Abstract by Tarun Kumar Yadav
Tarun Kumar Yadav
Automatic Detection and Prevention of Fake Key Attacks in Signal
The Signal protocol provides end-to-end encryption for billions of users in popular instant messaging applications. It relies on an application-specific key server to distribute public keys and relay encrypted messages between the users. As a result, Signal prevents passive attacks but is vulnerable to some active attacks.
A malicious or hacked key server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. While typical secure messaging applications provide a manual method for users to detect these attacks, this places an undue burden on users and studies show it is ineffective in practice.
We design several defenses for fake key attacks and use a threat analysis to identify which attacks each defense can automatically detect or prevent. We implement the attacks to demonstrate they are possible, and we use an implementation of two of the defenses to confirm that they are feasible. We discuss the strengths and weaknesses of each defense.