Download presentation
Published byBertha Flynn Modified over 8 years ago
1
Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016
2
Content Terms Client Registration Initiating Session Setup
Receiving Session Setup Exchanging Messages Transmitting Media and Other Attachments Group Messages Call Setup Verifying Keys Transport Security
3
Introduction WhatsApp messages and calls between a sender and receiver that use WhatsApp client software released after March 31, 2016 are end-to- end encrypted. The Signal Protocol, designed by Open Whisper Systems, is the basis for WhatsApp’s end-to-end encryption.
4
Terms Public Key Types Identity Key Pair A long-term Curve25519 key pair, generated at install time. Signed Pre Key A medium-term Curve25519 key pair, generated at install time, signed by the Identity Key, and rotated on a periodic timed basis. One-Time Pre Keys A queue of Curve25519 key pairs for one time use, generated at install time, and replenished as needed.
5
Terms Session Key Types
Root Key A 32-byte value that is used to create Chain Keys. Chain Key A 32-byte value that is used to create Message Keys. Message Key An 80-byte value that is used to encrypt message contents. 32 bytes are used for an AES-256 key, 32 bytes for a HMAC-SHA256 key, and 16 bytes for an Initialization Vector.
6
Client Registration Whatsapp have no access on Private Keys ! CLIENT
SERVER Public Identity Key Public Signed Pre Key Batch of public One-Time Pre Keys But Who Said So ?!! Whatsapp have no access on Private Keys !
7
Initiating Session Setup
In order to communicate with another Whatsapp user, the first user needs to establish an encrypted session. Once session is established, it remains until its lost by an external event or reinstalling app. Encrypted session
8
Initiating Session Setup
Establishing Session: 1 2 Initiator 1 2 1 : Initiator Requests : Public Identity Key Public Signed Pre Key One-Time Pre Keys Of Recipient Server returns the requested keys Note: The One-Time Pre key is removed from server storage after being requested
9
Initiating Session Setup
Establishing Session: Initiator 3 4 saves the keys as : Generates & Loads Irecipient (Identity Key) Srecipient (Signed Pre Key) Orecipient (One-Time Pre Key) Ephemeral Curve25519 key pair Einitiator Identity Key as Iinitiator
10
Initiating Session Setup
ECDH : Elliptic Curve Diffie-Hellman It is one of the Secure key exchange algorithms, which are used to exchange keys securely via non secure channel Establishing Session: Initiator 5 Initiator calculates the Master_Secret: ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) || ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient) Initiator uses HKDF to create a Root Key and Chain Keys from the Master_Secret. 6
11
Receiving Session Setup
Accessing from Whatsapp?? Receiving Session Setup 7 7 Session Setup Message Session Setup Message Einitiator Iinitiator Session Setup Message Initiator Recipient
12
Receiving Session Setup
8 Session Setup Message Recipient calculates the Master_Secret by using his own private keys & Session Setup Message. Recipient ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) || ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient) Public Own Keys 9 Finally, Recipient uses HKDF to derive Root Key and Chain Key from Master_Secret
13
Exchanging Messages Every message is encrypted with a unique Message Key For encryption, AES 256 encryption with CBC mode For authentication, HMAC-SHA256 is used Message Keys are ephemeral, can not be regenerated Messages keys are generated from sender's Chain key and “ratchets” forward
14
Exchanging Messages Calculating a Message Key
Message key is calculated as: Message Key = HMAC-SHA256(Chain Key, 0x01) Chain Key is then updated as: HMAC-SHA256(Chain Key, 0x02) Hence, Chain key will “ratchet” forward and can't be derived from a Message key
15
Exchanging Messages Calculating a Chain Key
An ephemeral Curve25519 public key is sent with each message Ephemeral_secret =ECDH(Ephemeral sender , Ephemeral recipient ) Chain Key, Root Key =HKDF(Root Key, ephemeral_secret)
16
Sending Media & Other Attachments
BLOB Whatsapp Server AES256 Key K1 ZMKA Sender HMAC-SHA256 BLOB Store Receiver ZMKA SHA256(ZMKA) AES256 Key K2 K1 SHA256(ZMKA) PTR to BLOB in store QWETRYAKJSJDLHGSADJGXZNBMFJYKE
17
Receiving Media & Other Attachments
QWETRYAKJSJDLHGSADJGXZNBMFJYKE AES256 Key K2 K1 SHA256(ZMKA) PTR to BLOB in store Sender Receiver BLOB Store ZMKA SHA256(ZMKA) SHA256(ZMKA) SHA256(ZMKA) == ZMKA BLOB K1
18
Group Messaging: Initiation
Chain Key CK Signature Key Curve25519 SK Group Member Group SK (public) CK Sender Key AES256 Key K QKOUHFBJNKGKMKM
19
Group Messaging: Sending
Group Member Chain Key CK Group Message Message Key K AES256 SK (private) FTAKJLKJHEROPIUPIU KIUJHFRHKJHGRYLKJLJOPOPL
20
Call Setup When a whatsapp user initiated a call:
The initiator builds an encrypted session with the recipient if one does not already exist The initiator generates a random 32-byte SRTP master secret The initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTP master secret. If the responder answers the call, a SRTP encrypted call ensues.
21
Verifying The Keys MITM Attack
The man-in-the middle attack intercepts a communication between two systems. WhatsApp and Whisper Systems actually did implement some pretty nice encryption. Though easily may be surpassed.
22
Verifying The Keys But !! Why isn’t it effective?
An encrypted conversation on WhatsApp needs the communication of a special public key. The other WhatsApp client will rely on this public key to know who it’s encrypting the information to. The public key has to be sent through WhatsApp’s servers, who then deliver it to your friend’s phone.
23
Verifying The Keys QR scan QR code scanning
user A has to scan a QR code on the device of user B, and vice versa. Scan the user identifier for both parties. Needs thefull 32-byte public Identity Key for both parties. When either user scans the other’s QR code, the keys are compared to ensure that what is in the QR code matches the Identity Key as retrieved from the server.
24
Verifying The Keys Comparing a 60-digit number
The 60-digit number is computed by concatenating the two 30-digit numeric fingerprints for each user’s Identity Key. The 30 digit numeric finger print : Iteratively SHA-512 hash the public Identity Key and user identifier 5200 times. Take the first 30 bytes of the final hash output. Split the 30-byte result into six 5-byte chunks. Convert each 5-byte chunk into 5 digits. Concatenate the six groups of five digits into thirty digits.
25
Transport Security
26
The Nice Properties of transport Security
Fast connection setup Information of identity of the connecting user is not revealed No client authentication secrets are stored on the server
27
Thank You!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.