Abstract
In recent years, it has come to attention that governments have been doing mass surveillance of personal communications without the consent of the citizens. As a consequence of these revelations, developers have begun releasing new protocols for end-to-end encrypted conversations, extending and making popular the old Off-the-Record protocol. New implementations of such end-to-end encrypted messaging protocols have appeared, and several popular chat applications have been updated to use such protocols. In this survey, we compare six existing applications for end-to-end encrypted instant messaging, namely, Signal, WhatsApp, Wire, Viber, Riot, and Telegram, most of them implementing one of the recent and popular protocols called Signal. We conduct five types of experiments on each of the six applications using the same hardware setup. During these experiments, we test 21 security and usability properties specially relevant for applications (not protocols). The results of our experiments demonstrate that the applications vary in terms of the usability and security properties they provide, and none of them are perfect. In consequence, we make 12 recommendations for improvement of either security, privacy, or usability, suitable for one or more of the tested applications.
Highlights
Background on Secure MessagingProtocols is section provides background on secure messaging protocols that are implemented by the applications analysed in this paper
(3) Key Change While a Message Is in Transit. is test scenario starts as the previous one, but here we look at how WhatsApp handles messages sent before Bob finishes to reinstall
Based on the knowledge gained from the test scenarios, some possible improvements for each application are provided, which have to be verified critically using modelling and verification techniques in order to ensure that an improvement does not break other security properties
Summary
Is test scenario analyses what happens when cryptographic keys change, e.g., when a user in a conversation deletes and reinstalls the Signal app. E second privacy setting is “Screen security,” which does not allow the user to take screenshots as long as they are inside the Signal application.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have