BYU

Abstract by Tarun Kumar Yadav

Personal Infomation


Presenter's Name

Tarun Kumar Yadav

Degree Level

Doctorate

Abstract Infomation


Department

Computer Science

Faculty Advisor

Kent Seamons

Title

Automatic Detection and Prevention of Fake Key Attacks in Signal

Abstract

The Signal protocol provides end-to-end encryption for billions of users in popular instant messaging applications. It relies on an application-specific key server to distribute public keys and relay encrypted messages between the users. As a result, Signal prevents passive attacks but is vulnerable to some active attacks.

A malicious or hacked key server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. While typical secure messaging applications provide a manual method for users to detect these attacks, this places an undue burden on users and studies show it is ineffective in practice.

We design several defenses for fake key attacks and use a threat analysis to identify which attacks each defense can automatically detect or prevent. We implement the attacks to demonstrate they are possible, and we use an implementation of two of the defenses to confirm that they are feasible. We discuss the strengths and weaknesses of each defense.