Last summer, the largest it giants - Facebook, Google, Apple, Microsoft-were caught that their contractors had access to users voice messages. All this was done, according to them, solely for good purposes to improve natural language recognition algorithms. Information about this, which appeared in many media outlets, was surprisingly taken quite calmly, given the huge scale of wiretapping. The fact that the news about listening to private messages no longer caused a massive rejection of these services, or at least loud public discussions, suggests that most users have already come to terms: they are ready to pay with privacy for convenience and comfort.
Now popular data exchange services, realizing their vulnerable position before the pressure of authorities and law enforcement agencies, rely on marketing: the most common term that is found in the descriptions of instant messengers and their security level is "end-to-end encryption".
End-to-end panacea?
End-to-end, or end-2-end encryption, is a term that implies that a message is encrypted on the sender's device, delivered encrypted to the recipient's device, and decrypted there. As a rule, this means asymmetric encryption, when each of the parties owns the so-called public key of the interlocutor, namely the code sequence using which the sender encrypts his message. You can only decrypt this message with a private (secret) key, which each of the interlocutors also has, but they do not know each other's private keys. This is a fairly reliable method of private messaging through public communication channels.
At the same time, the term "end-to-end encryption" has now been used as a kind of "Declaration of inviolability", as a kind of confirmation that no outsider will get access to the user's correspondence, call history or media files. However, this is not always the case.
So, end-to-end encryption between interlocutors first of all needs to be organized – this is called "session initiation". To do this, the interlocutors must at least exchange their public keys. At first glance, everything is simple, but here you should remember one of the most common types of attacks against privacy - "man in the middle" (MITM, Man in the Middle). Imagine that you receive a message from a well-known person asking you to, say, lend them some money, and the real sender of this message is an attacker. This is possible even if the messenger in which you communicate uses end-to-end encryption! In what way?
Since the underlying technologies and data exchange protocols, such as TCP/IP, have remained virtually unchanged for decades, their vulnerabilities are well understood. Having somehow gained access to carrier or backbone communication channels, an attacker can get between the sender and receiver at the time of session initiation, and if the exchange of public keys is poorly protected, take possession of them. Of course, this will prevent an attacker from reading someone else's correspondence, but it will allow them to send messages on someone else's behalf. This is one of the many vulnerabilities that can affect a messenger that uses end-to-end encryption. In some cases, the vulnerability may even be caused by the natural complexity of the algorithm, for example, when using protocols that require cross-validation and explicit (user) confirmation at the session initiation stage.
This, of course, does not mean that end-to-end encryption does not work or should be abandoned. This means that now even the average user needs to understand at least the very basics of cryptography.
Focus on the key
One of the tools that enhances the security of communication in instant messengers with end - to-end encryption is the Double Ratchet (DR) key management algorithm, developed five years ago by Trevor Perrin and moxie Marlinspike at Open Whisper Systems. Its implementation uses the Diffie-Hellman triple key reconciliation algorithm (3DH), and is based on fast functions based on elliptic curves with a key size of 256 bits – Curve25519, as well as the well-proven AES-256 and HMAC-SHA256 standards. As part of the messaging protocols, it is used in products such as Gajim, Signal, Skype, Google Allo, Viber, WhatsApp, and some others. Various Protocol implementations are created based on Double Ratchet and Axolotl. For example, at Omega IM, we prefer the fast and secure open source Proteus Protocol, which includes methods provided by the libsodium library.
The choice fell on libsodium, because this library is an open cross-platform implementation of the NaCl (Networking And Cryptography Library) library. It provides asymmetric elliptic curve encryption, symmetric encryption using Salsa20 and Poly1305, Salsa20 and AES encryption, secure HMAC/SHA authentication with a key length of 512/256 bits, and SHA string hashing with a key of 512/256 bits. It is an open and modern library for encryption, digital signature, hashing, and implementing other cryptographic primitives.
The increased confidentiality achieved by increasing the reliability of the encryption algorithms used leads to a number of useful consequences:
Now popular data exchange services, realizing their vulnerable position before the pressure of authorities and law enforcement agencies, rely on marketing: the most common term that is found in the descriptions of instant messengers and their security level is "end-to-end encryption".
