WhatsApp End-to-End Encrypted Backup Protocol Security Analysis

Slide Note
Embed
Share

This security analysis delves into the WhatsApp end-to-end encrypted backup protocol, highlighting the potential risks associated with chat history backups. It discusses the dangers of password guessing, the vulnerabilities of cloud providers, and proposes solutions for a more secure backup system to protect user data.

chae_220
chae_220 Follow

Uploaded on Sep 07, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Security Analysis of the Security Analysis of the WhatsApp End WhatsApp End- -to to- -End Encrypted Backup Protocol Backup Protocol End Encrypted Gareth T. Davies, Sebastian Faller, Kai Gellert, Tobias Handirk, Julia Hesse, M t Horv rth, Tibor Jager 1

  2. 2

  3. Over 100 million users! We analysed this protocol 3

  4. How (not) to Backup Chat Histories Chat history lost when device is lost Backup Store Backup Choose random key Backup = Enc( , chat_history) Store key WhatsApp E2EE Backups 4

  5. 5

  6. WhatsApp E2EE Backups 6

  7. How (not) to Back Up Chat Histories Offline attackable: Backup Store Backup = Hash(pwd123) Backup = Enc( , chat_history) Guess password is pwd123 WhatsApp E2EE Backups 7

  8. Password Guessing Is Dangerous 100 million users if 80% use one of the 10 000 most used passwords and Cloud provider guesses 100 times for each user gets 8 million backup keys! roughly the population of Switzerland 111111 WhatsApp E2EE Backups 8

  9. How (not) to Backup Chat Histories Cloud Provider and WhatsApp can collude: No E2EE anymore! Backup Store Backup WhatsApp Server Choose random key Backup = Enc( ,chat_history) Store WhatsApp E2EE Backups 9

  10. 10

  11. Can We Have Best of Both Worlds? WhatsApp must not see the backup key Google/Apple must not see the backup key pwd User just remembers a password Idea: Use password-based cryptography! WhatsApp E2EE Backups 11

  12. Password-Authenticated Key Exchange OPAQUE [JKX18] Password Initialization: Key Exchange: Password and client file Per-Client seed Server Client export key and shared key export key store file for client shared key If password correct: server does not see the password in the clear! shared key = shared key and export key = export key WhatsApp E2EE Backups 12

  13. Sketch of WhatsApps Protocol Storing backup key at WhatsApp: Chooses password OPAQUE Init Backup Store Backup WhatsApp gets export key from OPAQUE c = Enc( , ) c stores c for client WhatsApp E2EE Backups 13

  14. Sketch of WhatsApps Protocol Guess password is pwd123 Retrieve backup key from WhatsApp: Chooses password Backup OPAQUE KE Store Backup WhatsApp gets export key and shared key from OPAQUE Problem: Server can still guess the password gets shared key from OPAQUE retrieve stored c e = Enc( , c) e c = Dec( ,e) = Dec( ,c) WhatsApp E2EE Backups 14

  15. Sketch of WhatsApps Protocol Retrieve backup key from WhatsApp: Chooses password Backup OPAQUE KE Store Backup WhatsApp HSM gets export key and shared key from OPAQUE gets shared key from OPAQUE retrieve stored c e = Enc( , c) e c = Dec( ,e) = Dec( ,c) WhatsApp E2EE Backups 15

  16. Intuitive Security Requirements = Verifiability of backup key High entropy of the backup key Secrecy of backup key Hard limit on attempts with wrong password WhatsApp E2EE Backups 16

  17. Our work shows: = Verifiability of backup key High entropy of the backup key Secrecy of backup key Hard limit on attempts with wrong password WhatsApp E2EE Backups 17

  18. Getting More than Ten Guesses +1 484 1234 Change pwd Delete old record of Client Create record for Client WhatsApp Server Client HSM record for , guesses: 10, (protected with pwd 1) (protected with pwd 1) record for , guesses: 10, (protected with pwd 2) record for , guesses: 10, WhatsApp E2EE Backups 18

