Paper 2014/904

How Secure is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Joerg Schwenk, and Thorsten Holz

Abstract

Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, until recently, most mobile messaging apps did not protect confidentiality or integrity of the messages. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook's acquisition of the hugely popular mobile messaging app WhatsApp, alternatives claiming to provide secure communication experienced a significant increase of new users. A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TextSecure. Besides numerous direct installations, its protocol is part of Android's most popular aftermarket firmware CyanogenMod. TextSecure's successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TextSecure's complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TextSecure. Furthermore, we formally prove that - if key registration is assumed to be secure - TextSecure's push messaging can indeed achieve most of the claimed security goals.

Note: Extended, revised version including full protocol overview.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. 1st IEEE European Symposium on Security and Privacy
Keywords
protocol analysispublic-key cryptographyapplicationsinstant messagingconfidentialityauthenticity
Contact author(s)
tilman frosch @ rub de
History
2016-04-05: last of 2 revisions
2014-11-01: received
See all versions
Short URL
https://ia.cr/2014/904
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/904,
      author = {Tilman Frosch and Christian Mainka and Christoph Bader and Florian Bergsma and Joerg Schwenk and Thorsten Holz},
      title = {How Secure is TextSecure?},
      howpublished = {Cryptology ePrint Archive, Paper 2014/904},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/904}},
      url = {https://eprint.iacr.org/2014/904}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.