},
howpublished={Talk given at RWC 2022},
author={Benjamin Dowling and Britta Hale},
year=2022
}