  19. Getting More than Ten Guesses Change pwd Create record for Client WhatsApp Server Client HSM guess any of these record for , guesses: 10, (protected with pwd 1) (protected with pwd 1) record for , guesses: 10, (protected with pwd 2) record for , guesses: 10, (protected with pwd 3) record for , guesses: 10, WhatsApp E2EE Backups 19

  20. Conclusion Confirmed strong guarantees of WhatsApp s E2EE chat backups Malicious server gets more than ten password guesses Still good protocol when used with strong passwords Future work Consider HSM corruption Optimize protocol design Efficiency Hard limit on guesses Post-quantum Check out: https://github.com/facebook/voprf, https://github.com/facebook/opaque-ke WhatsApp E2EE Backups 20

Related


Data Storage, Backup, and Security Essentials

Data Storage, Backup, and Security Essentials

mortenson_j
Understanding Data Backup Best Practices

Understanding Data Backup Best Practices

emilyrose
Database Backup and Recovery Models Explained

Database Backup and Recovery Models Explained

amna
Practical Lecture #1: Backup & Recover User Data

Practical Lecture #1: Backup & Recover User Data

teandre_r
Homomorphic Encryption Overview

Homomorphic Encryption Overview

kol_ba
Comprehensive Guide to Archives and Backups

Comprehensive Guide to Archives and Backups

tapp_yce
How to Install WhatsApp on Windows Laptop: Step-by-Step Guide

How to Install WhatsApp on Windows Laptop: Step-by-Step Guide

moll_661
Securing Protocols with Fully Encrypted Protocols (FEPs)

Securing Protocols with Fully Encrypted Protocols (FEPs)

perreira_n
Understanding OSI Model and TCP/IP Protocol Suite in Computer Networking

Understanding OSI Model and TCP/IP Protocol Suite in Computer Networking

gwendolyn
Homomorphic Encryption and RLWE Schemes Overview

Homomorphic Encryption and RLWE Schemes Overview

galletta_n
Empowering SMBs in India Through Click-to-WhatsApp Campaign

Empowering SMBs in India Through Click-to-WhatsApp Campaign

kalel
Introduction to Backup and Recovery Procedures in Databases

Introduction to Backup and Recovery Procedures in Databases

posy_375
Accelerator for VMware Backup Solutions

Accelerator for VMware Backup Solutions

avneeshd
VMware Backup Best Practices with NetBackup Accelerator

VMware Backup Best Practices with NetBackup Accelerator

pbla
Exciting Features in Vembu BDR Suite v3.5 - Latest Updates Revealed!

Exciting Features in Vembu BDR Suite v3.5 - Latest Updates Revealed!

deon436
Backup Link Establishment for Low Latency Communication

Backup Link Establishment for Low Latency Communication

juanmig
Health IT Systems Maintenance: Fault-Tolerant Strategies and Backup Best Practices

Health IT Systems Maintenance: Fault-Tolerant Strategies and Backup Best Practices

cgadd
Modernizing Backup and Archival for the Multi-Cloud World by FalconStor

Modernizing Backup and Archival for the Multi-Cloud World by FalconStor

kimbel_c
IT Solutions for Small to Medium Businesses

IT Solutions for Small to Medium Businesses

mathurin_z
Overview of Rule 21 Non-Exporting and Backup Options

Overview of Rule 21 Non-Exporting and Backup Options

avy_hei
Understanding Mobile Computing and TCP/IP Protocol Suite

Understanding Mobile Computing and TCP/IP Protocol Suite

ambrosia
Understanding EIGRP: A Comprehensive Overview

Understanding EIGRP: A Comprehensive Overview

rebeca
Understanding Protocol Deviations in Clinical Trials

Understanding Protocol Deviations in Clinical Trials

lakh_6
Seeking a General-Purpose CCSDS Link Layer Protocol: Next-Generation Data Link Protocol (NGDLP)

Seeking a General-Purpose CCSDS Link Layer Protocol: Next-Generation Data Link Protocol (NGDLP)

constante_m

More Related Content