Filters








74 Hits in 1.7 sec

How Secure is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jorg Schwenk, Thorsten Holz
2016 2016 IEEE European Symposium on Security and Privacy (EuroS&P)  
A messaging app that has attracted a lot of attention lately is TEXTSECURE, an app that claims to provide secure instant messaging and has a large number of installations via Google's Play Store.  ...  As such, it is hard to assess which kind of security properties are provided by these apps and especially end-to-end encryption is missing.  ...  We have documented the attack and show how it can be mitigated. The attack has been communicated with and and acknowledged by the developers of TEXTSECURE.  ... 
doi:10.1109/eurosp.2016.41 dblp:conf/eurosp/FroschMBBSH16 fatcat:rpg6veyqrrdv5k3d4bf2uuqony

More is Less: How Group Chats Weaken the Security of Instant Messengers Signal, WhatsApp, and Threema [article]

Paul Rösler, Christian Mainka, Jörg Schwenk
2017 IACR Cryptology ePrint Archive  
Secure instant messaging is utilized in two variants: one-to-one communication and group communication.  ...  ., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging.  ...  We thank Tibor Jager, Julian Loss, Moxie Marlinspike, the Threema Security Team, the CCS 2017, and EuroS&P 2018 reviewers for their helpful comments and fruitful discussions.  ... 
dblp:journals/iacr/RoslerMS17 fatcat:tclwq6l2mjfv7lxp6ddu6nnvzu

Privacy and data protection in smartphone messengers

Christoph Rottermanner, Peter Kieseberg, Markus Huber, Martin Schmiedecker, Sebastian Schrittwieser
2015 Proceedings of the 17th International Conference on Information Integration and Web-based Applications &Services - iiWAS '15  
Furthermore, device theft and loss is a major issue regarding the protection of user privacy.  ...  Thus, we also analyzed, whether the messages are stored in a secure way on the device itself, or if control over the physical device allows access to the message data.  ...  The financial support by the Austrian Federal Ministry of Science, Research and Economy and the National Foundation for Research, Technology and Development is gratefully acknowledged.  ... 
doi:10.1145/2837185.2837202 dblp:conf/iiwas/RottermannerKHS15 fatcat:i6wuok5uv5fgxny2lmbbbncapy

Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework [chapter]

Quirin Scheitle, Matthias Wachs, Johannes Zirngibl, Georg Carle
2016 Lecture Notes in Computer Science  
It allows to conduct automated experiments with mobile messaging applications, is transparent to those applications and does not require any modifications to the applications.  ...  We analyze how messaging traffic is routed through the Internet and which countries could therefore access this traffic.  ...  Due to its high rank in the EFF Scorecard with respect to security and privacy and being free software with its source code open to the public, we picked TextSecure as a third application for this experiment  ... 
doi:10.1007/978-3-319-30505-9_15 fatcat:5y6vjgkx6rgwhhjhq7jcc3hjoi

Deniable Key Exchanges for Secure Messaging

Nik Unger, Ian Goldberg
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
the deniability properties of the popular TextSecure secure messaging application.  ...  is later compromised.  ...  This DAKE is the first of its kind that can be used in secure messaging applications such as TextSecure [19] .  ... 
doi:10.1145/2810103.2813616 dblp:conf/ccs/UngerG15 fatcat:i5crh7s75ffzzcn4mcdfv4ooca

SoK: Secure Messaging

Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith
2015 2015 IEEE Symposium on Security and Privacy  
In contrast, once trust is established, conversation security can be achieved without any user involvement in most two-party conversations, though conversations between larger groups still lack a good  ...  IEEE Symposium on Security and Privacy  ...  Joseph Bonneau is supported by a Secure Usability Fellowship from the Open Technology Fund and Simply Secure. We gratefully acknowledge the support of NSERC and the Ontario Research Fund.  ... 
doi:10.1109/sp.2015.22 dblp:conf/sp/UngerDBFPG015 fatcat:ztmbqbcxojb2dlnhtqwjotl4qi

On Post-compromise Security

Katriel Cohn-Gordon, Cas Cremers, Luke Garratt
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
Our work leads to crucial insights on how postcompromise security can (and cannot) be achieved, paving the way for applications in other domains.  ...  We show that both of these security models can be satisfied, by proposing two concrete protocol constructions and proving they are secure in the models.  ...  An interesting question is the extent to which the ratcheting mechanism is necessary to achieve this, and how the security goals for a 0-RTT protocol interact with PCS.  ... 
doi:10.1109/csf.2016.19 dblp:conf/csfw/Cohn-GordonCG16 fatcat:bl75n4itnnh3ba2eh5cckhnmxa

