Secure off-the-record messaging

Mario Di Raimondo, Rosario Gennaro, Hugo Krawczyk
<span title="">2005</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="" style="color: black;">Proceedings of the 2005 ACM workshop on Privacy in the electronic society - WPES &#39;05</a> </i> &nbsp;
At the 2004 Workshop on Privacy in the Electronic Society (WPES), Borisov, Goldberg and Brewer, presented "Off the Record Messaging" (OTR), a protocol designed to add endto-end security and privacy to Instant Messaging protocols. An open-source implementation of OTR is available and has achieved considerable success. In this paper we present a security analysis of OTR showing that, while the overall concept of the system is valid and attractive, the protocol suffers from security shortcomings
more &raquo; ... e to the use of an insecure key-exchange protocol and other problematic design choices. On the basis of these findings, we propose alternative designs and improvements that strengthen the security of the system and provide the originally intended features of the protocol, including deniability, in a sound and well-defined sense. of information, including very sensitive data. As a consequence, the need to secure the email infrastructure has received plenty of attention, and solutions such as PGP [4, 27] and s/MIME [25] are widely available. Such solutions are designed to provide with the three pillars of secure communications, namely: Confidentiality: the content of communications should remain secret: an unauthorized person should not be able to learn any private information. Authentication: the recipient of information should have certainty about the sender of the information; no other person (or entity) should be able to impersonate the legitimate sender.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="">doi:10.1145/1102199.1102216</a> <a target="_blank" rel="external noopener" href="">dblp:conf/wpes/RaimondoGK05</a> <a target="_blank" rel="external noopener" href="">fatcat:jfr2gvrt35crzd67strre3t4jm</a> </span>
<a target="_blank" rel="noopener" href="" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href=""> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> </button> </a>