End-to-end panacea?
End-to-end, or end-2-end encryption, is a term that implies that a message is encrypted on the sender's device, delivered encrypted to the recipient's device, and decrypted there. As a rule, this means asymmetric encryption, when each of the parties owns the so-called public key of the interlocutor, namely the code sequence using which the sender encrypts his message. You can only decrypt this message with a private (secret) key, which each of the interlocutors also has, but they do not know each other's private keys. This is a fairly reliable method of private messaging through public communication channels.
At the same time, the term "end-to-end encryption" has now been used as a kind of "Declaration of inviolability", as a kind of confirmation that no outsider will get access to the user's correspondence, call history or media files. However, this is not always the case.
So, end-to-end encryption between interlocutors first of all needs to be organized – this is called "session initiation". To do this, the interlocutors must at least exchange their public keys. At first glance, everything is simple, but here you should remember one of the most common types of attacks against privacy - "man in the middle" (MITM, Man in the Middle). Imagine that you receive a message from a well-known person asking you to, say, lend them some money, and the real sender of this message is an attacker. This is possible even if the messenger in which you communicate uses end-to-end encryption! In what way?
Since the underlying technologies and data exchange protocols, such as TCP/IP, have remained virtually unchanged for decades, their vulnerabilities are well understood. Having somehow gained access to carrier or backbone communication channels, an attacker can get between the sender and receiver at the time of session initiation, and if the exchange of public keys is poorly protected, take possession of them. Of course, this will prevent an attacker from reading someone else's correspondence, but it will allow them to send messages on someone else's behalf. This is one of the many vulnerabilities that can affect a messenger that uses end-to-end encryption. In some cases, the vulnerability may even be caused by the natural complexity of the algorithm, for example, when using protocols that require cross-validation and explicit (user) confirmation at the session initiation stage.
This, of course, does not mean that end-to-end encryption does not work or should be abandoned. This means that now even the average user needs to understand at least the very basics of cryptography.
Focus on the key
One of the tools that enhances the security of communication in instant messengers with end - to-end encryption is the Double Ratchet (DR) key management algorithm, developed five years ago by Trevor Perrin and moxie Marlinspike at Open Whisper Systems. Its implementation uses the Diffie-Hellman triple key reconciliation algorithm (3DH), and is based on fast functions based on elliptic curves with a key size of 256 bits – Curve25519, as well as the well-proven AES-256 and HMAC-SHA256 standards. As part of the messaging protocols, it is used in products such as Gajim, Signal, Skype, Google Allo, Viber, WhatsApp, and some others. Various Protocol implementations are created based on Double Ratchet and Axolotl. For example, at Omega IM, we prefer the fast and secure open source Proteus Protocol, which includes methods provided by the libsodium library.
The choice fell on libsodium, because this library is an open cross-platform implementation of the NaCl (Networking And Cryptography Library) library. It provides asymmetric elliptic curve encryption, symmetric encryption using Salsa20 and Poly1305, Salsa20 and AES encryption, secure HMAC/SHA authentication with a key length of 512/256 bits, and SHA string hashing with a key of 512/256 bits. It is an open and modern library for encryption, digital signature, hashing, and implementing other cryptographic primitives.
The increased confidentiality achieved by increasing the reliability of the encryption algorithms used leads to a number of useful consequences:
- The overall decrease of damage because of the strengthening of communication protocols. Although the majority of users are not becoming more competent, it is becoming more difficult for attackers to achieve their goals. Thus, the level of security of ordinary users is growing.
- The rapid development of the "Internet of things" - connected devices are increasingly penetrating our daily lives and can potentially be a significant force in the hands of an attacker. In this case, "human vulnerability" does not arise in principle, but the need for secure communication comes to the fore.
- The desire to continuously strengthen the "cryptographic frontiers" is reinforced by the real need for private communication. As large corporations continue to collect and manage at their own discretion incredible amounts of eternally stored data about each user, more and more people feel a natural need for truly private, secure communication. Private communication is equally important for business and the state itself.