Danger is my middle name

Lucky Onwuzurike, Emiliano De Cristofaro
2015 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks - WiSec '15  
This prompts a number of challenges as it is not clear how to provide meaningful feedback and how to proceed w.r.t. to warnings.  ...  We choose Barclays Mobile and TextSecure motivated by the curiosity of analyzing at least one mobile banking and one secure chat app, and Amazon Local to verify the presence of any difference with the  ... 
doi:10.1145/2766498.2766522 dblp:conf/wisec/OnwuzurikeC15 fatcat:qcdwsm3bczf37mmmyaos3lac7y

Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach

Nadim Kobeissi, Karthikeyan Bhargavan, Bruno Blanchet
2017 2017 IEEE European Symposium on Security and Privacy (EuroS&P)  
Our ProScript protocol code is incorporated within the current release of Cryptocat, a desktop secure messenger application written in JavaScript.  ...  The protocol is implemented in ProScript, a new domain-specific language that is designed for writing cryptographic protocol code that can both be executed within JavaScript programs and automatically  ...  The design of these core mechanisms in TextSecure version 2 was cryptographically analyzed in [2] but the protocol has evolved since then and the security of Signal as it is currently implemented and  ... 
doi:10.1109/eurosp.2017.38 dblp:conf/eurosp/KobeissiBB17 fatcat:jc3mdwujmzd2rhtzd3262sn2ca

Authorizing Third-Party Applications Served through Messaging Platforms

Jorge Sancho, José García, Álvaro Alesanco
2021 Sensors  
., the messaging platform, which is expected to improve the overall user experience of the authorization process.  ...  TextSecure Security Most messaging platforms, such as Signal, WhatsApp, Facebook Messenger, or Skype, rely on the TextSecure protocol [8] to provide security to users' conversations.  ...  MitM Attacker All the trust in the TextSecure protocol is based on asymmetric cryptography.  ... 
doi:10.3390/s21175716 pmid:34502607 pmcid:PMC8433987 fatcat:qklmfgpyyzh7lbedsis4lm7kni

Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images

Brendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, Dongyan Xu, Golden G. Richard III
2016 USENIX Security Symposium  
RetroScope is inspired by the observations that (1) app-internal data on previous screens exists much longer in memory than the GUI data structures that "package" them and (2) each app is able to perform  ...  Further, RetroScope is app-agnostic, requiring no knowledge about an app's internal data definitions or rendering logic.  ...  However, obtaining the ground truth (how many previous screens Retro-Scope should recover) is not straightforward because the screens' recoverability is decided by the availability of the app's internal  ... 
dblp:conf/uss/SaltaformaggioB16 fatcat:2bh6tdiciraprkkan6io5y5dx4

Forward Secure Asynchronous Messaging from Puncturable Encryption

Matthew D. Green, Ian Miers
2015 2015 IEEE Symposium on Security and Privacy  
We show how to combine puncturable encryption with the forward-secure public key encryption proposal of Canetti et al. to achieve practical forward-secure messaging with low overhead.  ...  In a forward secure encryption scheme, a user periodically updates her secret key so that past messages remain confidential in the event that her key is compromised.  ...  CCA security The puncturable encryption scheme presented in Figure 2 provides only CPA security. We now describe how to modify this scheme to achieve CCA security.  ... 
doi:10.1109/sp.2015.26 dblp:conf/sp/GreenM15 fatcat:nczd4nd7craifplr6z4usi3hlu

ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State

Jeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, Koushik Sen
2021 USENIX Security Symposium  
its judgment if the algorithm is reported as not oblivious.  ...  In this paper, we propose ObliCheck, a checker verifying whether a given algorithm is indeed oblivious.  ...  Taint tags let ObliCheck track how secret input is propagated and decide the security level of a newly generated symbolic variable after optimistic state merging.  ... 
dblp:conf/uss/SonPPPS21 fatcat:aqg3uwfx3vh6ne6doataroi3fu

The Snowden Phone: A Comparative Survey of Secure Instant Messaging Mobile Applications [article]

Christian Johansen, Aulon Mujaj, Hamed Arshad, Josef Noll
2019 arXiv   pre-print
Finally, the paper gives proposals for improving each application w.r.t. security, privacy, and usability.  ...  We conduct a series of experiments on these implementations to identify which types of security and usability properties each application provides.  ...  How the end-to-end encryption is toggled on is shown in the "other security implementations" part (Fig.21d) .  ... 
arXiv:1807.07952v2 fatcat:njkcmmo7fnctvdtt7txvdjq7py

The adversarial threat posed by the NSA to the integrity of the internet

Jared Naude, Lynette Drevin
2015 2015 Information Security for South Africa (ISSA)  
about internet security such as how common weaknesses are being exploited by both intelligence agencies and criminals.  ...  In order to assess the potential harm and the security implications of mass surveillance, this paper looks at how state level actors around the world are conducting surveillance which raise broader issues  ...  Users should use audited applications such as RedPhone and TextSecure which have been proven to be secure. B.  ... 
doi:10.1109/issa.2015.7335060 dblp:conf/issa/NaudeD15 fatcat:azxzct3lffdabn7wpbk4qz2tze
« Previous Showing results 1 — 15 out of 74 results